HashiCorp Vault
Fetch secrets from HashiCorp Vault to use as variables in your API requests.
Prerequisites
- HashiCorp Vault server (self-hosted or HCP Vault)
- Vault token with read access
- Secrets stored in KV v2 secrets engine
Configuration
- Go to Settings > Secret Providers
- Click Add Provider
- Select Vault
- Fill in the configuration:
| Field | Description |
|---|---|
| Name | Display name for this provider |
| Address | Vault server URL (e.g., https://vault.example.com:8200) |
| Token | Vault authentication token |
| Mount Path | KV secrets engine mount path (default: secret) |
| Namespace | Vault namespace (Enterprise only, optional) |
| Secret Path | Path to the secret within the mount |
- Click Test Connection to verify credentials
- Click Save
Secret Format
Vault KV v2 secrets are stored as key-value pairs:
{
"API_KEY": "sk-xxx",
"DATABASE_URL": "postgres://user:pass@host:5432/db",
"JWT_SECRET": "your-jwt-secret"
}
Each key becomes a variable you can use as {{API_KEY}}, {{DATABASE_URL}}, etc.
Secret Path
For a secret at secret/data/myapp/config:
- Mount Path:
secret - Secret Path:
myapp/config
Vault Policy
Minimum required policy:
path "secret/data/myapp/*" {
capabilities = ["read"]
}
For token lookup (connection test):
path "auth/token/lookup-self" {
capabilities = ["read"]
}
Authentication Methods
Currently, Istek supports Token authentication. Generate a token with:
vault token create -policy=myapp-read -ttl=24h
Vault Enterprise
For Vault Enterprise with namespaces, specify the namespace in the configuration. The namespace header will be included in all requests.
Usage
Once configured, click Fetch Secrets to load the secrets. They will be available as variables in your requests:
GET {{API_URL}}/users
Authorization: Bearer {{API_KEY}}