HashiCorp Cloud Platform
Set up ticket integration for HCP Vault Radar
In this tutorial, you will follow the HashiCups operations and SRE teams as they set up an integration with their ticketing system for the proof-of-concept (POC) implementation of HCP Vault Radar.
Scenario introduction
HashiCups successfully set up their monitoring tools to send alerts if secrets are discovered in one of their GitHub repositories or when a new pull request is created.
Oliver (operations) and Steve (SRE) now need the ability to automatically generate tickets to trigger an incident for leaked secrets.
Prerequisites
- Completed the Scan a repository for secrets with HCP Vault Radar and Set up alert integration tutorials.
- Access to the HCP Portal with a user assigned the admin role.
- Access to a Jira project (free tier will support this tutorial).
- You do not need to be familiar with the Go programming language to follow this tutorial.
Configure Jira settings
(Persona: operations)
HashiCups will make use of Jira during the POC. HCP Vault Radar also supports integrating with ServiceNow.
Log in to your Jira account.
The Jira integration requires an API key, which is tied to the authenticated user account. Consider creating a user dedicated for HCP Vault Radar instead of a persons individual account.
Click on the user menu and select Manage account.
Click the Security tab and then click Create and manage API tokens.
Click Create API token, enter
hcp-vault-radar-integration
in the label field and click Create.Because the API key is tied to the user's account, if the account is disabled or deleted the API key will no longer be available and the integration will stop working.
Set up Jira ticketing integration
(Persona: operations)
Open a new tab, log in to your HCP organization and select the project HCP Vault Radar is enabled for.
Click Get started with Vault Radar.
Click on Settings and then click Jira under the Integrations navigation menu.
For each supported integration, you will configure a connection and a subscription.
Click + Connection.
Enter
hashicups-jira-connection1
in the Connection Name field.Connection names must be unique across all HCP Vault Radar integrations. A good practice would be to add an identifiable suffix or prefix to identify the connection name.
Enter the email address of the Jira user that created the API token in the Configure Jira settings section in the Email text box.
Enter the API token created in the Configure Jira settings section in the Token text box.
Enter the URL for Jira in the Base URL text box. For example the URL for HashiCups might be
https://hashicups.atlassian.net
.Click Test & save.
Click the Subscriptions tab.
Click + Subscription.
Enter
hashicups-jira-subscription1
in the Subscription Name text box.Like connection names, subscription names must be unique across all integrations.
Click the Saved Filter pulldown menu and select All events.
In the Set up alert integration tutorial you used the
critical-only
filter. You can use different filters for different use cases.HashiCups only wants to notify the team(s) on call when there is a critical event, however they want to create a new ticket for all events.
Click the Connection pulldown menu and select hashicups-jira-connection1.
Enter the Project Key for the Jira project you wish to create tickets for in the Project Key text box.
Enter
task
in the Issue type text box.You can enter any supported Jira issue type in the text box as long has it has been enabled in your Jira project.
(Optional) You may also enter the identifier of a Jira user who would be assigned any newly created ticket as well as an instruction message.
For the purposes of this tutorial, leave the Assignee and Instructions message fields empty.
Click Test & save.
The integration for Jira is now set up. You added a connection to Jira using the API key, and added a subscription based on the
All events
filter and set the issue type toTask
.
Trigger an alert
(Persona: developer)
To simulate a real world scenario, Danielle will now attempt to create a pull request that includes sensitive data in the GitHub repository used for HashiCups' POC of HCP Vault Radar.
Open a new tab and access the
hcp-vault-radar-foundations
repository you added to your organization in the Scan a repository for secrets with HCP Vault Radar tutorial.Click the main.go file and then click the pencil icon to use the GitHub editor.
Change the
const password
value tob3stp@stw00rd3vA!!!
and click Commit changes....Click the Create a new branch radio button and click Propose changes.
Click Create pull request (if prompted, click Create pull request again).
HCP Vault Radar will start a pull request scan.
When the pull request scan completes, the HCP Vault Radar Secret Scan will change status to Failed.
Return to the Jira browser tab and refresh the page.
A new task was created in Jira by HCP Vault Radar from the development team attempting to create a pull request that contained a password.
Summary
In this tutorial you learned how to add a ticketing integration to HCP Vault Radar so engineering teams such as an operations, DevSecOps, or SRE teams can track incidents with automated ticket creation. You created a connection to the integration (Jira), added a subscription so only incidents matching the filter create a ticket in the supported ticketing system.