Skip to content

Vault Secrets in the GPC

The GPC allows the use of secrets only if they are injected by parameters (for Python scripts) or environment variables (for shell scripts or Python scripts) that are configured in the config.json file.

Password parameter in config.json example

The following is an example of a partial config file and shows how a password can be injected with a vault expression.

{
    "keys": {
        "tableau_script": {
            "script": "tableau_test.py",
            "parameters": {
                "PASSWORD": "#{vault://tableau/password}"
            },
            "export": [
                "success"
            ]
        }
    }
}

Do NOT add secrets to a script. If you put secrets in a script directly, use variables to resolve secrets, or place vault expressions in a script, that script will fail. The system will generate a warning message and ignore the input. This validation is a security measure to protect your toolchain credentials.