HashiCorp Cloud Platform
Integrate with GCP Secret Manager
HCP Vault Secrets allows users to automatically synchronize application secrets to GCP Secret Manager. This guide walks you through the configuration process.
Prerequisites:
- Existing GCP project and billing account
- Secrets Manager API enabled in the target GCP project
- Cloud Resource Manager API enabled in the target GCP project
- Ability to create service accounts and keys
- An HCP Vault Secrets application and secret(s)
Generating Service Account Key
The HCP Vault Secrets integration with GCP requires a service account and key in the target GCP project.
Refer to the Google Cloud IAM documentation for more information.
Navigate to the Service Accounts page in the Google Cloud Console.
Create a new service account.
Provide Service account name and desired service account ID.
Click Create and Continue.
Grant the service account the Secret Manager Admin role.
Click Continue and click Done at the bottom of the form.
Click the service account you created.
Click Keys and then click Add Key.
Under key type select JSON. This will automatically download your
credentials.json
file.
Configure GCP Secret Manager integration
Navigate to the HCP Vault Secrets app you would like to integrate with your GCP project. Select Integrations from the sidebar then click on the GCP Secret Manager card to initiate the setup.
If this is your first time configuring a GCP integration, you will be presented with two simple fields:
- Name is the unique identifier and display name for this integration. It cannot be changed.
- Service account credentials is a unique credential file value used in your GCP account to securely delegate access to HCP Vault Secrets. You can either upload a credentials.json file or use the code block to paste it in. Instructions to provision this role can be found below.
Once all fields are populated, click Save and sync secrets to complete the configuration process. It will immediately sync all your existing app secrets into GCP Secret Manager.
The synchronization of existing app secrets to GCP Secret Manager will begin. All future modifications to the app's secrets such as adding, updating, or deleting a secret are automatically replicated to GCP Secret Manager.