Vault Source Plugin
Latest: v1.0.6
The CloudQuery Vault plugin pulls data from Vault and loads it into any supported CloudQuery destination (e.g. PostgreSQL, BigQuery, Snowflake, and more).
Authentication
The plugin needs to be authenticated in order to sync information from your Vault server.
The plugin requires only read permissions (we will never make any changes to your vault server), so, following the principle of least privilege, it's recommended to grant it read-only permissions.
In order for CloudQuery to sync resources from your Vault server,
you will need to obtain a Vault Token (opens in a new tab) and configure the VAULT_TOKEN
environment variable.
Example
This example syncs from Vault to a Postgres destination. The (top level) source spec section is described in the Source Spec Reference.
kind: source
# Common source-plugin configuration
spec:
name: vault
path: cloudquery/vault
version: "v1.0.6"
tables: ["*"]
destinations: ["postgresql"]
# Vault specific configuration
spec:
vault_address: "<YOUR_VAULT_ADDRESS_HERE>"
# concurrency: 1000
Configuration Reference
This is the (nested) spec used by the Vault source plugin:
-
vault_address
(string, required*): The is the address of the Vault server. This should be a complete URL (including the port) such as"http://localhost:8200"
-
concurrency
(integer, optional. Default: 10000): Maximum number of concurrent requests to the Vault server.
Query Examples
List the current auth methods with lease times
SELECT
path, type, config->'default_lease_ttl' as default_lease_ttl, config->'max_lease_ttl' as max_lease_ttl
FROM
vault_sys_auths;