Handling of sensitive data in CDP

CDP uses Vault to encrypt sensitive data (such as tokens, passwords, and encryption keys).

The CDP Private Cloud installer can install Vault, but typically this is a pre-existing customer-managed external Vault deployment.

  • For more information on how to install an external HashiCorp Vault, see Install Vault.

    Vault install notes:

    • Supported Vault version: 1.4.0
    • Secrets engine: kv-v2
    • Auth type: kubernetes
  • For more information on how to configure an external HashiCorp Vault for CDP Private Cloud, see External Vault Requirements.