Vault Secrets
01README
Pluggable secret providers for HashiCorp Vault, AWS Secrets Manager, and 1Password.
All providers support automatic rotation detection and lease renewal where the backend supports it. Configuration is validated at startup with clear error messages for missing credentials.
02Release Notes
New
- 1Password provider — reads secrets via 1Password CLI (
op)
Improved
- HashiCorp Vault provider now supports KV v2 secret engine
- AWS Secrets Manager provider caches lookups for 60s to reduce API calls
03Vaults
hashicorp-vaultconfigurable
vault-providerhashicorp.ts
hashicorp-vault secrets provider
Config Fields
| Field | Type | Description |
|---|---|---|
| address | string | Vault server URL (e.g. https://vault.example.com:8200) |
| token | string | Vault authentication token |
| namespace? | string | Vault namespace for enterprise deployments |
| mount_path? | string | KV secret engine mount path (default: secret) |
aws-secrets-managerconfigurable
vault-provideraws-secrets.ts
aws-secrets-manager secrets provider
Config Fields
| Field | Type | Description |
|---|---|---|
| region | string | AWS region for Secrets Manager API calls |
| cache_ttl? | number | Seconds to cache secret values (default: 60) |
onepasswordconfigurable
vault-provideronepassword.ts
onepassword secrets provider
Config Fields
| Field | Type | Description |
|---|---|---|
| vault | string | 1Password vault name |
| account? | string | 1Password account shorthand (e.g. my.1password.com) |
04Previous Versions
2026.01.05.0Mar 6, 2026
05Stats
Downloads
0
Archive size
201.0 KB
Not yet scored.
A score will be generated the next time this extension is published. The owner can also trigger scoring manually.
06Platforms
07Labels