Set up alert integration for HCP Vault Radar

In this tutorial, you will follow the HashiCups operations and SRE teams as they set up an integration with one of their alerting tools for the proof-of-concept (POC) implementation of HCP Vault Radar.

Scenario introduction

HashiCups scanned and identified secrets in one of their GitHub repositories using Vault Radar. Danielle and the development team then enabled the GitHub pull request check to ensure teams cannot commit secrets to the repository.

Oliver (operations) and Steve (SRE) were able to view alerts using the HCP Portal. However, one of the requirements is to receive real-time alerts. Oliver and Steve will now set up an alert integration for Vault Radar so their teams receive notifications when an incident occurs.

Prerequisites

• Completed the Scan a repository for secrets with HCP Vault Radar tutorial.
• Access to the HCP Portal with a user assigned the admin role.
• Access to a PagerDuty account (the free tier will support this tutorial).
• You do not need to be familiar with the Go programming language to follow this tutorial.

Configure PagerDuty settings

(Persona: operations)

HashiCups will make use of PagerDuty during the POC. Vault Radar also supports integrations with Slack, and Splunk.

1. Log in to your PagerDuty account.

2. Click Services in the top navigation menu and click + New Service.

3. Enter hashicups-radar-poc-integration in the Name text box and click Next.

4. Select Generate a new Escalation Policy and click next.

5. Leave all defaults and click Next.

6. Search for, and select the Events API v1 service.

7. Click Create Service.

8. Copy and save the Integration Key. The Vault Radar subscription uses the integration key.

9. Click Integrations in the top navigation menu and select API Access Keys.

10. Click + Create New API Key.

11. Enter hcp-vault-radar-integration in the Description text box.

12. Click Create Key.

13. Copy and save the API access key. The Vault Radar connection uses the API access key.

Set up PagerDuty alert integration

(Persona: operations)

1. Open a new tab, log in to your HCP organization and select the project Vault Radar is enabled for.

2. Click Get started with Vault Radar.

3. Click on Settings and then click Filters.

4. Click the copy icon in the Actions column to copy the All events filter.

5. Enter critical-only in the Filter Name text box.

   For production workloads, creating unique filters helps to send relevant findings to an integration. You may want to send only critical or high alerts to PagerDuty while sending all severity levels to Slack.

6. Click PagerDuty under the Integrations navigation menu.

   For each supported integration, you will configure a connection and a subscription.

7. Click + Connection.

8. Enter hashicups-pagerduty-connection1 in the Connection Name field.

   Connection names must be unique across all Vault Radar integrations. A good practice would be to add an identifiable suffix or prefix to identify the connection name.

9. Enter the PagerDuty API access key created in the Configure PagerDuty settings section in the API access key text box.

10. Click Test & save to complete the connection setup.

11. Click the Subscriptions tab.

    Before Vault Radar sends a notification to an integration, a subscription must be added. Subscriptions use filters, which you explored in the Scan a repository for secrets with HCP Vault Radar tutorial and created a custom filter earlier in this tutorial.

12. Click + Subscription.

13. Click PagerDuty in the Integrations navigation menu.

14. Enter hashicups-pagerduty-subscription1 in the Subscription Name text box.

    Like connection names, subscription names must be unique across all integrations.

15. Click the Saved Filter pull-down menu and select critical-only.

16. Click the Connection pull-down menu and select hashicups-pagerduty-connection1.

17. Enter the integration key in the Integration Key text box.

18. Click Test & save.

    The integration for PagerDuty is now set up. You added a connection to PagerDuty using the API key and added a subscription based on the critical-only filter to send alerts based on the filter to PagerDuty.

Trigger an alert

(Persona: developer)

To simulate a real-world scenario, Danielle will now create a pull request that includes sensitive data in the GitHub repository used for HashiCups' POC of Vault Radar.

1. Open a new tab and access the hcp-vault-radar-foundations repository you added to your organization in the Scan a repository for secrets with HCP Vault Radar tutorial.

2. Click the main.go file and then click the pencil icon to use the GitHub editor.

3. Change the const password value to b3stp@stw00rd3vA!!! and click Commit changes....

4. Click the Create a new branch radio button and click Propose changes.

5. Click Create pull request (if prompted, click Create pull request again).

   Vault Radar will start a pull request scan.

6. When the pull request scan completes, the Vault Radar Secret Scan will change status to Failed.

7. Return to the PagerDuty browser tab and click Incidents.

   The development team triggers an incident when their commit contains a password.

Summary

In this tutorial, you learned how to add an alert integration to HCP Vault Radar so engineering teams such as operations, or SRE teams receive notifications through existing support tools. You created a connection to the integration (PagerDuty), created a custom filter, and added the filter to a subscription so Vault Radar sends incidents matching the filter to the integration.

Next steps

In the next tutorial, the operations team needs to set up an integration so tickets are automatically created when an incident occurs. This will help the team track incidents through to resolution, which is useful when performing security audits.

Additional resources

• Set up alerts in PagerDuty
• Set up alerts in Slack
• Set up alerts in Splunk