Integrating Invicti Enterprise with HashiCorp Vault

This document is for:
Invicti Enterprise On-Demand, Invicti Enterprise On-Premises

HashiCorp Vault is a secret management system that provides access to (secret key values), such as password and API keys, in a secure way. Due to its centralized system, HashiCorp Vault also records an audit log to check who accessed different features, such as a database. In addition to these benefits, it also encrypts secrets at rest and in transit, and provides applications with access to these secrets for a limited time.

Invicti Enterprise provides integration with HashiCorp Vault Key-Value (KV) to provide the following benefits:

  • To eliminate the need to share sensitive credentials for vulnerability scanning on password-protected web pages.
  • To automate credential retrieval to carry out vulnerability assessment on the target website.
  • To manage credentials easily while also ensuring that vulnerability scanning is carried out.

For further information, see What Systems Does Invicti Integrate With?

HashiCorp Vault Fields

This table lists and explains the fields in the New Vault Integration page.

Field Description
Name This is the name of the configuration that will be shown elsewhere.
Mandatory This section contains fields that must be completed.
URL This is the base URL.
Token This is the API token for the user to authenticate.
Agent Mode This is the agent mode that you can select.

There are two options:

  • Cloud: Invicti verifies the connection with a cloud agent available on the Invicti Enterprise’s environment.
  • Internal: Invicti verifies the connection with an authentication verifier agent installed on your environment. For further information, see Configuring internal agents for secrets management services.
Verify and Save This verifies certification and the connection with the service.
How to Integrate Invicti Enterprise with HashiCorp Vault
  1. Log in to Invicti Enterprise.
  2. From the main menu, click Integrations then New Integration.
  3. From the Privileged Access Management section, click Vault. The New Vault Integration window is displayed.

  1. In the Name field, enter a name for the integration.
  2. In the Mandatory section, complete the connection details:
    • URL
    • Token
  1. In Agent Mode, select an option.
  2. Click on Test Credentials to make sure that all information is entered correctly.
  3. Click Save.

Verifying form authentication with HashiCorp Vault

When you successfully integrate HashiCorp Vault, you can use this integration to launch a new scan. This table lists and explains the fields in the HashiCorp Vault Settings dialog.

Field Description
Integrations This is the name of the integration that you entered in the New Vault Integration window.
KV Version This section contains the Key-Value Version. There are two options: V1 and V2. Please select the relevant one.
Secret Engine This is the name you entered in Vault for your engine.
Secret This is the name you entered in Vault for the target website.
Username Key This holds the username value.

Enable the Use static username checkbox only if you plan not to change a username routinely.

Password Key This holds the password value.
How to use the Vault integration to verify form authentication
  1. Log in to Invicti Enterprise.
  2. From the main menu, click Scans, then New Scan. The New Scan window is displayed.
  3. In the Target URL field, enter the URL.
  4. Complete the remainder of the fields, as described in Invicti Enterprise New Scan Fields and Invicti Enterprise Scan Options Fields.
  5. Then from the Authentication settings, click the Form tab.

  1. Enable the Form Authentication checkbox.
  2. Click the New Persona dropdown, and select Hashicorp Vault. The Hashicorp Vault Settings dialog is displayed.

  1. Complete the fields in the dialog box.
  2. Click Save.
  3. Click Verify Login & Logout to test the new Persona.

Select Test Value Settings to verify the username and password.

Invicti Help Center

Our Support team is ready to provide you with technical help.

Go to Help Center This will redirect you to the ticketing system.