HashiCorp Vault

• Name: HashiCorp Vault
• Category: Secret manager

​

Configuration

Configu needs to be authorized to access your HashiCorp vault account. For this, you need to provide the following parameters: address, engine, token. By default, Configu attempts to use the following environment variables for the vault address and token: VAULT_ADDR, VAULT_TOKEN. The engine parameter must always be provided.

​

Limitations

• Only supports the K/V2 engine.

​

Usage

​

.configu store declaration

stores:
  my-store:
    type: hashicorp-vault
    configuration:
      address: https://vault.example.com
      token: example-token
      engine: example-engine

​

CLI examples

​

Upsert command

configu upsert --store "my-store" --set "test" --schema "./start.cfgu.json" \
    -c "GREETING=hey" \
    -c "SUBJECT=configu"

​

Eval and export commands

configu eval --store "my-store" --set "test" --schema "./start.cfgu.json" \
 | configu export

​

Common errors and solutions

1. Authentication failure

   • Solution: Ensure the provided token is valid and has sufficient permissions. Verify the token with:

     vault token lookup
     

2. Timeout issues

   • Solution: Increase the timeout value in the configuration if the Vault server takes longer to respond.

3. Path not Found

   • Solution: Ensure the provided path exists and the token has access to it. Use:

     vault list secret/
     

4. Certificate errors in HTTPS connections

   • Solution: If using HTTPS, ensure that the correct CA certificates are configured. Use the VAULT_CACERT environment variable to specify the certificate path:

     export VAULT_CACERT=/path/to/ca.pem
     

​

References

• Integration documentation: https://www.vaultproject.io/docs