HashiCorp Vault

  • Published on Dec 10, 2025
  • 1 minute(s) read
Prev Next

HashiCorp Vault provides organizations with identity-based security to automatically authenticate and authorize access to secrets and other sensitive data. For detailed information refer to the HashiCorp Vault’s official documentation.  

Integration Method: Data collector

Tables: API Activity (6003)

This integration supports the following events.

Event

Description

Audit

This event records the details of every request received and response sent by the Vault API

This integration supports the following versions.

HashiCorp ault API version

v1.0

Prerequisites

  • The user should have access to the HashiCorp Vault portal with an account that has the Global Administrator privileges.

  • The user should have root access to the VM hosting the HashiCorp Vault application.

  • The user should have access to the DataBee console.

Configuration Overview

  1. Configure the HashiCorp Vault.

  2. Configure Data Collector on DataBee console.

  3. Add the HashiCorp Vault Feed integration the DataBee console.

Data Collector Configuration

To receive logs from HashiCorp Vault, a Data Collector must be installed and configured. The data collector will receive logs forwarded from HashiCorp Vault and send them back to DataBee. For more information, refer to the DataBee website.

HashiCorp Vault Configuration

  1. Login to the VM where the HashiCorp Vault instance is hosted

  2. Enter the following commands

    1. vault audit enable syslog tag="vault" log_level="info"

    2. vault audit list

    3. edit /etc/rsyslog.d/30-vault.conf

    Note:

    After running the “vault audit list” command you should be able to see Syslog enabled in the list as shown in the screenshot below.

  3. In the 30-vault.conf file, setup the following configuration, replace <public_ip> and <port> with your respective public ips and ports of syslog server. The syslog server is used to demultiplex logs for the data collector. Refer to this article for more details.
     

    For more information visit the official syslog documentation.

DataBee Configuration

  1. Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
     

  2. Search for the HashiCorp Vault and click on it as shown below.

  3. Click on the Data Collector option for the collection method.
     

  4. Click on the Syslog option for the polling mechanism.
     

  5. Enter feed contact information, select the collector which we’ve created previously and in the configuration page, confirm the following then click on the Submit button, and a new data source will be created.

    • Format: syslog-rfc5424

    • Mode: TCP

    • PORT: the listening TCP/UDP port used for receiving syslog data.
       

Troubleshooting Tips

  • Ensure that you’re accessing the VM with a root user.

  • Ensure that all the commands mentioned earlier are executed properly in the VM.

  • Ensure that Data collector and port are mentioned correctly in configuration page.