Saviynt Forums

rushikeshvartak · ‎12/12/2023

we are trying to implement saviynt CPAM,

we have created Hashircorp connection which is successful

we are trying to attach hashicorp to DB /REST connector using save to vault then its giving below error

2023-12-06T14:32:53-05:00-ecm-{"log":"2023-12-06 19:32:52,115 [http-nio-8080-exec-49] DEBUG vaults.VaultsSystemService - Response Status Code :::: 403\n","stream":"stdout","time":"2023-12-06T19:32:52.116117282Z"}

2023-12-06T14:32:53-05:00-ecm-{"log":"2023-12-06 19:32:52,116 [http-nio-8080-exec-49] DEBUG vaults.VaultsSystemService - Exception in processAPIVault : java.lang.Exception: 403\n","stream":"stdout","time":"2023-12-06T19:32:52.116121286Z"}

2023-12-06T14:32:53-05:00-ecm-{"log":"2023-12-06 19:32:52,116 [http-nio-8080-exec-49] DEBUG vaults.VaultsSystemService - Inside token Expiry Exception block. memento.refreshTryCount : 1\n","stream":"stdout","time":"2023-12-06T19:32:52.116124927Z"}

2023-12-06T14:32:53-05:00-ecm-{"log":"2023-12-06 19:32:52,116 [http-nio-8080-exec-49] DEBUG vaults.VaultsSystemService - Incrementing memento.refreshTryCount : 2\n","stream":"stdout","time":"2023-12-06T19:32:52.116136528Z"}

2023-12-06T14:32:53-05:00-ecm-{"log":"2023-12-06 19:32:52,116 [http-nio-8080-exec-49] DEBUG vaults.VaultsSystemService - maxRefreshTryCount : 5\n","stream":"stdout","time":"2023-12-06T19:32:52.116142849Z"}

2023-12-06T14:32:53-05:00-ecm-{"log":"2023-12-06 19:32:52,116 [http-nio-8080-exec-49] DEBUG vaults.VaultAuthenticationService - Exception in populateAccessToken :: \n","stream":"stdout","time":"2023-12-06T19:32:52.11652853Z"}

2023-12-06T14:32:53-05:00-ecm-{"log":"java.lang.NullPointerException: Cannot get property 'authType' on null object\n","stream":"stdout","time":"2023-12-06T19:32:52.116540035Z"}

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

NageshK · ‎12/18/2023

@rushikeshvartak Thanks for posting your issue. Based on the logs, it appears that the vault token is expired. Do you have the token rotation job setup and scheduled in this environment? Is this a Production Environment?

Thanks

Nagesh K

rushikeshvartak · ‎12/18/2023

No its lower environment we setup first time. And support team fixed the issue by adding below parameters and creating token rotation analytics

AUTH_URL
ROLE_NAME
ROLE_ID
SECRET_ID
SECRET_ID_GENERATION_DAYS
SECRET_ID_DATE

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

AB1234 · ‎01/08/2024

@rushikeshvartak Could you please share the analytics here ? we are facing the same issue every 3 months

rushikeshvartak · ‎01/08/2024

select exc.externalconnectionkey as externalConnectionKey, exc.CONNECTIONNAME as CONNECTIONNAME, exc.status as connStatus, exc.statusForEnableDisable, sysdate() as sysdate, case when exc.statusForEnableDisable = '1' then 'Generate Token' end as Default_Action_For_Analytics from externalconnection exc, externalconnectiontype exct WHERE exc.externalconnectionType = exct.externalconnectiontypekey AND exct.connectiontype = 'Hashicorp';

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

NageshK · ‎01/09/2024

@AB1234 please note that creating actionable analytics alone is not sufficient. You will have to schedule a job to run this analytics on daily basis. And make sure to select "execute default action for analytics". Please see the section "Rotating Secret ID Using Analytics Control" of this article for more details:

https://docs.saviyntcloud.com/bundle/HashiCorp-v23x/page/Content/Understanding-the-Integration-betwe...

Thanks

Nagesh K

Saviynt Forums

Hashicorp -Save to vault issue