Securing Credentials¶
By default you configure credentials for access to external systems in the yaml file in plain-text. That may be okay in some scenarios, but ideally credentials should be stored in a credential manager.
The LogSentinel Collector has built-in support for HashiCorp Vault.
For each collector configuration that requires credentials, instead of the username/password
or key/secret` pairs, a property called
vaultTokencan be specified which points to the
username/passwordor
key/secret`` entry in HashiCorp Vault.
In order for that to work, connection to vault should be configured, as follows:
vaultToken: ... # token to access the HasiCorp Vault
vaultUri: https://localhost:8200 # URI to connect to Vault