Back to source list
vault
Official
Premium

Vault

The CloudQuery Vault plugin pulls data from Vault and loads it into any supported CloudQuery destination.

Publisher

cloudquery

Latest version

v2.7.1

Type

Source

Platforms
Date Published

Price per 1M rows

Starting from $15

monthly free quota

1M rows

Set up process #


brew install cloudquery/tap/cloudquery

1. Download CLI and login

See installation options

2. Create source and destination configs

Plugin configuration

cloudquery sync vault.yml postgresql.yml

3. Run the sync

CloudQuery sync

Overview #

The CloudQuery Vault plugin pulls data from Vault and loads it into any supported CloudQuery destination (e.g. PostgreSQL, BigQuery, Snowflake, and more).

Authentication #

The plugin needs to be authenticated in order to sync information from your Vault server.
The plugin requires only read permissions (we will never make any changes to your vault server), so, following the principle of least privilege, it's recommended to grant it read-only permissions.
In order for CloudQuery to sync resources from your Vault server, you will need to obtain a Vault Token and configure the VAULT_TOKEN environment variable.

Example Configuration #

kind: source
# Common source-plugin configuration
spec:
  name: vault
  path: cloudquery/vault
  registry: cloudquery
  version: "v2.7.1"
  tables: ["*"]
  destinations: ["postgresql"]
  # Vault specific configuration
  # Learn more about the configuration options at https://cql.ink/vault_source
  spec:
    # required, address of the Vault server. Should be a complete URL (including the port), e.g. `http://localhost:8200`
    vault_address: "${VAULT_ADDRESS}"

Configuration Reference #

This is the (nested) spec used by the Vault source plugin.
  • vault_address (string) (required)
    Address of the Vault server. Should be a complete URL (including the port), e.g. http://localhost:8200.
  • concurrency (integer) (optional) (default: 10000)
    A best effort maximum number of Go routines to use. Lower this number to reduce memory usage.
  • scheduler (string) (optional) (default: dfs)
    The scheduler to use when determining the priority of resources to sync. Supported values are dfs (depth-first search), round-robin, shuffle and shuffle-queue.
    For more information about this, see performance tuning.

Query Examples

List the current auth methods with lease times #

SELECT 
  path, type, config->'default_lease_ttl' as default_lease_ttl, config->'max_lease_ttl' as max_lease_ttl 
FROM 
  vault_sys_auths;


Join our mailing list

Subscribe to our newsletter to make sure you don't miss any updates.

Legal

© 2024 CloudQuery, Inc. All rights reserved.

We use tracking cookies to understand how you use the product and help us improve it. Please accept cookies to help us improve. You can always opt out later via the link in the footer.