DOCSADMINISTRATOR-GUIDECONFIGURATIONENTERPRISE-EDITIONSECRETSVAULT

Vault configuration

Table of Contents

Contribute

This integration will store secrets in the Vault KV Secrets Engine - Version 2. Kestra authentications must have full read and write policies on this secrets store. You can optionally change root-engine or namespace (if you use Vault Enterprise).

Authentication

Password authentication

You can use a Userpass Auth Method using the following configuration:

yaml

kestra:
  secret:
    type: vault
    vault:
      address: "http://localhostt:8200"
      password:
        user: john
        password: foo

Token authentication

You can use a Token Auth Method using the following configuration:

yaml

kestra:
  secret:
    type: vault
    vault:
      address: "http://localhostt:8200"
      token:
        token: your-secret-token

AppRole authentication

You can use an AppRole Auth Method using the following configuration:

yaml

kestra:
  secret:
    type: vault
    vault:
      address: "http://localhostt:8200"
      app-role:
        path: approle
        role-id: your-role-id
        secret-id: your-secret-id

Others configurations

`kestra.secret.vault.address`

The fully qualified address with scheme and port to your Vault instance.

`kestra.secret.vault.namespace`

Optional. Sets a global namespace to the Vault server instance. Namespace support requires Vault Enterprise Pro.

`kestra.secret.vault.engine-version`

Optional. Sets the KV Secrets Engine version of the Vault server instance. Default is 2.

`kestra.secret.vault.root-engine`

Optional. Sets the KV Secrets Engine of the Vault server instance. Default is secret.

SecretsElasticsearch configuration

Enterprise EditionWorker Isolation configuration

​Vault configuration

Vault configuration