Skip to main content
Version: Release 24.3

Vault Connection Plugin

The HashiCorp Vault plugin is used to retrieve secrets from a HashiCorp Vault server. This plugin allows you to store secrets with an external provider and retrieve them at runtime during the release execution.

important

You must set up a connection to Vault server before external secrets can be configured.

Requirements

The plugin requires the following:

  • An instance of a Vault server running on your local network.
  • An API Token or Username and Password - allowing you to log into a Vault server and retrieve secrets.
  • An optional namespace value if you have an enterprise edition of the Vault server.

Define a HashiCorp Vault Server

To set up a connection to a HashiCorp Vault Server:

  1. In the navigation pane, click Configuration.
  2. Click Connections.
  3. Click the + icon next to the Vault Server.
  4. Enter the following details:
  • In the Title field, enter a name for the configuration.
  • In the URL field, enter the address of the server as follows: http(s)://address:port.
  • In the Authentication Method dropdown field select PAT or Basic.
  • If PAT is selected then Token field is needed, enter the token that is used to log into the vault server.
  • If Basic is selected then username and password fields are to be entered, enter the fields that are used to log into the vault server.
  1. To test the connection, click Test.
  2. To save the configuration, click Save.

After the server connection is set up, you can map vault secrets to internal XLR variables.