Vaults and Secrets

Vaults remotely store sensitive infrastructure and toolchain credentials as secure, encrypted secrets. Teams can use secrets as variables to build kitchens and recipes without needing to view the actual values.

DataOps Automation leverages v1.1 of HashiCorp's Vault.

You can configure vaults in a way that best suits your organization's operational and security needs. Vaults are ideal for associating kitchens with real-world environments like production, staging, and development.

Tip

DKCloudCommand option: Use the vault-info command in the command line interface.

Default or custom vaults

By default, customers have access to a secure vault hosted by DataKitchen. Default vaults do not require the configuration of connection settings.

You can choose to set up your own, externally-hosted vault services. Custom vaults offer a number of configuration options. For more information, see Custom Vaults.

Secrets priority

When the system processes an order run, it first looks to the kitchen vault for secret values. If a secret value is not found in a kitchen vault, the system looks to the global vault. If the system finds a value in the kitchen vault, it ignores any corresponding value in the global vault.

Visual example in Automation