Official

Premium

Vault source integration documentation

The CloudQuery Vault plugin pulls data from Vault and loads it into any supported CloudQuery destination.

Publisher

cloudquery

Latest version

v2.9.3

Type

Source

Platforms

Date Published

Start Syncing

Overview FIPS Licenses

Overview #

The CloudQuery Vault plugin pulls data from Vault and loads it into any supported CloudQuery destination (e.g. PostgreSQL, BigQuery, Snowflake, and more).

Authentication #

The plugin needs to be authenticated in order to sync information from your Vault server.

The plugin requires only read permissions (we will never make any changes to your vault server), so, following the principle of least privilege, it's recommended to grant it read-only permissions.

In order for CloudQuery to sync resources from your Vault server, you will need to obtain a Vault Token and configure the VAULT_TOKEN environment variable.

Example Configuration #

kind: source
# Common source-plugin configuration
spec:
  name: vault
  path: cloudquery/vault
  registry: cloudquery
  version: "v2.9.3"
  tables: ["*"]
  destinations: ["postgresql"]
  # Vault specific configuration
  # Learn more about the configuration options at https://cql.ink/vault_source
  spec:
    # required, address of the Vault server. Should be a complete URL (including the port), e.g. `http://localhost:8200`
    vault_address: "${VAULT_ADDRESS}"

Configuration Reference #

This is the (nested) spec used by the Vault source plugin.

vault_address (string) (required)
Address of the Vault server. Should be a complete URL (including the port), e.g. http://localhost:8200.
concurrency (integer) (optional) (default: 10000)
A best effort maximum number of Go routines to use. Lower this number to reduce memory usage.
scheduler (string) (optional) (default: dfs)
The scheduler to use when determining the priority of resources to sync. Supported values are dfs (depth-first search), round-robin, shuffle and shuffle-queue.
For more information about this, see performance tuning.

Query Examples

List the current auth methods with lease times #

SELECT 
  path, type, config->'default_lease_ttl' as default_lease_ttl, config->'max_lease_ttl' as max_lease_ttl 
FROM 
  vault_sys_auths;

FIPS #

A FIPS-compliant version of this plugin is available if your environment requires it. You may enable it by updating the version string in the configuration like this:

kind: source
spec:
  name: vault
  path: cloudquery/vault
  registry: cloudquery
  version: "v2.9.3-fips"
   ...

Licenses #

The following tools / packages are used in this plugin:

Name	License
github.com/adrg/xdg	MIT
github.com/apache/arrow/go/v13	Apache-2.0
github.com/apache/arrow-go/v18	Apache-2.0
github.com/apapsch/go-jsonmerge/v2	MIT
github.com/aws/aws-sdk-go-v2	Apache-2.0
github.com/aws/aws-sdk-go-v2/config	Apache-2.0
github.com/aws/aws-sdk-go-v2/credentials	Apache-2.0
github.com/aws/aws-sdk-go-v2/feature/ec2/imds	Apache-2.0
github.com/aws/aws-sdk-go-v2/internal/configsources	Apache-2.0
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2	Apache-2.0
github.com/aws/aws-sdk-go-v2/internal/ini	Apache-2.0
github.com/aws/aws-sdk-go-v2/internal/sync/singleflight	BSD-3-Clause
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding	Apache-2.0
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url	Apache-2.0
github.com/aws/aws-sdk-go-v2/service/licensemanager	Apache-2.0
github.com/aws/aws-sdk-go-v2/service/marketplacemetering	Apache-2.0
github.com/aws/aws-sdk-go-v2/service/sso	Apache-2.0
github.com/aws/aws-sdk-go-v2/service/ssooidc	Apache-2.0
github.com/aws/aws-sdk-go-v2/service/sts	Apache-2.0
github.com/aws/smithy-go	Apache-2.0
github.com/aws/smithy-go/internal/sync/singleflight	BSD-3-Clause
github.com/bahlo/generic-list-go	BSD-3-Clause
github.com/buger/jsonparser	MIT
github.com/cenkalti/backoff/v3	MIT
github.com/cenkalti/backoff/v4	MIT
github.com/cloudquery/cloudquery-api-go	MPL-2.0
github.com/cloudquery/plugin-pb-go	MPL-2.0
github.com/cloudquery/plugin-sdk/v2/internal/glob	MIT
github.com/cloudquery/plugin-sdk/v2/schema	MIT
github.com/cloudquery/plugin-sdk/v2/types	MPL-2.0
github.com/cloudquery/plugin-sdk/v4	MPL-2.0
github.com/cloudquery/plugin-sdk/v4/glob	MIT
github.com/cloudquery/plugin-sdk/v4/scalar	MIT
github.com/davecgh/go-spew/spew	ISC
github.com/ghodss/yaml	MIT
github.com/go-jose/go-jose/v4	Apache-2.0
github.com/go-jose/go-jose/v4/json	BSD-3-Clause
github.com/go-logr/logr	Apache-2.0
github.com/go-logr/stdr	Apache-2.0
github.com/goccy/go-json	MIT
github.com/golang/mock/gomock	Apache-2.0
github.com/google/flatbuffers/go	Apache-2.0
github.com/google/uuid	BSD-3-Clause
github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors	Apache-2.0
github.com/grpc-ecosystem/grpc-gateway/v2	BSD-3-Clause
github.com/hashicorp/errwrap	MPL-2.0
github.com/hashicorp/go-cleanhttp	MPL-2.0
github.com/hashicorp/go-multierror	MPL-2.0
github.com/hashicorp/go-retryablehttp	MPL-2.0
github.com/hashicorp/go-rootcerts	MPL-2.0
github.com/hashicorp/go-secure-stdlib/parseutil	MPL-2.0
github.com/hashicorp/go-secure-stdlib/strutil	MPL-2.0
github.com/hashicorp/go-sockaddr	MPL-2.0
github.com/hashicorp/hcl	MPL-2.0
github.com/hashicorp/vault/api	MPL-2.0
github.com/invopop/jsonschema	MIT
github.com/klauspost/compress	Apache-2.0
github.com/klauspost/compress/internal/snapref	BSD-3-Clause
github.com/klauspost/compress/zstd/internal/xxhash	MIT
github.com/mailru/easyjson	MIT
github.com/mattn/go-colorable	MIT
github.com/mattn/go-isatty	MIT
github.com/mitchellh/go-homedir	MIT
github.com/mitchellh/mapstructure	MIT
github.com/oapi-codegen/runtime	Apache-2.0
github.com/pierrec/lz4/v4	BSD-3-Clause
github.com/pmezard/go-difflib/difflib	BSD-3-Clause
github.com/rs/zerolog	MIT
github.com/ryanuber/go-glob	MIT
github.com/samber/lo	MIT
github.com/santhosh-tekuri/jsonschema/v6	Apache-2.0
github.com/spf13/cobra	Apache-2.0
github.com/spf13/pflag	BSD-3-Clause
github.com/stretchr/testify	MIT
github.com/thoas/go-funk	MIT
github.com/wk8/go-ordered-map/v2	Apache-2.0
github.com/zeebo/xxh3	BSD-2-Clause
go.opentelemetry.io/otel	Apache-2.0
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp	Apache-2.0
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp	Apache-2.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace	Apache-2.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	Apache-2.0
go.opentelemetry.io/otel/log	Apache-2.0
go.opentelemetry.io/otel/metric	Apache-2.0
go.opentelemetry.io/otel/sdk	Apache-2.0
go.opentelemetry.io/otel/sdk/log	Apache-2.0
go.opentelemetry.io/otel/sdk/metric	Apache-2.0
go.opentelemetry.io/otel/trace	Apache-2.0
go.opentelemetry.io/proto/otlp	Apache-2.0
golang.org/x/crypto/pbkdf2	BSD-3-Clause
golang.org/x/exp	BSD-3-Clause
golang.org/x/net	BSD-3-Clause
golang.org/x/sync	BSD-3-Clause
golang.org/x/sys	BSD-3-Clause
golang.org/x/text	BSD-3-Clause
golang.org/x/time/rate	BSD-3-Clause
golang.org/x/xerrors	BSD-3-Clause
google.golang.org/genproto/googleapis/api/httpbody	Apache-2.0
google.golang.org/genproto/googleapis/rpc/status	Apache-2.0
google.golang.org/grpc	Apache-2.0
google.golang.org/protobuf	BSD-3-Clause
gopkg.in/yaml.v2	Apache-2.0
gopkg.in/yaml.v3	MIT

Loading plugin documentation

Overview #

The CloudQuery Vault plugin pulls data from Vault and loads it into any supported CloudQuery destination (e.g. PostgreSQL, BigQuery, Snowflake, and more).

Authentication #

The plugin needs to be authenticated in order to sync information from your Vault server.

The plugin requires only read permissions (we will never make any changes to your vault server), so, following the principle of least privilege, it's recommended to grant it read-only permissions.

In order for CloudQuery to sync resources from your Vault server, you will need to obtain a Vault Token and configure the VAULT_TOKEN environment variable.

Example Configuration #

kind: source
# Common source-plugin configuration
spec:
  name: vault
  path: cloudquery/vault
  registry: cloudquery
  version: "v2.9.3"
  tables: ["*"]
  destinations: ["postgresql"]
  # Vault specific configuration
  # Learn more about the configuration options at https://cql.ink/vault_source
  spec:
    # required, address of the Vault server. Should be a complete URL (including the port), e.g. `http://localhost:8200`
    vault_address: "${VAULT_ADDRESS}"

Configuration Reference #

This is the (nested) spec used by the Vault source plugin.

vault_address (string) (required)
Address of the Vault server. Should be a complete URL (including the port), e.g. http://localhost:8200.
concurrency (integer) (optional) (default: 10000)
A best effort maximum number of Go routines to use. Lower this number to reduce memory usage.
scheduler (string) (optional) (default: dfs)
The scheduler to use when determining the priority of resources to sync. Supported values are dfs (depth-first search), round-robin, shuffle and shuffle-queue.
For more information about this, see performance tuning.

Query Examples

List the current auth methods with lease times #

SELECT 
  path, type, config->'default_lease_ttl' as default_lease_ttl, config->'max_lease_ttl' as max_lease_ttl 
FROM 
  vault_sys_auths;

Name

License

github.com/adrg/xdg

MIT

github.com/apache/arrow/go/v13

Apache-2.0

github.com/apache/arrow-go/v18

Apache-2.0

github.com/apapsch/go-jsonmerge/v2

MIT

github.com/aws/aws-sdk-go-v2

Apache-2.0

github.com/aws/aws-sdk-go-v2/config

Apache-2.0

github.com/aws/aws-sdk-go-v2/credentials

Apache-2.0

github.com/aws/aws-sdk-go-v2/feature/ec2/imds

Apache-2.0

github.com/aws/aws-sdk-go-v2/internal/configsources

Apache-2.0

github.com/aws/aws-sdk-go-v2/internal/endpoints/v2

Apache-2.0

github.com/aws/aws-sdk-go-v2/internal/ini

Apache-2.0

github.com/aws/aws-sdk-go-v2/internal/sync/singleflight

BSD-3-Clause

github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding

Apache-2.0

github.com/aws/aws-sdk-go-v2/service/internal/presigned-url

Apache-2.0

github.com/aws/aws-sdk-go-v2/service/licensemanager

Apache-2.0

github.com/aws/aws-sdk-go-v2/service/marketplacemetering

Apache-2.0

github.com/aws/aws-sdk-go-v2/service/sso

Apache-2.0

github.com/aws/aws-sdk-go-v2/service/ssooidc

Apache-2.0

github.com/aws/aws-sdk-go-v2/service/sts

Apache-2.0

github.com/aws/smithy-go

Apache-2.0

github.com/aws/smithy-go/internal/sync/singleflight

BSD-3-Clause

github.com/bahlo/generic-list-go

BSD-3-Clause

github.com/buger/jsonparser

MIT

github.com/cenkalti/backoff/v3

MIT

github.com/cenkalti/backoff/v4

MIT

github.com/cloudquery/cloudquery-api-go

MPL-2.0

github.com/cloudquery/plugin-pb-go

MPL-2.0

github.com/cloudquery/plugin-sdk/v2/internal/glob

MIT

github.com/cloudquery/plugin-sdk/v2/schema

MIT

github.com/cloudquery/plugin-sdk/v2/types

MPL-2.0

github.com/cloudquery/plugin-sdk/v4

MPL-2.0

github.com/cloudquery/plugin-sdk/v4/glob

MIT

github.com/cloudquery/plugin-sdk/v4/scalar

MIT

github.com/davecgh/go-spew/spew

ISC

github.com/ghodss/yaml

MIT

github.com/go-jose/go-jose/v4

Apache-2.0

github.com/go-jose/go-jose/v4/json

BSD-3-Clause

github.com/go-logr/logr

Apache-2.0

github.com/go-logr/stdr

Apache-2.0

github.com/goccy/go-json

MIT

github.com/golang/mock/gomock

Apache-2.0

github.com/google/flatbuffers/go

Apache-2.0

github.com/google/uuid

BSD-3-Clause

github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors

Apache-2.0

github.com/grpc-ecosystem/grpc-gateway/v2

BSD-3-Clause

github.com/hashicorp/errwrap

MPL-2.0

github.com/hashicorp/go-cleanhttp

MPL-2.0

github.com/hashicorp/go-multierror

MPL-2.0

github.com/hashicorp/go-retryablehttp

MPL-2.0

github.com/hashicorp/go-rootcerts

MPL-2.0

github.com/hashicorp/go-secure-stdlib/parseutil

MPL-2.0

github.com/hashicorp/go-secure-stdlib/strutil

MPL-2.0

github.com/hashicorp/go-sockaddr

MPL-2.0

github.com/hashicorp/hcl

MPL-2.0

github.com/hashicorp/vault/api

MPL-2.0

github.com/invopop/jsonschema

MIT

github.com/klauspost/compress

Apache-2.0

github.com/klauspost/compress/internal/snapref

BSD-3-Clause

github.com/klauspost/compress/zstd/internal/xxhash

MIT

github.com/mailru/easyjson

MIT

github.com/mattn/go-colorable

MIT

github.com/mattn/go-isatty

MIT

github.com/mitchellh/go-homedir

MIT

github.com/mitchellh/mapstructure

MIT

github.com/oapi-codegen/runtime

Apache-2.0

github.com/pierrec/lz4/v4

BSD-3-Clause

github.com/pmezard/go-difflib/difflib

BSD-3-Clause

github.com/rs/zerolog

MIT

github.com/ryanuber/go-glob

MIT

github.com/samber/lo

MIT

github.com/santhosh-tekuri/jsonschema/v6

Apache-2.0

github.com/spf13/cobra

Apache-2.0

github.com/spf13/pflag

BSD-3-Clause

github.com/stretchr/testify

MIT

github.com/thoas/go-funk

MIT

github.com/wk8/go-ordered-map/v2

Apache-2.0

github.com/zeebo/xxh3

BSD-2-Clause

go.opentelemetry.io/otel

Apache-2.0

go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp

Apache-2.0

go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp

Apache-2.0

go.opentelemetry.io/otel/exporters/otlp/otlptrace

Apache-2.0

go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp

Apache-2.0

go.opentelemetry.io/otel/log

Apache-2.0

go.opentelemetry.io/otel/metric

Apache-2.0

go.opentelemetry.io/otel/sdk

Apache-2.0

go.opentelemetry.io/otel/sdk/log

Apache-2.0

go.opentelemetry.io/otel/sdk/metric

Apache-2.0

go.opentelemetry.io/otel/trace

Apache-2.0

go.opentelemetry.io/proto/otlp

Apache-2.0

golang.org/x/crypto/pbkdf2

BSD-3-Clause

golang.org/x/exp

BSD-3-Clause

golang.org/x/net

BSD-3-Clause

golang.org/x/sync

BSD-3-Clause

golang.org/x/sys

BSD-3-Clause

golang.org/x/text

BSD-3-Clause

golang.org/x/time/rate

BSD-3-Clause

golang.org/x/xerrors

BSD-3-Clause

google.golang.org/genproto/googleapis/api/httpbody

Apache-2.0

google.golang.org/genproto/googleapis/rpc/status

Apache-2.0

google.golang.org/grpc

Apache-2.0

google.golang.org/protobuf

BSD-3-Clause

gopkg.in/yaml.v2

Apache-2.0

gopkg.in/yaml.v3

MIT

CloudOps

Vault source integration documentation

Overview #

Authentication #

Example Configuration #

Configuration Reference #

Query Examples

List the current auth methods with lease times #

FIPS #

Overview #

Authentication #

Example Configuration #

Configuration Reference #

Query Examples

List the current auth methods with lease times #

FIPS #