Vault
Vault partner program
Official partner integrations provide a verified and seamless user experience for mutual customers. Partners with verified runtime integrations or proprietary plugins receive one or both of the following partner badges for use on the associated product documentation to provide visibility and differentiation to customers.
![]() Vault Enterprise Verified integrations must work with Vault Enterprise features such as namespaces, HSM support, or key management. | ![]() HCP Vault Verified integrations must work with HCP Vault Dedicated. |
Partner integration options
Runtime integrations use Vault as part of the identity or security workflow of a partner product. Runtime integrations typically allow users to provide information about their existing Vault deployment so the partner application or platform can retrieve and use information stored in Vault. With runtime integrations, Vault can store and provide access to secrets, issue and manage PKI certificates, or act as an external key management system for the partner system.
Runtime integrations often require modifying the partner product to become Vault aware in the following ways:
- The application understands and supports the Vault concept of namespaces.
- The application understands the Vault authentication workflow and can properly authenticate itself to Vault.
Token authentication is not appropriate for production
We cannot verify your integration as production-ready unless your product supports at least one authN method aside from tokens. Manually generated, long-lived tokens violate security best practice and pose a security risk.
Partner process overview
The Vault integration development process typically moves through the following steps:
- Engage - You contact HashiCorp and express interest in developing an official partner integration.
- Enable - You review the relevant product documentation and articles related to the functionality of your integration.
- Develop and test - You develop and test your integration.
- Review - An iterative process during which HashiCorp reviews your integration and provides feedback.
- Release - HashiCorp verifies the integration and, once you execute the HashiCorp technology partnership agreement, HashiCorp adds your information to the Vault integration listing.
- Support - You provide ongoing maintenance and support of your integration.
Get help
If you have questions or feedback about the partner process, please contact us at: technologypartners@hashicorp.com
Step 1: Engage with HashiCorp
Fill out the Vault integration program intake form to start the process.
We use the intake form to track your integration as you move through the partner process and notify you of any known, overlapping work in process by HashiCorp or the Vault community.
Vault has a large and active ecosystem of partners that be working on a similar integration. As much as possible, we try to connect similar parties to avoid duplicate work.
Step 2: Enable your development
While not mandatory, we strongly encourage you to sign a mutual non-disclosure agreement (MNDA) to allow for open dialog and sharing of ideas between you and HashiCorp during the integration process.
We also recommend reviewing similar integrations before you start development:
- Current partner integrations by current partners.
- Sample runtime integrations:
- Ask questions in the Vault Community Forum
Adopting similar structures and coding patterns can help expedite the review and release process for your integration.
Integrating with HCP Vault Dedicated
You can spin up a test instance of HCP Vault Dedicated to help with development. HCP Vault Dedicated is a turn-key managed service that requires minimal configuration to get started and we provide new users using the development cluster with an initial credit.
Step 3: Develop and test your integration
Requirements for all integrations:
- You must have appropriate documentation so users can use your integration successfully.
- You must support namespaces. The main, top-level namespace in HCP Vault
Dedicated is
admin
. The main, top-level namespace in Vault Enterprise isroot
. Vault Community Edition does not support namespaces. - HCP Vault Dedicated integrations must be runnable on AWS. Currently, HCP Vault Dedicated only runs on AWS and must be able to communicate with your integration using a private peered connection through a HashiCorp virtual network.
Step 4: Complete the partner review process
Once you have a working integration, send your test results and documentation to technologypartners@hashicorp.com to schedule an initial review. You must provide HashiCorp with test credentials for the underlying infrastructure and be able to demo the integration to HashiCorp representatives.
During review, we use your documentation to test the integration against self-managed Vault and HCP Vault Dedicated to provide feedback. The review process is iterative and may take multiple rounds to complete.
To complete the review process you must:
- Address all concerns or problems identified by the HashiCorp team.
- Sign the HashiCorp Technology Partner Agreement
- Review any applicable logo guidelines and your partner listing.
- Communicate your plan to support your integration and respond to customer issues.
Step 5: Release your integration
Once we verify your integration code, documentation, and support plan, and you sign the partner agreement, you can officially release your partner integration.
For HCP Vault Dedicated integrations, we issue and display the HCP Vault Verified badges on your partner page.
For Vault Enterprise or Community Edition integrations, we recommend hosting your proprietary plugin on Github in addition to the official listing on the dedicated HashiCorp partners page to make it easier for customers to find and download your integration. You can also list you plugin on the Vault Integrations page by opening a PR to update the
vault
folder in thehashicorp/integrations
GitHub repo.
Step 6: Support your integration
We view your integration release as the first step in enabling users to leverage your product in their infrastructure.
We expect partners to provide on-going support for their integrations in line with the following SLAs:
- Track and resolve critical issues within 48 hours
- Track and resolve non-critical issues within 5 business days.
We cannot verify integrations that lack active support and will not list those integrations on our partner pages.