HashiCorp Cloud Platform
Lock resources
Plus tier
This feature is available in HCP Vault Secrets Plus tier.
HCP Vault Secrets allows administrators to lock resources to block access as a break-glass procedure in the event of unexpected behavior.
When projects are locked, users have limited access to the HCP Vault Secrets resources. The limitations are:
- Cannot create a new app
- Cannot add a new secret to an existing app
- Cannot view or edit secret values
- Cannot create a new integration
- Cannot edit the existing integration
Audit log
The audit log will capture lock and unlock events.
Who can lock projects?
Users with admin role can issue a lock request to:
- Lock all apps or integrations within a project
- Lock across all apps or integrations within the projects they are admin of
Important note
Locking a project at the HCP Vault Secrets level does not lock other HCP services such as HCP Terraform, HCP Boundary, etc..
Locking
Users with admin role can lock projects. To lock a project:
Open a browser and navigate to the HCP Portal.
Navigate to the HCP Vault Secrets dashboard.
On the Overview page, select Lock project from the Manage drop-down. This opens a confirmation dialog box.
Enter the Reason for locking (Optional) text field, and then click Confirm.
Locked apps
The Apps overview page indicates that you cannot use the apps until an admin unlock the project.
When you select an app, its secret values display Access locked
status.
You can click into a secret; however, you cannot view, edit, or delete its value.
Locked integrations
The Project Integration page indicates that you cannot use the integrations until an admin unlock the project.
You can click into an integration to see its definition, but you cannot add a new integration.
Unlocking
Users with admin role can unlock projects. To unlock a project:
Open a browser and navigate to the HCP Portal.
Navigate to the HCP Vault Secrets dashboard.
On the Overview page, select Unlock project from the Manage drop-down.
Once a project is unlocked, the users can resume using the apps and integrations.