Skip to content

Configure Custom Vault

A custom vault can be set up as the global vault and kitchen vault.

Connect a custom vault

  1. Navigate to a Configure Vault dialog.
    • Step 5 of the kitchen creation process is dedicated to vault configuration.
    • Open a kitchen, then select Secrets from the green menu. Depending on which vault you want to customize, click Configure Vault in either the Global Secrets or Kitchen Secrets section.
  2. Select Custom as the vault service.

  3. Complete the * required fields at a minimum.

    • Vault Service URL: Enter the address to your custom vault service, including a port number if necessary.

      Note that this URL must be accessible by Automation if the custom vault configuration is not private.

    • Vault Service Token: Enter the authentication token for your vault service.

      If this token is set to periodically expire, you must either renew the token or update its value.

    • Vault Path Prefix: Enter an optional directory structure to isolate Automation-related secrets from other secrets in your vault.

      Vault paths follow the structure secret/[some path prefix]/[path]. When you denote the path prefix value here, you do not need to include it in the secret path.

    • Private vault service: Check this checkbox to prevent users from viewing, editing, creating, and deleting secrets from the Automation UI and command line.

    • Inheritable vault services: Check this checkbox to allow child kitchens to inherit a custom kitchen vault.

      This setting is not available for global vaults.

  4. Finish creating your kitchen or click Update in the Configure Vault dialog.

Disconnect a custom vault

To deactivate or disconnect a custom global vault or custom kitchen vault, open your kitchen, then select Secrets from the green menu. Depending on which vault you want to update, click Configure Vault in either the Global Secrets or Kitchen Secrets section. Select an option other than Custom.