Back to plugin list
vault
Official
Premium

Vault

The CloudQuery Vault plugin pulls data from Vault and loads it into any supported CloudQuery destination.

Publisher

cloudquery

Latest version

v2.2.1

Type

Source

Platforms
Date Published

Price per 1M rows

Starting from $15

monthly free quota

1M rows

Set up process


brew install cloudquery/tap/cloudquery

1. Download CLI and login

See installation options

2. Create source and destination configs

Plugin configuration

cloudquery sync vault.yml postgresql.yml

3. Run the sync

CloudQuery sync

Overview

The CloudQuery Vault plugin pulls data from Vault and loads it into any supported CloudQuery destination (e.g. PostgreSQL, BigQuery, Snowflake, and more).

Authentication

The plugin needs to be authenticated in order to sync information from your Vault server.
The plugin requires only read permissions (we will never make any changes to your vault server), so, following the principle of least privilege, it's recommended to grant it read-only permissions.
In order for CloudQuery to sync resources from your Vault server, you will need to obtain a Vault Token and configure the VAULT_TOKEN environment variable.

Example Configuration

kind: source
# Common source-plugin configuration
spec:
  name: vault
  path: cloudquery/vault
  registry: cloudquery
  version: "v2.2.1"
  tables: ["*"]
  destinations: ["postgresql"]
  # Vault specific configuration
  spec:
    # required, address of the Vault server. Should be a complete URL (including the port), e.g. `http://localhost:8200`
    vault_address: "${VAULT_ADDRESS}"

Configuration Reference

This is the (nested) spec used by the Vault source plugin.
  • vault_address (string) (required)
    Address of the Vault server. Should be a complete URL (including the port), e.g. http://localhost:8200.
  • concurrency (integer) (optional) (default: 10000)
    Maximum number of concurrent requests to the Vault server.

Query Examples

List the current auth methods with lease times

SELECT 
  path, type, config->'default_lease_ttl' as default_lease_ttl, config->'max_lease_ttl' as max_lease_ttl 
FROM 
  vault_sys_auths;


Subscribe to product updates

Be the first to know about new features.