FAQs
Check the integration debugging log for the specific error. Common causes are:
-
The HashiCorp Vault authentication type does not have an Access Role that grants read access to the specified secret.
-
An invalid JSON parameters file is provided for the SSH Signed Certificates vault type.
-
For rotated secrets, the Secret Type is set to static (or vice versa), causing the wrong API endpoint to be called.
-
The HashiCorp Vault host is unreachable from the scanner (firewall, incorrect hostname, or port).
-
If using a passphrase-protected key, confirm the passphrase is entered correctly in the Passphrase For Private Key field.
-
If using a self-hosted gateway, verify the SSL certificate of the gateway is trusted by the scanner, or consider testing with Verify SSL disabled.
-
Check the expiration of the AppRole client and secret values, or the client certificates.
-
Check the expiration of the AppRole client and secret values, or the client certificates.
-
Ensure the Databases plugin family is enabled; this action facilitates the inclusion of all constituent plugins required for comprehensive vulnerability assessment.
-
If using a rotated secret, confirm that Secret Type is set to rotated in the scan credential. Using the static endpoint against a rotated secret does not return the current rotation values.
-
Credential values are cached for the duration of a single scan run. If credentials were rotated mid-scan, restart the scan to pick up the new values.