# Vault configuration
This integration will store secrets in the Vault KV Secrets Engine - Version 2 (opens new window). Kestra authentications must have full read & write policies (opens new window) on this secrets store. You can optionally change root-engine
or namespace
(if you are using Vault Enterprise).
# Authentication
# Password authentication
You can use a Userpass Auth Method (opens new window) using the following configuration:
kestra:
secret:
type: vault
vault:
address: "http://localhostt:8200"
password:
user: john
password: foo
# Token authentication
You can use a Token Auth Method (opens new window) using the following configuration:
kestra:
secret:
type: vault
vault:
address: "http://localhostt:8200"
token:
token: your-secret-token
# AppRole authentication
You can use an AppRole Auth Method (opens new window) using the following configuration:
kestra:
secret:
type: vault
vault:
address: "http://localhostt:8200"
app-role:
path: approle
role-id: your-role-id
secret-id: your-secret-id
# Others configurations
# kestra.secret.vault.address
The fully qualified address with scheme & port to your Vault instance.
# kestra.secret.vault.namespace
Optional. Sets a global namespace to the Vault server instance. Namespace support requires Vault Enterprise Pro (opens new window).
# kestra.secret.vault.engine-version
Optional. Sets the KV Secrets Engine version of the Vault server instance. Default is 2
.
# kestra.secret.vault.root-engine
Optional. Sets the KV Secrets Engine of the Vault server instance. Default is secret
.