HashiCorp Cloud Platform
Set up alert integration for HCP Vault Radar
In this tutorial, you will follow the HashiCups operations and SRE teams as they set up an integration with one of their alerting tools for the proof-of-concept (POC) implementation of HCP Vault Radar.
Scenario introduction
HashiCups successfully scanned and identified secrets in one of their GitHub repositories using HCP Vault Radar. Danielle and the development team then enabled the GitHub pull request check to ensure secrets can not be committed to the repository.
Oliver (operations) and Steve (SRE) were able to view alerts using the HCP Portal. However, one of the requirements is to receive real time alerts. Oliver and Steve will now set up an alert integration for HCP Vault Radar so their teams can be notified when an incident occurs.
Prerequisites
- Completed the Scan a repository for secrets with HCP Vault Radar tutorial.
- Access to the HCP Portal with a user assigned the admin role.
- Access to a PagerDuty account (free tier will support this tutorial).
- You do not need to be familiar with the Go programming language to follow this tutorial.
Configure PagerDuty settings
(Persona: operations)
HashiCups will make use of PagerDuty during the POC. HCP Vault Radar also supports integrations with Slack, and Splunk.
Log in to your PagerDuty account.
Click Services in the top navigation menu and click + New Service.
Enter
hashicups-radar-poc-integration
in the Name text box and click Next.Select Generate a new Escalation Policy and click next.
Leave all defaults and click Next.
Search for, and select the Events API v1 service.
Click Create Service.
Copy and save the Integration Key. The integration key is required by the HCP Vault Radar subscription.
Click Integrations in the top navigation menu and select API Access Keys.
Click + Create New API Key.
Enter
hcp-vault-radar-integration
in the Description text box.Click Create Key. A new API key is displayed.
Copy and save the API access key. The API access key is required by the HCP Vault Radar connection.
Set up PagerDuty alert integration
(Persona: operations)
Open a new tab, log in to your HCP organization and select the project HCP Vault Radar is enabled for.
Click Get started with Vault Radar.
Click on Settings and then click Filters.
Click the copy icon in the Actions column to copy the All events filter.
Enter
critical-only
in the Filter Name text box.For production workloads, creating unique filters help to send only relevant findings to an integration. You may want to send only critical or high alerts to PagerDuty while sending all severity levels to Slack.
Click PagerDuty under the Integrations navigation menu.
For each supported integration, you will configure a connection and a subscription.
Click + Connection.
Enter
hashicups-pagerduty-connection1
in the Connection Name field.Connection names must be unique across all HCP Vault Radar integrations. A good practice would be to add an identifiable suffix or prefix to identify the connection name.
Enter the PagerDuty API access key created in the Configure PagerDuty settings section in the API access key text box.
Click Test & save to complete the connection setup.
Click the Subscriptions tab.
Before notifications are sent to an integration, a subscription must be added. Subscriptions are based on filters, which you explored in the Scan a repository for secrets with HCP Vault Radar tutorial and created a custom filter earlier in this tutorial.
Click + Subscription.
Click PagerDuty in the Integrations navigation menu.
Enter
hashicups-pagerduty-subscription1
in the Subscription Name text box.Like connection names, subscription names must be unique across all integrations.
Click the Saved Filter pulldown menu and select critical-only.
Click the Connection pulldown menu and select hashicups-pagerduty-connection1.
Enter the integration key in the Integration Key text box.
Click Test & save.
The integration for PagerDuty is now set up. You added a connection to PagerDuty using the API key, and added a subscription based on the
critical-only
filter to send alerts based on the filter to PagerDuty.
Trigger an alert
(Persona: developer)
To simulate a real world scenario, Danielle will now attempt to create a pull request that includes sensitive data in the GitHub repository used for HashiCups' POC of HCP Vault Radar.
Open a new tab and access the
hcp-vault-radar-foundations
repository you added to your organization in the Scan a repository for secrets with HCP Vault Radar tutorial.Click the main.go file and then click the pencil icon to use the GitHub editor.
Change the
const password
value tob3stp@stw00rd3vA!!!
and click Commit changes....Click the Create a new branch radio button and click Propose changes.
Click Create pull request (if prompted, click Create pull request again).
HCP Vault Radar will start a pull request scan.
When the pull request scan completes, the HCP Vault Radar Secret Scan will change status to Failed.
Return to the PagerDuty browser tab and click Incidents.
An incident was triggered by the development team when they created a commit that contained a password.
Summary
In this tutorial you learned how to add an alert integration to HCP Vault Radar so engineering teams such as an operations, DevSecOps, or SRE teams can receive notifications through existing support tools. You created a connection to the integration (PagerDuty), created a custom filter, and added the filter to a subscription so only incidents matching the filter are sent to the integration.
Next steps
In the next tutorial, the operations team needs to set up an integration so tickets are automatically created when an incident occurs. This will help the team track incidents through to resolution which is useful when performing security audits.