Enable Hashicorp Vault Credential Management Feature in NextGen Gateway

This page describes how to enable HashiCorp Vault–based credential management on the NextGen Gateway so that Discovery and Monitoring integrations can securely retrieve credentials from HashiCorp Vault instead of storing them in OpsRamp.

Procedure

Log in to the NextGen Gateway CLI using ruser credentials.
Retrieve the existing chart version by running the following command:
```
helm list -n <namespace>
```
Replacewith your gateways namespace. If you don’t have a custom namespace, usedefault.

Example Output

root@opsram-gateway:/home/gateway-admin# helm list -n default
NAME      	NAMESPACE	REVISION	UPDATED                                	STATUS  	CHART            	APP VERSION
nextgen-gw	default  	2       	2025-07-09 09:31:41.646878942 +0000 UTC	failed  	nextgen-gw-18.0.5	18.0.5

In this output, the chart version is located under the CHART section. For example, if it says nextgen-gw-18.0.5, the version is 18.0.5.

To enable the Hashicorp Vault feature, use the following command, replacing <Chart_version> with the version you retrieved and with your gateway namespace:

helm upgrade nextgen-gw oci://us-docker.pkg.dev/opsramp-registry/gateway-cluster-charts/nextgen-gw --version <Chart_version> --set vprobe.customConfig.gateway-vault-enabled=true --reuse-values -n <namespace>

Example Output

root@opsram-gateway:/home/gateway-admin# kubectl get pods
NAME                           READY   STATUS    RESTARTS   AGE
nextgen-gw-0                   3/3     Running   0          23h
nextgen-gw-redis-master-0      1/1     Running   0          23h
squid-proxy-76d7d49cfc-2rz2b   1/1     Running   0          5m14s

5. Delete the POD using the following command:

kubectl delete pod nextgen-gw-0 -n <namespace>

After the Helm upgrade, the NextGen Gateway pod is automatically recreated and starts with the updated Vault configuration.