Set up HashiCorp Vault Connectors

JFrog Platform Administration Documentation

Content Type
Administration / Platform

WebUI Changes implemented in Artifactory 7.38.x and above

Security is now called Authentication Providers. All the relevant text and images on this page have been updated to reflect this change.

HashiCorp Vault connectors enable you to use a centralized secret management tool for the keys used to sign packages.

  1. In the JFrog Platform, navigate to Administration | Authentication Providers | HashiCorp Vault.

    This opens the HashiCorp Vault Connectors window that displays the list of available connectors.

  2. Click +Add Connector.

    This opens the HashiCorp Vault window, where you will configure a connector to your enterprise HashiCorp Vault to be used as a centralized secret management tool.

  3. The connector to the vault requires the following information:

    • URL: The base URL of the vault server.

    • Authentication: The authentication method used. For more information, see Hashicorp Vault Docs.

    • AppRole: Using a role ID and a secret ID.

    • TLS Certificate: Using a certificate and a private key.

    • Agent Auto-Auth: Using the vault agent running as a daemon.


      The Agent Auto-Auth method is only supported on Self-Hosted environments.

    • Secret Engine (Mount): A mountable engine that stores or generates secrets in vault. Provide the following details:

      • Path: Secret engines are enabled at a "path" in vault.

      • Type: Vault supports several secret engines, each one has different capabilities. The supported secret engine types are KV-v1 and KV-v2.

  4. Before saving the connector, click Test Configuration to test and verify the configuration.

  5. If the test is successful, click Save. The new connector will be displayed in the list of configured connectors together with its URL.