Apidog Docs

    logoPowered by Apidog

    Overview

    :::tip[]
    Vault secrets is available on Apidog Enterprise plan.
    :::

    When using Apidog, you can fetch secrets from external vaults such as Hashicorp Vault, Azure Key Vault and AWS Secrets Manager, and use them like global variables when sending requests.

    Administrators can configure integration with external vaults for teams and projects, and then users only need to log in with OAuth2.0 or enter their own access token to fetch secrets from the external vault.

    The fetched secrets are encrypted and stored in your local client, which is not shared with anyone.

    Configure vault providers

    • On the team resources page, multiple vault providers can be configured for the team. Different providers can be used for different projects of the team.

    SCR-20241212-qpuy.png

    • Within the project, you can customize the project's vault provider or use a team-configured provider.

    SCR-20241212-qihe.png

    Link and fetch secrets

    • Click the button next to the environment menu in the upper-right corner of the project and select Vault Secrets.
    • Enter a name for the secret, then click the value input box to configure the secret's metadata in the external vault, such as the engine, path, and key. Note that metadata formats vary depending on the vault provider.

    SCR-20241212-qinq.png

    • Click the Fetch Secrets button, then the secret will be fetched and stored encrypted in your local client.

    SCR-20241212-qipz.png

    Use secrets

    • Secrets can be used in any context where a variable is supported, following the syntax {{vault:key}}.

    SCR-20241212-qiuf.png

    • Within the script, you can use await pm.vault.get("key") to get the value of the secret. If you use console.log to print the value, the value will be masked.

    SCR-20241212-qjcj.png

    • The value of secrets will not be shared with others in the team, but the variable name and secret metadata will be shared. Therefore, team members do not need to reconfigure the secrets, but they must fetch them with the proper authorization. This approach strikes a balance between convenience and privacy in team collaboration.

    Advantages of using vaults for enterprises

    • Secure Storage of Secrets: Vaults provide a secure way to store sensitive information such as API keys, passwords, certificates, and tokens, ensuring that they are protected against unauthorized access.
    • Access Control: Vaults allow organizations to define strict access control policies, ensuring that only authorized users or services can access particular secrets.
    • Encryption: Vaults often provide built-in encryption to protect data both at rest and in transit, adding an extra layer of security.
    • Audit and Monitoring: Vaults offer auditing and monitoring capabilities to keep track of who accessed which secret and when. This helps in compliance and in detecting any unauthorized access attempts.
    • Integration with Other Services: Vaults are designed to integrate seamlessly with other cloud services (including Apidog) and DevOps tools, making it easy to manage secrets in a variety of environments.
    • Centralized Management: Vaults provide a centralized way to manage secrets across different applications, services, and environments, simplifying the overhead associated with secret management.
    • Risk Reduction: By reducing the chance of credentials being hardcoded into applications or leaking into source code, vaults help mitigate the risk of credential exposure.

    Prerequisites for vault secrets with Apidog

    • Secrets must already be stored in HashiCorp Vault, Azure Key Vault, or AWS Secrets Manager.
    • The organization or team already subscribed to the Apidog Enterprise Plan.
    Last modified: 3 hours ago