Skip to main content
Version: Release 22.3

Hashicorp Vault Plugin

This topic covers the HashiCorp Vault Plugin for Release, which integrates Vault for secure secret management within release pipelines.

The HashiCorp Vault plugin retrieves secrets from a Vault Server for use in your tasks and automation. These secrets include static and dynamic username and password fields from the Secrets Engine of your choice.

Requirements

  • Digital.ai Release: version 9.6+

Installation

This documentation assumes gradle version 6.0.1. See gradle/wrappter/gradle-wrapper.properties for the actual version.

Import the jar file into your %XLRELEASE_INSTALLATION%/plugins/xlr-official folder, or from the Digital.ai Release web UI as a new plugin. Adding the plugin requires a server restart.

Authentication

Vault permits several types of authentication as outlined in the Hashicorp Vault Authentication documentation.

Note: This plugin implements a subset of the authentication options, namely token. Other authentication options can be added as demanded. With 22.2 a new type of authentication called AppRole is introduced for the HashiCorp Vault plugin.

App role

Define the server configuration of URL plus token.