Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.iru.com/llms.txt

Use this file to discover all available pages before exploring further.

About HashiCorp Vault

Iru reads secrets engine mounts, auth method configuration, named policies, audit devices, and related sys/ metadata using the Vault HTTP API. Each request sends your client token in X-Vault-Token. Iru collects configuration evidence - not secret plaintext values. Works with Vault OSS, Enterprise (namespaces may need extra setup), and HCP Vault.

How it works

X-Vault-Token: hvs.xxxxxxxx
Tokens come from any Vault auth method (Token, AppRole, LDAP, etc.). The wizard first stores vault_addr (for example https://vault.example.com:8200), then accepts the token.
DetailValue
CategorySecrets management
AuthenticationClient token (X-Vault-Token)
Official references: Auth concepts, HTTP API, Policies, AppRole.

Prerequisites

  • A Vault cluster reachable from Iru (network / firewall / PrivateLink as applicable).
  • Permission to create a policy and token (or AppRole) with read-only sys/ access as in the example below.

Example read-only policy (HCL)

Save as a .hcl file and apply with vault policy write iru-compliance your-file.hcl. 
path "sys/mounts" {
  capabilities = ["read", "list"]
}
path "sys/auth" {
  capabilities = ["read", "list"]
}
path "sys/policy" {
  capabilities = ["read", "list"]
}
path "sys/policies/acl/*" {
  capabilities = ["read", "list"]
}
path "sys/audit" {
  capabilities = ["read", "list"]
}
path "auth/token/lookup-self" {
  capabilities = ["read"]
}

Connect HashiCorp Vault to Iru

Apply the policy and issue a token

1

Write the policy file

Save the example policy from above as an .hcl file on a machine that can reach Vault (for example iru-compliance.hcl).
2

Apply the policy in Vault

Run vault policy write iru-compliance with your policy file path.
3

Create a renewable token

Create a renewable token bound to that policy (for example vault token create -policy=iru-compliance -ttl=720h -renewable=true. Copy the hvs. token value.
4

Prefer AppRole for production

For production, prefer AppRole or another automated flow instead of long-lived static tokens.

Complete the connector in Iru

1

Open Sources

In Iru Compliance, on the left navigation bar, expand Compliance and select Sources.
Left navigation: Compliance expanded, Sources selected
2

Turn on HashiCorp Vault

Find HashiCorp Vault (use Category or Search by name or description). On that card, turn on the toggle. A browser tab or window may open for the connector wizard.
3

Configure server variables

Enter vault_addr (for example https://vault.example.com:8200) and confirm server variables when prompted.
4

Paste the Vault token

Paste the token into the X-Vault-Token field when prompted.
5

Confirm the source is Active

Submit until the HashiCorp Vault card shows Active.

Troubleshooting

Check pop-up blocker settings for the Iru site and try again.
Refresh the wizard by toggling the source; re-enter vault_addr.
Attach iru-compliance policy to the token; check Enterprise namespaces.
Issue a new token and update Iru; enable renewal or use AppRole rotation.
Hostname, port (8200), TLS, and outbound routes from Iru.
Unseal Vault before testing.

Considerations

Vault Enterprise namespaces may require paths or…

Vault Enterprise namespaces may require paths or settings beyond this baseline - coordinate with your Vault admins.

See also