Vault Secrets Engines

Overview

Plugin model—store, generate, encrypt secrets
- Some store secrets; some call to 3rd party APIs—dynamic secrets
Path prefix—associated with secrets engine
- Requests routed to secrets engine based on path
- Each path isolated—secrets engines can’t communicate with secrets engines at different paths

Enable/Disable

vault secrets enable [-path=<PATH>] <SECRETS_ENGINE>
 
vault secrets disable <PATH>/

-path=<PATH> optional—defaults to name of secrets engine

Dynamic Secrets Engines

Generated when accessed
Built-in revocation—can be revoked immediately after use

List

Graph View

Backlinks

Vault