»Secret Class Provider Configurations

The following parameters are supported by the Vault provider:

• roleName (string: "") - Name of the role to be used during login with Vault.

• vaultAddress (string: "") - The address of the Vault server.

• vaultNamespace (string: "") - The Vault namespace to use.

• vaultSkipTLSVerify (string: "false") - When set to true, skips verification of the Vault server certificiate. Setting this to true is not recommended for production.

• vaultCACertPath (string: "") - The path on disk where the Vault CA certificate can be found when verifying the Vault server certificate.

• vaultCADirectory (string: "") - The directory on disk where the Vault CA certificate can be found when verifying the Vault server certificate.

• vaultTLSClientCertPath (string: "") - The path on disk where the client certificate can be found for mTLS communications with Vault.

• vaultTLSClientKeyPath (string: "") - The path on disk where the client key can be found for mTLS communications with Vault.

• vaultTLSServerName (string: "") - The name to use as the SNI host when connecting via TLS.

• vaultKubernetesMountPath (string: "kubernetes") - The name of the auth mount used for login. At this time only the Kubernetes auth method is supported.

• objects (array) - An array of secrets to retrieve from Vault.

  • objectName (string: "") - The alias of the object which can be referenced within the secret provider class and the name of the secret file.

  • method (string: "GET") - The type of HTTP request. Supported values include "GET" and "PUT".

  • secretPath (string: "") - The path in Vault where the secret is located.

  • secretKey (string: "") - The key in the Vault secret to extract. If omitted, the whole response from Vault will be written as JSON.

  • secretArgs (map: {}) - Additional arguments to be sent to Vault for a specific secret. Arguments can vary for different secret engines. For example:

    secretArgs:
      common_name: 'test.example.com'
      ttl: '24h'