Drata Integration

🚀

Coming soon!

Overview

Integrating with Drata enables you to:

  • Automate evidence submission for key technical SOC2 controls to the Drata platform. Learn more in SOC2 by Drata.

Integration steps

  • Step 1: Create an API token in your Drata account.
  • Step 2: Assign and create secrets and tokens in Jit.
  • Step 3: Configure the integration in Jit.

Step 1: Create an API Token in Your Drata Account

  1. Log in to https://app.drata.com > Click on your profile name > Settings.

  2. Click API Keys.

  3. Click Create API Key.

  4. Fill out the Create API Key Form using the guidance below and be sure to save it:

    • Expiration Date: We recommend a long expiration date so that your integration does not unexpectedly stop working.
    • The following scopes must be enabled:
      • Personnel: Personnel details - R
      • Controls: Control List - R
      • Workspaces: List workspaces - R
      • Evidence Library:List Evidence - R,Add Evidence- W, Update Evidence - W, Delete Evidence - W
  5. Copy the API Key and save it somewhere secure!

Step 2: Assign and create secrets and tokens in Jit

  1. Create a secret for the Drata API key:

    1. In the Jit platform, go to Settings > Secrets.
    2. Click on Create new secret, and create a secret named DRATA_API_KEY and add the Drata API Key you've just created.
  2. Create a Jit API Token:

    1. Click on Settings > Users & Permissions.

    2. Click on API Token > Generate Token.

    3. Create a new Key, give it a meaningful description, and select a developer Role.

    4. Copy both the Client ID and Secret Key to a secret location.

  3. Store these back to the Jit secrets, go back to Settings > Secrets:

    1. Click on Create new secret, and create a secret named JIT_CLIENT_ID and add the Jit Client ID you just created.
    2. Click on Create new secret, and create a secret named JIT_CLIENT_SECRET and add the Jit Secret Key you just created.
  4. Make sure the names are as described for the integration to work properly.

Step 3: Configure the integration in Jit

  1. In the Jit platform, go to Integrations and locate the Drata tile.
  2. Click Integrate as-code to open the jit-integration.yml file in your centralized Jit repository.
  3. Copy and paste the Drata integration-structure at the end of the file.
drata:
  workspace: 'My Drata Workspace'
  user_email: '[email protected]
  1. Replace the placeholders with your specific information:

    1. user email - should be the mail of the Drata user you generated the Drata API Key for.

    2. workspace:

      1. Go back to Drata and click on Settings/

      2. Click Company Info.

      3. If you don’t have workspace enabled - It will be your Tenant's name. Copy the Project Name.

      4. If you have workspaces enabled, Scroll down to Workspaces, and copy the name of the workspace you want to upload evidence to.

We will now periodically send the Jit report to your Drata workspace, according to your SOC2 by Drata plan.