You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It can be injected as a [IConfigurationProvider](https://docs.microsoft.com/en-us/dotnet/api/microsoft.extensions.configuration.iconfigurationprovider?view=dotnet-plat-ext-3.1)
The `AddVaultConfiguration` method accepts several parameters:
31
+
32
+
1. Function to provide VaultOptions with Vault connection configuration (optional).
33
+
34
+
2. Application alias in Vault data. It's used a part of the path to read secrets.
35
+
36
+
3. Mount point of KV secrets. The default value is `secret` (optional).
37
+
38
+
## Configuration using environmnt variables
39
+
40
+
Alternatively, you can configure Vault connection using next environmnt variables:
41
+
42
+
-`VAULT_ADDR` : Address of the Vault instance. Default value is `"http://locahost:8200`.
43
+
-`VAULT_TOKEN` : Vault token. Used for token-based authentication. Default value is `root`.
44
+
-`VAULT_ROLEID` : Vault AppRole ID. Used for AppRole-based authentication.
45
+
-`VAULT_SECRET` : Vault AppRole secret. Used for AppRole-based authentication.
46
+
47
+
## Preparing secrets in Vault
48
+
49
+
You need to store your secrets with special naming rules.
50
+
First of all, all secrets should use KV2 storage and have prefix `data/{app_alias}/`.
51
+
For example, if your app has alias `sampleapp` and you want to have configuration option `ConnectionString` your secret path would be `data/sampleapp/ConnectionString`.
52
+
53
+
All secret data should use JSON format with the only key `value` and secret data inside:
0 commit comments