HashiCorp Vault

    You can also store this information in an entity.

    The Vault entity can only be used once the database is initialized. Secrets for values that are used before the database is initialized can’t make use of the Vaults entity.

    Admin API

    cURL

    HTTPie

    2.   --data name="hcv" \
    3.   --data description="Storing secrets in HashiCorp Vault" \
    4.   --data config.protocol="https" \
    5.   --data config.host="localhost" \
    6.   --data config.port="8200" \
    7.   --data config.mount="secret" \
    8.   --data config.kv="v2" \

    Result:

    1. {
    2.     "config": {
    3.         "host": "localhost",
    5.         "mount": "secret",
    6.         "port": 8200,
    7.         "protocol": "https",
    8.         "token": "<mytoken>"
    9.     },
    10.     "created_at": 1645008893,
    11.     "description": "Storing secrets in HashiCorp Vault",
    12.     "id": "0b43d867-05db-4bed-8aed-0fccb6667837",
    13.     "prefix": "my-hashicorp-vault",
    14.     "tags": null,
    16. }

    Add the following snippet to your declarative configuration file:

    For example, let’s say you’ve configured a HashiCorp Vault with a path of secret/hello and a key=value pair of foo=world:

    1. vault kv put secret/hello foo=world
    3. Key                Value
    4. ---                -----
    5. created_time       2022-01-15T01:40:03.740833Z
    6. custom_metadata    <nil>
    7. deletion_time      n/a
    8. destroyed          false

    Access these secrets like this:

    1. {vault://my-hashicorp-vault/hello/foo}