HashiCorp Vault
Provides pipeline environment variables from a HashiCorp Vault KV store.
Currently, only the kv-v2 secrets engine is supported.
If an env key is a path (meaning that it includes at least one /), all but the last segments are used as the secret path and the last segment is used as the secret data key. Otherwise, value is used as the secret data key.
An API token needs to be created in Vault for this plugin. It is recommended to use a token configured with minimal required access.
Settings
Plugin name: hcvault
| Setting | Description |
|---|---|
ENABLED | Enable the plugin ("true" | "false") |
URL | Vault URL required (string) |
TOKEN | Vault API token required (string) |
PATH | The path of the secret engine required (string) |
PRIORITY | Priority of the variables provided by the plugin (default: 1) (number) |
NO_SECRET | Whether to prevent marking the variables provided by the plugin as secret ("true" | "false") |