HashiConf 2025 Don't miss the live stream of HashiConf Day 2 happening now View live stream
HashiCorp Cloud Platform
HashiCorp Cloud Platform Home

HCP Vault Dedicated inventory reporting

Beta feature

This feature is currently available as a beta release. Beta functionality is stable but possibly incomplete and subject to change. We strongly discourage using beta features in production.

Integrating Vault as your secrets management can increase security, and reduce operational overhead to protect sensitive data. However, it is critical to set the right permissions to control access to those data.

Vault inventory reporting increases visibility into the secrets Vault manages through the UI and API. The reporting services collect telemetry and surface data that shows when users access, modify, or destroy secrets and certificates.

Create a cluster with inventory reporting

  1. Log into the HCP Portal.

  2. Navigate to the HCP project you want to create an HCP Vault Dedicated cluster in.

  3. Select Vault Dedicated, and click Create cluster and make your cluster selections.

    Create a new HCP Vault Dedicated cluster

    Tip

    Refer to the create a new HCP Vault Dedicated cluster page for more details.

  4. Select the Enable reporting toggle button. Enable the inventory reporting when you create a cluster

  5. Click Create cluster.

Once the cluster is up and running, the secrets inventory reporting and certificates inventory reporting become available as you add secrets.

Enable reporting on existing clusters

To enable reporting on existing clusters, select the Enable reporting option when editing the configuration of an existing cluster. This will scan the Vault cluster and collect telemetry about current state of Vault to populate the inventory report.

Warning

Note that scanning an existing cluster will not work for certificate reporting. Once reporting has been enabled, certificates generated or revoked after enablement will show in certificate inventory reporting.

  1. Log into the HCP Portal.

  2. Navigate to the HCP project you created an HCP Vault Dedicated cluster in.

  3. Select Vault Dedicated, and click on the cluster you want to enable reporting for.

  4. Click on Manage and select the Edit configuration option from the drop-down menu. Manage an existing HCP Vault Dedicated cluster

  5. On the cluster edit configuration screen, select the Enable reporting toggle button. Edit cluster configuration page with Enable Reporting option at the bottom

The secrets inventory reporting and certificates inventory reporting become available on your cluster.

Disable reporting on a cluster

You can disable reporting on a cluster by following the steps below. However, HashiCorp does not recommend disabling reporting because doing so will delete the data from the HCP. If you scan an existing cluster multiple times, you will lose any data that dates back to when you first disabled reporting on that cluster. Re‑enrolling the same cluster will also cause data loss.

For security purposes, HashiCorp does not retain deleted data and cannot provide a backup of reporting data after you disable reporting.

  1. Log into the HCP Portal.

  2. Navigate to the HCP project you want to create an HCP Vault Dedicated cluster in.

  3. Select Vault Dedicated, and click on the cluster you want to disable reporting for.

  4. Click on Manage and select the Edit configuration option from the drop-down menu.

  5. On the cluster edit configuration screen, select the Disable reporting toggle button.

Edit this page on GitHub