Skip to content

Secret provider setup example

This example shows how to set up a HashiCorp Vault secret and use it with a dbvr datasource. The same approach applies to other providers.

Enable KV secrets engine

  1. Open the Vault UI.
  2. Go to Secrets Engines -> Details.
  3. Click Enable new engine +.

  4. Select KV, set Path to secret, and click Enable Engine.

Tip

If KV is already enabled, reuse the existing mount path.

Create a secret

  1. Go to Secrets Engines -> secret.
  2. Click Create secret +.
  3. Enter name.

  4. Add key-value pairs.

  5. Click Save.

Configure secret manager in dbvr

Run secret-manager create with your Vault URL, auth type, and credentials:

dbvr secret-manager create \
  --vault.vaultUrl=https://vault.example.com \
  --vault.authType=TOKEN \
  --vault.token=s.mytoken \
  --vault.configurationId=vault-dev \
  --vault.configurationName="Vault Dev"

Tip

For other auth types (OAUTH2, USERNAME_PASSWORD) and all available options, see secret-manager create.

Create a datasource

Run datasource create with --secret-manager set to the configuration ID and --secret-name set to the secret path in Vault:

dbvr datasource create \
  --secret-manager vault-dev \
  --secret-name secret/dvdrental \
  [other flags]

Note

Secret name format depends on the provider. See Secret name format.

If the secret doesn't include all required fields (such as host or port), pass them as additional flags to datasource create.