We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Hashicorp -Save to vault issue

rushikeshvartak
All-Star
All-Star
we are trying to implement saviynt CPAM,
 
we have created Hashircorp connection which is successful
 
we are trying to attach hashicorp to DB /REST connector using save to vault then its giving below error
 

2023-12-06T14:32:53-05:00-ecm-{"log":"2023-12-06 19:32:52,115 [http-nio-8080-exec-49] DEBUG vaults.VaultsSystemService - Response Status Code :::: 403\n","stream":"stdout","time":"2023-12-06T19:32:52.116117282Z"}

2023-12-06T14:32:53-05:00-ecm-{"log":"2023-12-06 19:32:52,116 [http-nio-8080-exec-49] DEBUG vaults.VaultsSystemService - Exception in processAPIVault : java.lang.Exception: 403\n","stream":"stdout","time":"2023-12-06T19:32:52.116121286Z"}

2023-12-06T14:32:53-05:00-ecm-{"log":"2023-12-06 19:32:52,116 [http-nio-8080-exec-49] DEBUG vaults.VaultsSystemService - Inside token Expiry Exception block. memento.refreshTryCount : 1\n","stream":"stdout","time":"2023-12-06T19:32:52.116124927Z"}

2023-12-06T14:32:53-05:00-ecm-{"log":"2023-12-06 19:32:52,116 [http-nio-8080-exec-49] DEBUG vaults.VaultsSystemService - Incrementing memento.refreshTryCount : 2\n","stream":"stdout","time":"2023-12-06T19:32:52.116136528Z"}

2023-12-06T14:32:53-05:00-ecm-{"log":"2023-12-06 19:32:52,116 [http-nio-8080-exec-49] DEBUG vaults.VaultsSystemService - maxRefreshTryCount : 5\n","stream":"stdout","time":"2023-12-06T19:32:52.116142849Z"}

2023-12-06T14:32:53-05:00-ecm-{"log":"2023-12-06 19:32:52,116 [http-nio-8080-exec-49] DEBUG vaults.VaultAuthenticationService - Exception in populateAccessToken :: \n","stream":"stdout","time":"2023-12-06T19:32:52.11652853Z"}

2023-12-06T14:32:53-05:00-ecm-{"log":"java.lang.NullPointerException: Cannot get property 'authType' on null object\n","stream":"stdout","time":"2023-12-06T19:32:52.116540035Z"}


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
5 REPLIES 5

NageshK
Saviynt Employee
Saviynt Employee

@rushikeshvartak Thanks for posting your issue. Based on the logs, it appears that the vault token is expired. Do you have the token rotation job setup and scheduled in this environment? Is this a Production Environment?

Thanks

Nagesh K

No its lower environment we setup first time. And support team fixed the issue by adding below parameters and creating token rotation analytics

AUTH_URL 
ROLE_NAME 
ROLE_ID 
SECRET_ID 
SECRET_ID_GENERATION_DAYS 
SECRET_ID_DATE

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

AB1234
New Contributor
New Contributor

@rushikeshvartak  Could you please share the analytics here ? we are facing the same issue every 3 months

select exc.externalconnectionkey as externalConnectionKey, exc.CONNECTIONNAME as CONNECTIONNAME, exc.status as connStatus, exc.statusForEnableDisable, sysdate() as sysdate, case when exc.statusForEnableDisable = '1' then 'Generate Token' end as Default_Action_For_Analytics from externalconnection exc, externalconnectiontype exct WHERE exc.externalconnectionType = exct.externalconnectiontypekey AND exct.connectiontype = 'Hashicorp';

rushikeshvartak_0-1704770178190.png

 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

NageshK
Saviynt Employee
Saviynt Employee

@AB1234 please note that creating actionable analytics alone is not sufficient. You will have to schedule a job to run this analytics on daily basis. And make sure to select "execute default action for analytics". Please see the section "Rotating Secret ID Using Analytics Control" of this article for more details: 

https://docs.saviyntcloud.com/bundle/HashiCorp-v23x/page/Content/Understanding-the-Integration-betwe...

Thanks

Nagesh K