Back to plugin list
Official
Premium
Vault
The CloudQuery Vault plugin pulls data from Vault and loads it into any supported CloudQuery destination.
Publisher
cloudquery
Latest version
v2.7.0
Type
Source
Platforms
Date Published
Price per 1M rows
Starting from $15
monthly free quota
1M rows
Set up process #
brew install cloudquery/tap/cloudquery
1. Download CLI and login
2. Create source and destination configs
Plugin configurationOverview #
The CloudQuery Vault plugin pulls data from Vault and loads it into any supported CloudQuery destination (e.g. PostgreSQL, BigQuery, Snowflake, and more).
Authentication #
The plugin needs to be authenticated in order to sync information from your Vault server.
The plugin requires only read permissions (we will never make any changes to your vault server), so, following the principle of least privilege, it's recommended to grant it read-only permissions.
In order for CloudQuery to sync resources from your Vault server,
you will need to obtain a Vault Token and configure the
VAULT_TOKEN
environment variable.Example Configuration #
kind: source
# Common source-plugin configuration
spec:
name: vault
path: cloudquery/vault
registry: cloudquery
version: "v2.7.0"
tables: ["*"]
destinations: ["postgresql"]
# Vault specific configuration
# Learn more about the configuration options at https://cql.ink/vault_source
spec:
# required, address of the Vault server. Should be a complete URL (including the port), e.g. `http://localhost:8200`
vault_address: "${VAULT_ADDRESS}"
Configuration Reference #
This is the (nested) spec used by the Vault source plugin.
vault_address
(string
) (required)Address of the Vault server. Should be a complete URL (including the port), e.g.http://localhost:8200
.concurrency
(integer
) (optional) (default:10000
)A best effort maximum number of Go routines to use. Lower this number to reduce memory usage.scheduler
(string
) (optional) (default:dfs
)The scheduler to use when determining the priority of resources to sync. Supported values aredfs
(depth-first search),round-robin
,shuffle
andshuffle-queue
.For more information about this, see performance tuning.
Query Examples
List the current auth methods with lease times #
SELECT
path, type, config->'default_lease_ttl' as default_lease_ttl, config->'max_lease_ttl' as max_lease_ttl
FROM
vault_sys_auths;