このページは、まだ日本語ではご利用いただけません。翻訳中です。

旧バージョンのドキュメントを参照しています。 最新のドキュメントはこちらをご参照ください。

Environment Variables Vault

Configuration

Storing secrets in environment variables is a common way as they can be injected at build time. There is no prior configuration needed.

Examples

Define a secret in a environment variable:

export MY_SECRET_VALUE=EXAMPLE_VALUE

We can now reference this secret

{vault://env/my-secret-value}

You can also define a json string if you want to store multiple secrets in a single environment variable.

export PG_CREDS='{"username":"user", "password":"pass"}'

This allows you to do

{vault://env/pg-creds/username}
{vault://env/pg-creds/password}

Entity

The Vault entity can only be used once the database is initialized. Secrets for values that are used before the database is initialized can’t make use of the Vaults entity.

curl -i -X PUT http://HOSTNAME:8001/vaults/my-env-vault \
        --data name=env \
        --data description="Store secrets in environment variables"

http -f PUT :8001/vaults/my-env-vault \
  name="env" \
  description="Store secrets in environment variables"

Result:

{
    "config": {
        "prefix": null
    },
    "created_at": 1644942689,
    "description": "Store secrets in environment variables",
    "id": "2911e119-ee1f-42af-a114-67061c3831e5",
    "name": "env",
    "prefix": "my-env-vault",
    "tags": null,
    "updated_at": 1644942689
}

With the entity in place you can reference secrets like this:

{vault://my-env-vault/my-secret-value}