Overview
:::tip[]
Vault secrets is available on Apidog Enterprise plan.
:::
When using Apidog, you can fetch secrets from external vaults such as HashiCorp Vault, Azure Key Vault and AWS Secrets Manager, and use them like global variables when sending requests.
Administrators can configure integration with external vaults for teams and projects, and then users only need to log in with OAuth2.0 or enter their own access token to fetch secrets from the external vault.
The fetched secrets are encrypted and stored in your local client, ensuring they remain private and are not shared with anyone.
Configure vault providers
- On the team resources page, you can configure multiple vault providers for your team. Each provider can be assigned to different projects based on requirements.
- Within the project, you have the option to either customize the vault provider for that specific project or use a provider configured at the team level.
Learn more details here:
Link and fetch secrets
- Click the button next to the environment menu (upper-right corner of the project) and select
Vault Secrets
. - In the
value
input box, configure the metadata for the secret stored in the external vault (e.g., engine, path, key). The required metadata varies depending on the vault provider.
- Click
Fetch Secrets
to fetch the secret, which will be securely encrypted and stored on your local client.
Use secrets
- Secrets can be used in any context where a variable is supported, following the syntax
{{vault:key}}
.
- Within the script, you can use
await pm.vault.get("key")
to get the value of the secret. If you useconsole.log
to print the value, the value will be masked.
- Secret values are never shared with team members. However, variable names and metadata are shared to eliminate the need for reconfiguration. Team members can fetch the secrets using proper authorization, ensuring a balance between collaboration and privacy.
Advantages of using vaults for enterprises
- Secure Storage of Secrets: Vaults provide a secure way to store sensitive information such as API keys, passwords, certificates, and tokens, ensuring that they are protected against unauthorized access.
- Access Control: Vaults allow organizations to define strict access control policies, ensuring that only authorized users or services can access particular secrets.
- Encryption: Vaults often provide built-in encryption to protect data both at rest and in transit, adding an extra layer of security.
- Auditing and Monitoring: Vaults offer auditing and monitoring capabilities to keep track of who accessed which secret and when. This helps in compliance and in detecting any unauthorized access attempts.
- Integration with Other Services: Vaults are designed to integrate seamlessly with other cloud services (including Apidog) and DevOps tools, making it easy to manage secrets in a variety of environments.
- Centralized Management: Vaults provide a centralized way to manage secrets across different applications, services, and environments, simplifying the overhead associated with secret management.
- Risk Reduction: By reducing the chance of credentials being hardcoded into applications or leaking into source code, vaults help mitigate the risk of credential exposure.
Prerequisites for vault secrets with Apidog
- Secrets must already be stored in HashiCorp Vault, Azure Key Vault, or AWS Secrets Manager.
- The organization or team must be subscribed to the Apidog Enterprise Plan.
[updatedIn] 6 days ago
Configure vault providers
Link and fetch secrets
Use secrets
Advantages of using vaults for enterprises
Prerequisites for vault secrets with Apidog