Set up alert integration for HCP Vault Radar

In this tutorial, you will follow the HashiCups operations and SRE teams as they set up an integration with one of their alerting tools for the proof-of-concept (POC) implementation of HCP Vault Radar.

Scenario introduction

HashiCups successfully scanned and identified secrets in one of their GitHub repositories using HCP Vault Radar. Danielle and the development team then enabled the GitHub pull request check to ensure sensitive data can not be committed to the repository.

Oliver (operations) and Steve (SRE) were able to view alerts using the HCP Portal. However, one of the requirements is to receive real time alerts. Oliver and Steve will now set up an alert integration for HCP Vault Radar so their teams can be notified when an incident occurs.

Prerequisites

• Completed the Scan a repository for secrets with HCP Vault Radar tutorial.
• Access to the HCP Portal with a user assigned the admin role.
• Access to a PagerDuty account (free tier will support this tutorial).
• You do not need to be familiar with the Go programming language to follow this tutorial.

Configure PagerDuty settings

(Persona: operations)

HashiCups will make use of PagerDuty during the POC. HCP Vault Radar also supports integrations with Slack, and Splunk.

1. Log in to your PagerDuty account.

2. Click Services in the top navigation menu and click + New Service.

3. Enter hashicups-radar-poc-integration in the Name text box and click Next.

4. Select Generate a new Escalation Policy and click next.

5. Leave all defaults and click Next.

6. Search for, and select the Events API v1 service.

7. Click Create Service.

8. Copy and save the Integration Key. The integration key is required by the HCP Vault Radar subscription.

9. Click Integrations in the top navigation menu and select API Access Keys.

10. Click + Create New API Key.

11. Enter hcp-vault-radar-integration in the Description text box.

12. Click Create Key. A new API key is displayed.

13. Copy and save the API access key. The API access key is required by the HCP Vault Radar connection.

Set up PagerDuty alert integration

(Persona: operations)

1. Open a new tab, log in to your HCP organization and select the project HCP Vault Radar is enabled for.

2. Click Get started with Vault Radar.

3. Click on Settings and then click Filters.

4. Click the copy icon in the Actions column to copy the All events filter.

5. Enter critical-only in the Filter Name text box.

   For production workloads, creating unique filters help to send only relevant findings to an integration. You may want to send only critical or high alerts to PagerDuty while sending all severity levels to Slack.

6. Click PagerDuty under the Integrations navigation menu.

   For each supported integration, you will configure a connection and a subscription.

7. Click + Connection.

8. Enter hashicups-pagerduty-connection1 in the Connection Name field.

   Connection names must be unique across all HCP Vault Radar integrations. A good practice would be to add an identifiable suffix or prefix to identify the connection name.

9. Enter the PagerDuty API access key created in the Configure PagerDuty settings section in the API access key text box.

10. Click Test & save to complete the connection setup.

11. Click the Subscriptions tab.

    Before notifications are sent to an integration, a subscription must be added. Subscriptions are based on filters, which you explored in the Scan a repository for secrets with HCP Vault Radar tutorial and created a custom filter earlier in this tutorial.

12. Click + Subscription.

13. Click PagerDuty in the Integrations navigation menu.

14. Enter hashicups-pagerduty-subscription1 in the Subscription Name text box.

    Like connection names, subscription names must be unique across all integrations.

15. Click the Saved Filter pulldown menu and select critical-only.

16. Click the Connection pulldown menu and select hashicups-pagerduty-connection1.

17. Enter the integration key in the Integration Key text box.

18. Click Test & save.

    The integration for PagerDuty is now set up. You added a connection to PagerDuty using the API key, and added a subscription based on the critical-only filter to send alerts based on the filter to PagerDuty.

Trigger an alert

(Persona: developer)

To simulate a real world scenario, Danielle will now attempt to create a pull request that includes sensitive data in the GitHub repository used for HashiCups' POC of HCP Vault Radar.

1. Open a new tab and access the hcp-vault-radar-foundations repository you added to your organization in the Scan a repository for secrets with HCP Vault Radar tutorial.

2. Click the main.go file and then click the pencil icon to use the GitHub editor.

3. Change the const password value to b3stp@stw00rd3vA!!! and click Commit changes....

4. Click the Create a new branch radio button and click Propose changes.

5. Click Create pull request (if prompted, click Create pull request again).

   HCP Vault Radar will start a pull request scan.

6. When the pull request scan completes, the HCP Vault Radar Secret Scan will change status to Failed.

7. Return to the PagerDuty browser tab and click Incidents.

   An incident was triggered by the development team when they created a commit that contained a password.

Summary

In this tutorial you learned how to add an alert integration to HCP Vault Radar so engineering teams such as an operations, DevSecOps, or SRE teams can receive notifications through existing support tools. You created a connection to the integration (PagerDuty), created a custom filter, and added the filter to a subscription so only incidents matching the filter are sent to the integration.

Next steps

In the next tutorial, the operations team needs to set up an integration so tickets are automatically created when an incident occurs. This will help the team track incidents through to resolution which is useful when performing security audits.