Akeyless Docs

AWS and HashiCorp Vault Secrets Migration Into Akeyless

πŸ“˜

Deeper Dive

For more in-depth information, check out our detailed documentation on the following topics:

Automatic Secrets Migration

πŸ‘

Need any help?

If something in this tutorial isn't working as expected, feel free to contact our support team via Slack.

Below is a text-only guide for users based on the above video

Why Migrate Your Secrets to Akeyless?

When you become an Akeyless user, it is a good idea to ensure all of your secrets are located inside the platform so there are fewer leaks. It also helps that all of your secrets are secured by Akeyless' patented DFC cryptography.

πŸ‘

Tip

Before getting started, ensure that the platform where the secrets are stored is accessible over the network from the Akeyless Gateway server. Depending on the deployment, it might require adding an Akeyless Gateway IP address to a security group or a firewall.

Migrating AWS Secrets into Akeyless

πŸ“˜

Notes

  1. Akeyless currently only has static secret migration capabilities.
  2. If there are existing secrets under the Target location, their values will be replaced in case of conflict. This can happen if you leave the "Target location" field blank and a new secret has the same name as the existing one.

Prerequisites

To import secrets from AWS Secrets Manager, you need to provide access credentials of a user with sufficient permissions to get all secrets. The required configuration includes:

  • AWS Access Key ID
  • AWS Secret Access Key
  • AWS region

Migration

Log into your Gateway console and click on Automatic Migration -> AWS Secrets Manager.

Enter the above credentials for your AWS account and click Save. Then click on the Sync Now button and all of your static secrets from AWS Secrets Manager will show up in the folder you chose.

Head back to your Akeyless Console and you will see your secrets in the folder.

Migrating HashiCorp Vault Secrets into Akeyless

Prerequisites

To import secrets from HashiCorp Vault into Akeyless, you need:

  • An access token with sufficient permissions
  • The full URL of the HashiCorp Vault API server

For migration from HashiCorp Vault Enterprise, the configuration of namespaces is available. A comma-separated list of namespaces must be imported to Akeyless Vault. For every provided namespace, all its child namespaces are imported as well.

Example: nmsp/subnmsp1/subnmsp2,nmsp/anothernmsp

Akeyless supports migration from the kv storage engine of versions 1 and 2. For v2 migrations, only the current version of a secret is imported in the case of multiple available versions.

Migration

Log into your Gateway console and click on Automatic Migration -> Hashicorp Vault.

Enter the above credentials and click Save. Then click on the Sync Now button and all of your static secrets from HashiCorp Vault will show up in the folder you chose.

Head back to your Akeyless Console and you will see your secrets in the folder.

Updated 7 months ago

What’s Next