how load secrets in vector

[LinTechSo]

Hi.
i want to load secret from external vault .
i read about secret in following link : example
but i don't understand too much about it.
is it correct that we use this feature like the below configuration in main yaml file?

    secret:
      vault-test: 
        type: "exec"
        command: ["curl -H 'X-Vault-Token: s.1234'   -H 'X-Vault-Namespace: vault' -X GET http://test.com/v1/demo/data/test"]

    sources:
      demo-test:
        type: demo_logs
        format: json

    sinks:
      console_all:
        type: console
        inputs:
          - demo-test
        target: stdout
        acknowledgements:
          enabled: true
        encoding:
          codec: json

i would appreciate if anyone help me figure this out.
is there any example or quick start doc?

[spencergilbert]

Hey @LinTechSo,

Sorry, the docs are a little unclear here. The reference documentation lives in the global options.

I believe your configuration is structured correct, though you're not inserting the secret value anywhere ('SECRET[<backend_name>.<secret_key>]'). Additionally the command is expected to accept a specific JSON payload to run, as well as returning a specific JSON payload as well - which curl isn't going to do.

The command will receive on STDIN:

{"version": "1.0", "secrets": ["secret1", "secret2"]}

and expect to return over STDOUT:

{
	"secret1": {"value": "secret_value", "error": null},
	"secret2": {"value": null, "error": "could not fetch the secret"}
}