HashiCorp Vault
Environment variables for HashiCorp Vault integration. When enabled, SSH keys and HTTPS passwords for git sources are stored in Vault KV v2 instead of plain text. Disabled by default – enabled automatically when auth credentials are present.
Authentication
| Name | Description | Required | Type |
|---|---|---|---|
VAULT_TOKEN | Static Vault token for authentication. Recommended for local development and simple setups. Takes priority over AppRole credentials when both are set. Example: getapp-vault-token | false | string |
VAULT_ROLE_ID | AppRole Role ID for Vault authentication. Must be set together with VAULT_SECRET_ID. Recommended for production environments. | false | string |
VAULT_SECRET_ID | AppRole Secret ID for Vault authentication. Must be set together with VAULT_ROLE_ID. Recommended for production environments. | false | string |
Miscellaneous
| Name | Description | Required | Type |
|---|---|---|---|
VAULT_ADDR | Address of the HashiCorp Vault server. Defaults to http://vault:8200, which matches the Docker Compose service name and a Kubernetes service named 'vault' in the same namespace. Example: http://vault:8200 | false | string Default: http://vault:8200 |
VAULT_MOUNT_PATH | KV v2 mount path used to store git credentials. The mount is created automatically on startup if it does not exist. Example: getapp-secrets | false | string Default: getapp-secrets |