From 95f66805eed26f339f8cd49249fcfb73ac162ffc Mon Sep 17 00:00:00 2001 From: Andy Manoske Date: Tue, 23 Oct 2018 13:45:53 -0700 Subject: [PATCH 1/8] Partnerships docs updates Updates to include partnerships within new site --- .../source/docs/plugin/partnerships.html.md | 137 ++++++++++++++++++ 1 file changed, 137 insertions(+) create mode 100644 website/source/docs/plugin/partnerships.html.md diff --git a/website/source/docs/plugin/partnerships.html.md b/website/source/docs/plugin/partnerships.html.md new file mode 100644 index 0000000000..4ba3ced525 --- /dev/null +++ b/website/source/docs/plugin/partnerships.html.md @@ -0,0 +1,137 @@ +--- +layout: "guides" +page_title: "Partnerships - Vault Integration Program" +sidebar_current: "guides-partnerships" +description: |- + Guide to partnership integrations and creating plugins for Vault. +--- + +# Vault Integration Program + +

+ The Vault Integration Program (VIP) enables vendors to build integrations with HashiCorp Vault that are officially tested and approved by HashiCorp. The program is intended to be largely self-service, with links to code samples, documentation and clearly defined integration steps. +

+ +## Types of Vault Integrations + +

+By leveraging Vault's plugin system, vendors are able to build extensible secrets, authentication, and audit plugins to extend Vault's functionality. These integrations can be done with the OSS (open-source) version of Vault. Hardware Security Module (HSM) integrations need to be tested against Vault Enterprise since the HSM functionality is only supported in the Vault Enterprise version. +

+ +

+Authentication Methods: Auth methods are the components in Vault that perform authentication and are responsible for assigning identity and a set of policies to a user. +

+ +

+Vault Secrets Engine: Secrets engines are components which store, generate, or encrypt data. Secrets engines are incredibly flexible, so it is easiest to think about them in terms of their function. Secrets engines are provided some set of data, they take some action on that data, and they return a result. +

+ +

+Audit Devices: Audit devices are the components in Vault that keep a detailed log of all requests and response to Vault. Because every operation with Vault is an API request/response, the audit log contains every authenticated interaction with Vault, including errors. +

+ +

+ +Hardware Security Module (HSM): HSM support is a feature of Vault Enterprise that takes advantage of HSMs to provide Master Key Wrapping, Automatic Unsealing and Seal Wrapping via the PKCS#11 protocol ver. 2.2+. +

+ +

+ +Cloud / Third Party Autounseal Integration: Non-PKCS#11 integrations with secure external data stores (e.g.: AWS KMS, Azure Key Vault) to provide Autounsealing and Seal-Wrapping. +

+ +

+ +Storage Backend: A storage backend is a durable storage location where Vault stores its information. +

+ +

Development Process

+ +

The Vault integration development process is described into the steps below. By following these steps, Vault integrations can be developed alongside HashiCorp to ensure new integrations are reviewed, certified and released as quickly as possible.

+ +
    +
  1. Engage: Initial contact between vendor and HashiCorp
    2. +
  2. Enable: Documentation, code samples and best practices for developing the integration
    3. +
  3. Develop and Test: Integration development and testing by vendor
    4. +
  4. Review/Certification: HashiCorp code review and certification of integration
    5. +
  5. Release: Vault integration released
    6. +
  6. Support: Ongoing maintenance and support of the integration by the vendor.
    7. +
+ +### 1. Engage +

+Please begin by completing Vault Integration Program webform to tell us about your company and the Vault integration you’re interested in. +

+ +### 2. Enable +

+Here are links to resources, documentation, examples and best practices to guide you through the Vault integration development and testing process: +

+ +

General Vault Plugin Development:

+ + +

Secrets Engines

+ + +

Authentication Methods

+ + +

Audit Devices

+

Audit devices documentation

+ +

HSM Integration

+ + +

Storage Backends

+

Storage configuration documentation

+ +

Community Forum

+

Vault developer community forum

+ +### 3. Develop and Test +

+The only knowledge necessary to write a plugin is basic command-line skills and knowledge of the Go programming language. Use the plugin interface to develop your integration. All integrations should contain unit and acceptance testing. +

+ +### 4. Review +

+HashiCorp will review and certify your Vault integration. Please send the Vault logs and other relevant logs for verification at: vault-integration-dev@hashicorp.com. For Auth, Secret and Storage plugins, submit a GitHub pull request (PR) against the Vault project (https://github.com/hashicorp/vault). Where applicable, the vendor will need to provide HashiCorp with a test account. +

+ +### 5. Release +

+At this stage, the Vault integration is fully developed, documented, tested and certified. Once released, HashiCorp will officially list the Vault integration. +

+ +### 6. Support +

+Many vendors view the release step to be the end of the journey, while at HashiCorp we view it to be the start. Getting the Vault integration built is just the first step in enabling users. Once this is done, on-going effort is required to maintain the integration and address any issues in a timely manner. +The expectation for vendors is to respond to all critical issues within 48 hours and all other issues within 5 business days. HashiCorp Vault has an extremely wide community of users and we encourage everyone to report issues however small, as well as help resolve them when possible. +

+ +## Checklist +

Below is a checklist of steps that should be followed during the Vault integration development process. This reiterates the steps described above.

+ + +## Contact Us +

For any questions or feedback, please contact us at: vault-integration-dev@hashicorp.com

From 9ed2813c0e4414e10f26320787e5ddda30ded1ef Mon Sep 17 00:00:00 2001 From: Andy Manoske Date: Tue, 23 Oct 2018 13:48:16 -0700 Subject: [PATCH 2/8] Update partnerships.html.md --- website/source/docs/plugin/partnerships.html.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/website/source/docs/plugin/partnerships.html.md b/website/source/docs/plugin/partnerships.html.md index 4ba3ced525..4d12cb518f 100644 --- a/website/source/docs/plugin/partnerships.html.md +++ b/website/source/docs/plugin/partnerships.html.md @@ -1,9 +1,10 @@ --- -layout: "guides" -page_title: "Partnerships - Vault Integration Program" -sidebar_current: "guides-partnerships" +layout: "docs" +page_title: "Custom Plugin Backends" +sidebar_title: "Vault Integration Program" +sidebar_current: "docs-plugin" description: |- - Guide to partnership integrations and creating plugins for Vault. + How to partner with HashiCorp for creating integrations with Vault. --- # Vault Integration Program From 73778ca097b78490e0eb1c854f9ca70810642e51 Mon Sep 17 00:00:00 2001 From: Andy Manoske Date: Tue, 23 Oct 2018 13:58:33 -0700 Subject: [PATCH 3/8] Update partnerships.html.md --- website/source/docs/plugin/partnerships.html.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/source/docs/plugin/partnerships.html.md b/website/source/docs/plugin/partnerships.html.md index 4d12cb518f..512a9763c1 100644 --- a/website/source/docs/plugin/partnerships.html.md +++ b/website/source/docs/plugin/partnerships.html.md @@ -1,6 +1,6 @@ --- layout: "docs" -page_title: "Custom Plugin Backends" +page_title: "Vault Integration Program" sidebar_title: "Vault Integration Program" sidebar_current: "docs-plugin" description: |- From 937f203e51a202e521a27d42b772b4613a646ca2 Mon Sep 17 00:00:00 2001 From: Andy Manoske Date: Tue, 23 Oct 2018 14:01:48 -0700 Subject: [PATCH 4/8] Update docs_detailed_categories.yml --- website/data/docs_detailed_categories.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/website/data/docs_detailed_categories.yml b/website/data/docs_detailed_categories.yml index 8b4d279e0b..5c82b643e4 100644 --- a/website/data/docs_detailed_categories.yml +++ b/website/data/docs_detailed_categories.yml @@ -122,6 +122,7 @@ title: "Plugin Backends" docs: - docs/plugin/index.html + - docs/plugin/partnerships.html - title: "Vault Enterprise" docs: From f22776a94b7943133716b9cf28ad0dcaf7b990c7 Mon Sep 17 00:00:00 2001 From: Andy Manoske Date: Tue, 23 Oct 2018 14:22:18 -0700 Subject: [PATCH 5/8] Fix broken links fix links to old guides infrastructure --- website/source/docs/plugin/partnerships.html.md | 1 - 1 file changed, 1 deletion(-) diff --git a/website/source/docs/plugin/partnerships.html.md b/website/source/docs/plugin/partnerships.html.md index 512a9763c1..6ab2b1d3a6 100644 --- a/website/source/docs/plugin/partnerships.html.md +++ b/website/source/docs/plugin/partnerships.html.md @@ -72,7 +72,6 @@ Here are links to resources, documentation, examples and best practices to guide

General Vault Plugin Development:

From ba4b6f4481242266e8f7314f6ead5178127f087b Mon Sep 17 00:00:00 2001 From: Andy Manoske Date: Tue, 23 Oct 2018 14:55:51 -0700 Subject: [PATCH 6/8] Update partnerships.html.md --- .../source/docs/plugin/partnerships.html.md | 137 +++++++----------- 1 file changed, 50 insertions(+), 87 deletions(-) diff --git a/website/source/docs/plugin/partnerships.html.md b/website/source/docs/plugin/partnerships.html.md index 6ab2b1d3a6..ceff5f733b 100644 --- a/website/source/docs/plugin/partnerships.html.md +++ b/website/source/docs/plugin/partnerships.html.md @@ -9,129 +9,92 @@ description: |- # Vault Integration Program -

The Vault Integration Program (VIP) enables vendors to build integrations with HashiCorp Vault that are officially tested and approved by HashiCorp. The program is intended to be largely self-service, with links to code samples, documentation and clearly defined integration steps. -

## Types of Vault Integrations -

By leveraging Vault's plugin system, vendors are able to build extensible secrets, authentication, and audit plugins to extend Vault's functionality. These integrations can be done with the OSS (open-source) version of Vault. Hardware Security Module (HSM) integrations need to be tested against Vault Enterprise since the HSM functionality is only supported in the Vault Enterprise version. -

-

-Authentication Methods: Auth methods are the components in Vault that perform authentication and are responsible for assigning identity and a set of policies to a user. -

+**Authentication Methods**: Auth methods are the components in Vault that perform authentication and are responsible for assigning identity and a set of policies to a user. -

-Vault Secrets Engine: Secrets engines are components which store, generate, or encrypt data. Secrets engines are incredibly flexible, so it is easiest to think about them in terms of their function. Secrets engines are provided some set of data, they take some action on that data, and they return a result. -

+**Vault Secrets Engine**: Secrets engines are components which store, generate, or encrypt data. Secrets engines are incredibly flexible, so it is easiest to think about them in terms of their function. Secrets engines are provided some set of data, they take some action on that data, and they return a result. -

-Audit Devices: Audit devices are the components in Vault that keep a detailed log of all requests and response to Vault. Because every operation with Vault is an API request/response, the audit log contains every authenticated interaction with Vault, including errors. -

+**Audit Devices**: Audit devices are the components in Vault that keep a detailed log of all requests and response to Vault. Because every operation with Vault is an API request/response, the audit log contains every authenticated interaction with Vault, including errors. -

- -Hardware Security Module (HSM): HSM support is a feature of Vault Enterprise that takes advantage of HSMs to provide Master Key Wrapping, Automatic Unsealing and Seal Wrapping via the PKCS#11 protocol ver. 2.2+. -

+**Hardware Security Module (HSM)**: HSM support is a feature of Vault Enterprise that takes advantage of HSMs to provide Master Key Wrapping, Automatic Unsealing and Seal Wrapping via the PKCS#11 protocol ver. 2.2+. -

- -Cloud / Third Party Autounseal Integration: Non-PKCS#11 integrations with secure external data stores (e.g.: AWS KMS, Azure Key Vault) to provide Autounsealing and Seal-Wrapping. -

+**Cloud / Third Party Autounseal Integration**: Non-PKCS#11 integrations with secure external data stores (e.g.: AWS KMS, Azure Key Vault) to provide Autounsealing and Seal-Wrapping. -

- -Storage Backend: A storage backend is a durable storage location where Vault stores its information. -

+**Storage Backend**: A storage backend is a durable storage location where Vault stores its information. -

Development Process

+## Development Process +The Vault integration development process is described into the steps below. By following these steps, Vault integrations can be developed alongside HashiCorp to ensure new integrations are reviewed, certified and released as quickly as possible.

-

The Vault integration development process is described into the steps below. By following these steps, Vault integrations can be developed alongside HashiCorp to ensure new integrations are reviewed, certified and released as quickly as possible.

-
    -
  1. Engage: Initial contact between vendor and HashiCorp
    2. -
  2. Enable: Documentation, code samples and best practices for developing the integration
    3. -
  3. Develop and Test: Integration development and testing by vendor
    4. -
  4. Review/Certification: HashiCorp code review and certification of integration
    5. -
  5. Release: Vault integration released
    6. -
  6. Support: Ongoing maintenance and support of the integration by the vendor.
    7. -
+* Engage: Initial contact between vendor and HashiCorp +* Enable: Documentation, code samples and best practices for developing the integration +* Develop and Test: Integration development and testing by vendor +* Review/Certification: HashiCorp code review and certification of integration +* Release: Vault integration released +* Support: Ongoing maintenance and support of the integration by the vendor. -### 1. Engage -

+### 1. Engage< Please begin by completing Vault Integration Program webform to tell us about your company and the Vault integration you’re interested in. -

-### 2. Enable -

+### 2. Enable Here are links to resources, documentation, examples and best practices to guide you through the Vault integration development and testing process: -

-

General Vault Plugin Development:

- -

Secrets Engines

- +**General Vault Plugin Development:** +* [Plugin documentation](https://www.vaultproject.io/docs/internals/plugins.html) +* [Vault's source code](https://github.com/hashicorp/vault) -

Authentication Methods

- +**Secrets Engines** +* [Secret engine documentation](https://www.vaultproject.io/docs/secrets/index.html) +* [Sample plugin code](https://github.com/hashicorp/vault-auth-plugin-example") -

Audit Devices

-

Audit devices documentation

+**Authentication Methods** +* [Auth method documentation](https://www.vaultproject.io/docs/auth/index.html) +* [Sample plugin code](https://github.com/hashicorp/vault-auth-plugin-example") +* [Example of how to build, install, and maintain auth method plugins plugin](https://www.hashicorp.com/blog/building-a-vault-secure-plugin) -

HSM Integration

- +**Audit Devices** +* [Audit device documentation](https://www.vaultproject.io/docs/audit/index.html) -

Storage Backends

-

Storage configuration documentation

+**HSM Integration** -

Community Forum

-

Vault developer community forum

+* [HSM documentation](https://www.vaultproject.io/docs/enterprise/hsm/index.html) +* [Configuration information](https://www.vaultproject.io/docs/configuration/seal/pkcs11.html) + + +**Storage Backends** +* [Storage configuration documentation](https://www.vaultproject.io/docs/configuration/storage/index.html) + +**Community Forum** +* [Vault developer community forum](https://groups.google.com/forum/#!forum/vault-tool) + +### 3. Develop and Test +The only knowledge necessary to write a plugin is basic command-line skills and knowledge of the [Go programming language] (http://www.golang.org). Use the plugin interface to develop your integration. All integrations should contain unit and acceptance testing. -### 3. Develop and Test -

-The only knowledge necessary to write a plugin is basic command-line skills and knowledge of the Go programming language. Use the plugin interface to develop your integration. All integrations should contain unit and acceptance testing. -

### 4. Review -

-HashiCorp will review and certify your Vault integration. Please send the Vault logs and other relevant logs for verification at: vault-integration-dev@hashicorp.com. For Auth, Secret and Storage plugins, submit a GitHub pull request (PR) against the Vault project (https://github.com/hashicorp/vault). Where applicable, the vendor will need to provide HashiCorp with a test account. -

+HashiCorp will review and certify your Vault integration. Please send the Vault logs and other relevant logs for verification at: [vault-integration-dev@hashicorp.com](mailto:vault-integration-dev@hashicorp.com). For Auth, Secret and Storage plugins, submit a GitHub pull request (PR) against the Vault project: (https://github.com/hashicorp/vault). Where applicable, the vendor will need to provide HashiCorp with a test account. ### 5. Release -

At this stage, the Vault integration is fully developed, documented, tested and certified. Once released, HashiCorp will officially list the Vault integration. -

### 6. Support -

Many vendors view the release step to be the end of the journey, while at HashiCorp we view it to be the start. Getting the Vault integration built is just the first step in enabling users. Once this is done, on-going effort is required to maintain the integration and address any issues in a timely manner. + The expectation for vendors is to respond to all critical issues within 48 hours and all other issues within 5 business days. HashiCorp Vault has an extremely wide community of users and we encourage everyone to report issues however small, as well as help resolve them when possible. -

## Checklist -

Below is a checklist of steps that should be followed during the Vault integration development process. This reiterates the steps described above.

-
    -

  • Complete the Vault Integration webform

    • -

  • Develop and test your Vault integration following examples, documentation and best practices

    • -

  • When the integration is completed and ready for HashiCorp review, send the Vault and other relevant logs to us for review and certification at: vault-integration-dev@hashicorp.com

    • -

  • Once released, plan to support the integration with additional functionality and responding to customer issues

    • -
+Below is a checklist of steps that should be followed during the Vault integration development process. This reiterates the steps described above. + +* [Complete the Vault Integration webform](https://docs.google.com/forms/d/e/1FAIpQLSfQL1uj-mL59bd2EyCPI31LT9uvVT-xKyoHAb5FKIwWwwJ1qQ/viewform) +* Develop and test your Vault integration following examples, documentation and best practices +* When the integration is completed and ready for HashiCorp review, send the Vault and other relevant logs to us for review and certification at: [vault-integration-dev@hashicorp.com](mailto:vault-integration-dev@hashicorp.com). +* Once released, plan to support the integration with additional functionality and responding to customer issues. ## Contact Us -

For any questions or feedback, please contact us at: vault-integration-dev@hashicorp.com

+For any questions or feedback, please contact us at: [vault-integration-dev@hashicorp.com](mailto:vault-integration-dev@hashicorp.com). From 22044c9b7a1f16b2053f9c5b270c366723c76884 Mon Sep 17 00:00:00 2001 From: Andy Manoske Date: Tue, 23 Oct 2018 14:56:17 -0700 Subject: [PATCH 7/8] Update partnerships.html.md --- website/source/docs/plugin/partnerships.html.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/website/source/docs/plugin/partnerships.html.md b/website/source/docs/plugin/partnerships.html.md index ceff5f733b..b24fb5a833 100644 --- a/website/source/docs/plugin/partnerships.html.md +++ b/website/source/docs/plugin/partnerships.html.md @@ -38,7 +38,7 @@ The Vault integration development process is described into the steps below. By * Release: Vault integration released * Support: Ongoing maintenance and support of the integration by the vendor. -### 1. Engage< +### 1. Engage Please begin by completing Vault Integration Program webform to tell us about your company and the Vault integration you’re interested in. ### 2. Enable @@ -62,7 +62,6 @@ Here are links to resources, documentation, examples and best practices to guide * [Audit device documentation](https://www.vaultproject.io/docs/audit/index.html) **HSM Integration** - * [HSM documentation](https://www.vaultproject.io/docs/enterprise/hsm/index.html) * [Configuration information](https://www.vaultproject.io/docs/configuration/seal/pkcs11.html) From d6ceb70fef59f7c5d10c3dc2da7647e1be12e6b0 Mon Sep 17 00:00:00 2001 From: Andy Manoske Date: Tue, 23 Oct 2018 14:56:55 -0700 Subject: [PATCH 8/8] Update partnerships.html.md --- website/source/docs/plugin/partnerships.html.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/website/source/docs/plugin/partnerships.html.md b/website/source/docs/plugin/partnerships.html.md index b24fb5a833..0aaaec0797 100644 --- a/website/source/docs/plugin/partnerships.html.md +++ b/website/source/docs/plugin/partnerships.html.md @@ -8,11 +8,9 @@ description: |- --- # Vault Integration Program - - The Vault Integration Program (VIP) enables vendors to build integrations with HashiCorp Vault that are officially tested and approved by HashiCorp. The program is intended to be largely self-service, with links to code samples, documentation and clearly defined integration steps. +The Vault Integration Program (VIP) enables vendors to build integrations with HashiCorp Vault that are officially tested and approved by HashiCorp. The program is intended to be largely self-service, with links to code samples, documentation and clearly defined integration steps. ## Types of Vault Integrations - By leveraging Vault's plugin system, vendors are able to build extensible secrets, authentication, and audit plugins to extend Vault's functionality. These integrations can be done with the OSS (open-source) version of Vault. Hardware Security Module (HSM) integrations need to be tested against Vault Enterprise since the HSM functionality is only supported in the Vault Enterprise version. **Authentication Methods**: Auth methods are the components in Vault that perform authentication and are responsible for assigning identity and a set of policies to a user.