Configure Tenable.sc for HashiCorp Vault (SSH)
Required User Role: Any
In Tenable.sc, you can integrate with HashiCorp Vault using SSH credentials.
Before you begin:
- Ensure you have both a Tenable.sc and HashiCorp Vaultaccount.
Note: (Undefined variable: Integrations.HashiCorp Vault) provides options for both KV v1 and v2. However, Tenable.sc only supports integration with KV v1.
To integrate Tenable.sc with HashiCorp Vault using SSH credentials:
Log in to Tenable.sc.
Click Scanning > Credentials (administrator users) or Scans > Credentials (organizational users).
The Credentials page appears.
At the top of the page, click +Add.
The Add Credential page appears.
- Scroll to the SSH section.
In the Windows section, click HashiCorp Vault.
The HashiCorp Vault Add Credential page appears.
In the Name box, type a name for the credential.
(Optional) Add a Description.
(Optional) Add a Tag to the credential. For additional information about tags, see the Tags section in the Tenable.sc documentation.
In the SSH Hashicorp Vault Credential section, configure the SSH credentials.
Option Default Value Required
The Hashicorp Vault IP address or DNS address.
Note: If your Hashicorp Vault installation is in a subdirectory, you must include the subdirectory path. For example, type IP address or hostname/subdirectory path.
The port on which Hashicorp Vault listens.
Specifies the authentication type for connecting to the instance: App Role or Certificates.
If you select Certificates, additional options for Hashicorp Client Certificate (Required) and Hashicorp Client Certificate Private Key (Required) appear. Select the appropriate files for the client certificate and private key.
The GUID provided by Hashicorp Vault when you configured your App Role.
yes Role Secret ID
The GUID generated by Hashicorp Vault when you configured your App Role.
yes Authentication URL
The URL used to access Hashicorp Vault.
yes Namespace The name of a specified team in a multi-team environment. no KV Engine URL The URL Tenable.sc uses to access the Hashicorp Vault secrets engine. yes
A drop-down box to specify if the username is input manually or pulled from Hashicorp Vault.
The name in Hashicorp Vault that usernames are stored under.
yes Password Key The key in Hashicorp Vault that passwords are stored under. yes Secret Name The key secret you want to retrieve values for. yes Use SSL If enabled, Tenable.sc uses SSL through IIS for secure communications. You must configure SSL through IIS in Hashicorp Vault before enabling this option. no Verify SSL If enabled, Tenable.sc validates the SSL certificate. You must configure SSL through IIS in Hashicorp Vault before enabling this option. no
Tenable.sc saves the credential.