This project implement a custom ServiceNow Credential Resolver able to resolve credential identifiers sent from the MID Server into actual credentials from the Hashicorp Vault Credential repository.
These instructions will get you a copy of the project up and running on your local machine for development and testing purposes. See deployment for notes on how to deploy the project on a live system.
This project use a community developed Java client for the Vault secrets management solution from HashiCorp.
You can download the binaries directly from the releases section.
- HashiCorpVaultCredentialResolver requires JDK 1.8 or newer and Custom Vault Java Driver (attached to the release tag).
- Import the project in Eclipse
- Add Mid.jar to Java Build Path
- As well as vault-java-driver.jar
- Export to JAR File
- Use a ServiceNow Instance with “External Credential Storage” plugin (com.snc.discovery.external_credentials)
- Import above exported JAR file and vault-java-driver-5.3.0.jar to your ServiceNow instance. (MID Server - JAR Files)
- Create Credential in your instance with "External credential store" flag activated.
- Ensure that the "Credential ID" match a secret path in your Hashicorp credential store (ex: secret/mysecret)
- Ensure that the secret in the Vault do contain key/pair matching the ServiceNow Credential record fields (ex: user_name, password)
- Vault Java Driver - A zero-dependency Java client for the Hashicorp Vault (Beware Custom version)
- Jean-François (Jef) Muller - Initial work - JefMuller