»Secret Class Provider Configurations

The following parameters are supported by the Vault provider:

  • roleName (string: "") - Name of the role to be used during login with Vault.

  • vaultAddress (string: "") - The address of the Vault server.

  • vaultSkipTLSVerify (string: "false") - When set to true, skips verification of the Vault server certificiate. Setting this to true is not recommended for production.

  • vaultCACertPath (string: "") - The path on disk where the Vault CA certificate can be found when verifying the Vault server certificate.

  • vaultTLSClientCertPath (string: "") - The path on disk where the client certificate can be found for mTLS communications with Vault.

  • vaultTLSClientKeyPath (string: "") - The path on disk where the client key can be found for mTLS communications with Vault.

  • vaultTLSServerName (string: "") - The name to use as the SNI host when connecting via TLS.

  • objects (array) - An array of secrets to retrieve from Vault.

    • objectName (string: "") - The alias of the object which can be referenced within the secret provider class and the name of the secret file.

    • method (string: "GET") - The type of HTTP request. Supported values include "GET" and "PUT".

    • secretPath (string: "") - The path in Vault where the secret is located.

    • secretArgs (map: {}) - Additional arguments to be sent to Vault for a specific secret. Arguments can vary for different secret engines. For example:

      secretArgs:
        common_name: "test.example.com"
        ttl: "24h"