Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Provider ParameterRequiredDescription

ADDRESS

Yestrue

The address of the Vault server (e.g. http://127.0.0.1:8200).

TOKEN


The Vault token for use with Vault’s token auth method.

ROLE_ID


The Role ID of the AppRole for use with Vault’s AppRole auth method.

SECRET_ID


The Secret ID belonging to the AppRole for use with Vault’s AppRole auth method.

  • Required if the ROLE_ID is specified.

JWT


The signed JSON Web Token (JWT) for use with Vault’s JWT auth method.

ROLE


The Role name for use with Vault’s JWT auth method.

  • Required, but not enforced, if the JWT auth method backend does not have a default role.

KEYSTORE


The path to the keystore containing the client certificate and private key for use with Vault’s TLS Certificates auth method.

KEYSTORE_PASSWORD


The password used to unlock the keystore.

KEYSTORE_TYPE


The type of keystore. (default Default is PKCS12).

  • JKS

    • The proprietary keystore implementation provided by the SUN provider.

  • PKCS12

    • The transfer syntax for personal identity information as defined in PKCS #12.

CLIENT_CERTIFICATE


The path to the X.509 certificate, in PEM format, for use with Vault’s TLS certificates auth method.

CLIENT_KEY


The path to the unencrypted RSA private key, in PEM format, for use with Vault’s TLS certificates auth method.

  • Required if the CLIENT_CERTIFICATE is specified.

AUTH_MOUNT_PATH

Nofalse

Specifies the path where the auth method backend is mounted.

MOUNT_PATH

Nofalse

Specifies the path where the KV backend is mounted.

  • If not specified, the SECRET_PATH parameter will be interpreted as the combined mount path and secret path, with /data/ automatically inserted for KV Version 1 secrets.

SECRET_PATH

Yestrue

The path to the KV secret.

DATA_PASSWORD_KEY

Nofalse

Specifies the key for the password in the secret data.

DATA_PASSPHRASE_KEY

Nofalse

Specifies the key for the password in the secret data.

DATA_TOKEN_KEY

Nofalse

Specifies the key for the password in the secret data.

CACHE_TTL

Nofalse

The TTL (Time To Live), in seconds, for the cached secret before a new request to the provider is made. (default 300 seconds / 5 minutes)

If the secret has a TTL, then it will be used to set the expiration time (KV Version 1 only).

...