You are browsing documentation for an older version. See the latest documentation here.
Environment Variables Vault
Configuration
Storing secrets in environment variables is a common way as they can be injected at build time. There is no prior configuration needed.
Examples
Define a secret in a environment variable:
export MY_SECRET_VALUE=EXAMPLE_VALUE
We can now reference this secret
{vault://env/my-secret-value}
You can also define a json
string if you want to store multiple secrets
in a single environment variable.
export PG_CREDS='{"username":"user", "password":"pass"}'
This allows you to do
{vault://env/pg-creds/username}
{vault://env/pg-creds/password}
Entity
The Vault entity can only be used once the database is initialized. Secrets for values that are used before the database is initialized can’t make use of the Vaults entity.
Result:
{
"config": {
"prefix": null
},
"created_at": 1644942689,
"description": "Store secrets in environment variables",
"id": "2911e119-ee1f-42af-a114-67061c3831e5",
"name": "env",
"prefix": "my-env-vault",
"tags": null,
"updated_at": 1644942689
}
With the entity in place you can reference secrets like this:
{vault://my-env-vault/my-secret-value}