Lock resources

HCP Vault Secrets allows administrators to lock resources to block access as a break-glass procedure in the event of unexpected behavior.

When projects are locked, users have limited access to the HCP Vault Secrets resources. The limitations are:

• Cannot create a new app
• Cannot add a new secret to an existing app
• Cannot view or edit secret values
• Cannot create a new integration
• Cannot edit the existing integration

Who can lock projects?

Users with admin role can issue a lock request to:

• Lock all apps or integrations within a project
• Lock across all apps or integrations within the projects they are admin of

Locking

Users with admin role can lock projects. To lock a project:

1. Open a browser and navigate to the HCP Portal.

2. Navigate to the HCP Vault Secrets dashboard.

3. On the Overview page, select Lock project from the Manage drop-down. This opens a confirmation dialog box.

4. Enter the Reason for locking (Optional) text field, and then click Confirm.

Locked apps

The Apps overview page indicates that you cannot use the apps until an admin unlock the project.

When you select an app, its secret values display Access locked status.

You can click into a secret; however, you cannot view, edit, or delete its value.

Locked integrations

The Project Integration page indicates that you cannot use the integrations until an admin unlock the project.

You can click into an integration to see its definition, but you cannot add a new integration.

Unlocking

Users with admin role can unlock projects. To unlock a project:

1. Open a browser and navigate to the HCP Portal.

2. Navigate to the HCP Vault Secrets dashboard.

3. On the Overview page, select Unlock project from the Manage drop-down.

Once a project is unlocked, the users can resume using the apps and integrations.

API

• LockProject
• UnlockProject
• GetProjectLockStatus