Vault to Vault

Info

Vault to Vault feature is still in BETA. We look forward to your feedback about how we can improve it.

This feature makes it possible to transfer files between different networks using a secure and controlled connection. When enabled, all file and folders operations will be send from the primary Vault to the destination Vault server.
Please note that requests made to the primary Vault are treated as a transaction. They either succeed on both machines or not at all.

Supported operations

The supported file and folder actions can be seen in the table below:

Operation

File

Folder

Upload (Create)

images/s/en_GB/7201/e9483755159fbecaf5aef9b1eebd094ee4430d2f/_/images/icons/emoticons/check.png

images/s/en_GB/7201/e9483755159fbecaf5aef9b1eebd094ee4430d2f/_/images/icons/emoticons/check.png

Share

images/s/en_GB/7201/e9483755159fbecaf5aef9b1eebd094ee4430d2f/_/images/icons/emoticons/check.png

images/s/en_GB/7201/e9483755159fbecaf5aef9b1eebd094ee4430d2f/_/images/icons/emoticons/check.png

Move

images/s/en_GB/7201/e9483755159fbecaf5aef9b1eebd094ee4430d2f/_/images/icons/emoticons/check.png

images/s/en_GB/7201/e9483755159fbecaf5aef9b1eebd094ee4430d2f/_/images/icons/emoticons/check.png

Rename

images/s/en_GB/7201/e9483755159fbecaf5aef9b1eebd094ee4430d2f/_/images/icons/emoticons/check.png

images/s/en_GB/7201/e9483755159fbecaf5aef9b1eebd094ee4430d2f/_/images/icons/emoticons/check.png

Delete

images/s/en_GB/7201/e9483755159fbecaf5aef9b1eebd094ee4430d2f/_/images/icons/emoticons/check.png

images/s/en_GB/7201/e9483755159fbecaf5aef9b1eebd094ee4430d2f/_/images/icons/emoticons/check.png

Note

Guest user creation is also supported. Please keep in mind that the other user manipulation actions (update, delete, etc.) are not implemented.

The functionality can be configured by navigating to the Settings page and then choose Vault to Vault

images/download/attachments/340330/image2019-11-13_16-32-44.png

By default the feature is disabled. In order to enable the feature and proceed to configuration, the user must switch on "Enable mirroring".

images/download/attachments/340330/image2019-11-13_16-37-17.png

In order to connect with an upstream Vault instance, the following steps must be performed:

  1. Provide the REST URL of the upstream Vault instance.
    The URL must have the following format <schema>://<address>:<port>/[vault_rest].

    It is important to provide the absolute URL and path to the secondary Vault's REST service (i.e. http://192.168.0.2:8010/vault_rest).

  2. Log in with an administrator account on the second Vault and generate an API key.
    The generated API key will be used to authorize requests from the first vault.

  3. (Optional) Aggregate all file/folder actions to a single user.
    All forwarded actions will be interpreted as if the impersonated user requested them.
    For example, files will be uploaded to the impersonated user's account regardless of the user who initiated the actions on the first vault.

    The impersonated user must exist on both Vault instances.
    This implies that both instances must integrate with the same Active Directory or have the same local accounts created.
    If the impersonated user does not exist then all requests will be done on behalf of the user which generated the API key.

  4. (Optional) Validate settings
    If enabled, an initial connection test is performed to ensure that the settings are valid.
    If disabled, no attempt is made to validate the configuration. This can be useful when responses from the other network are not allowed.

    In the case a data diode is deployed between the two Vault servers it may be impossible to receive a response from the second Vault. The validation feature will have to be manually turned off in order for the setup to work.

    images/download/attachments/340330/image2019-11-13_17-41-15.png images/download/attachments/340330/image2019-11-13_17-41-52.png