HashiCorp Vault secret storage

Semaphore UI supports HashiCorp Vault as a storage for secrets.

You can provide the following options:

HashiCorp Vault URL — address of your Vault server.
Mount — the secrets engine mount path.
Token — authentication token. The token can be:
- Stored in the database.
- Provided via an environment variable.
- Provided via a file (useful for Vault Agent).

The storage can work in read-only mode.

How to use

Configure the HashiCorp Vault connection in the Semaphore settings (URL, mount path, and token).
When creating or editing a key in the Key Store, select HashiCorp Vault as the storage type.
Provide the secret path in Vault where the credential should be stored.

Variable Groups

HashiCorp Vault can also be used as a storage for Variable Groups. When editing a variable group, select HashiCorp Vault as the storage type and specify the path of the folder where secrets will be stored.

How to use​

Variable Groups​

How to use

Variable Groups