You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
HashiCorp Vault is a widely-used tool for managing secrets, access tokens, encryption keys, and dynamic credentials.
Currently, Aspire supports environment-bound parameters (AddParameter(...)) and secrets via user-defined env vars, but lacks native support for a centralized secret store.
Adding a Vault integration would enable secure and flexible secret management for distributed apps using Aspire, supporting development and production parity.
Usage example
builder.AddVault("vault")
.WithToken("s.vault-token") // or link to secret parameter
.WithSecret("database-password", out var dbPassword);
Currently, developers have to run Vault externally and manually inject secrets as environment variables into Aspire projects. This results in duplication, potential leaks, and lack of shared secret orchestration within the Aspire application model.
Additional context
Vault supports secret engines like KV, dynamic DB credentials, PKI, and more. It would be a powerful addition to Aspire's growing ecosystem of observability and configuration tools.
Related to an existing integration?
Yes
Existing integration
ParameterResource / Environment configuration
Overview
HashiCorp Vault is a widely-used tool for managing secrets, access tokens, encryption keys, and dynamic credentials.
Currently, Aspire supports environment-bound parameters (
AddParameter(...)) and secrets via user-defined env vars, but lacks native support for a centralized secret store.Adding a Vault integration would enable secure and flexible secret management for distributed apps using Aspire, supporting development and production parity.
Usage example
builder.AddVault("vault")
.WithToken("s.vault-token") // or link to secret parameter
.WithSecret("database-password", out var dbPassword);
builder.AddPostgres("db")
.WithPassword(dbPassword);
Breaking change?
No
Alternatives
Currently, developers have to run Vault externally and manually inject secrets as environment variables into Aspire projects. This results in duplication, potential leaks, and lack of shared secret orchestration within the Aspire application model.
Additional context
Vault supports secret engines like KV, dynamic DB credentials, PKI, and more. It would be a powerful addition to Aspire's growing ecosystem of observability and configuration tools.
Docker image:
hashicorp/vault:1.15Website: https://www.vaultproject.io/
Help us help you
Yes, but only if others can assist
The text was updated successfully, but these errors were encountered: