Overview
- Plugin model—store, generate, encrypt secrets
- Some store secrets; some call to 3rd party APIs—dynamic secrets
- Path prefix—associated with secrets engine
- Requests routed to secrets engine based on path
- Each path isolated—secrets engines can’t communicate with secrets engines at different paths
Enable/Disable
-path=<PATH>
optional—defaults to name of secrets engine
Dynamic Secrets Engines
- Generated when accessed
- Built-in revocation—can be revoked immediately after use
List