Custom Vaults¶
Customers may opt to set up their own, externally-hosted vault services. Custom vaults offer a number of configurations, for example:
- Vault service URL: the address to a custom vault service, including a port number if necessary. This URL must be accessible by Automation if the custom vault configuration is not private.
- Vault service token: the authentication token for the vault service. The system stores the encrypted token in a vault. The token value is hidden from users after it has been saved.
- Vault path prefix: an optional directory structure to isolate Automation-related secrets from other secrets in a custom vault.
- Private vault service: an option to deactivate viewing, editing, creation, and deletion of secrets from the Automation UI and CLI. Secret values can still be used by recipes in private vault service configurations as long as the vault service is accessible in the environment where orders are run.
- Inheritable vault services: an option to allow child kitchens to inherit the vault. This setting is not available for global vaults.