Vault Connection Plugin

The HashiCorp Vault plugin is used to retrieve secrets from a HashiCorp Vault server. This plugin allows you to store secrets with an external provider and retrieve them at runtime during the release execution.

Important: You must set up a connection to Vault server before external secrets can be configured.


The plugin requires the following:

  • An instance of a Vault server running on your local network.
  • An API Token allowing you to log into a Vault server and retrieve secrets.
  • An optional namespace value if you have an enterprise edition of the Vault server.

Define a HashiCorp Vault Server

To set up a connection to a HashiCorp Vault Server:

  1. In the navigation pane, click Configuration.
  2. Click Connections.
  3. Click the + icon next to the Vault Server.
  4. Enter the following details:
  5. In the Title field, enter a name for the configuration.
  6. In the URL field, enter the address of the server as follows: http(s)://address:port.
  7. In the API Token field, enter the token that is used to log into the vault server.
  8. To test the connection, click Test.
  9. To save the configuration, click Save.

After the server connection is set up, you can map vault secrets to internal XLR variables.