openclaw/extensions/vault/openclaw.plugin.json
Sally O'Malley e595a8c0ac
Add Vault SecretRef plugin (#89255)
* Add Vault SecretRef plugin

Signed-off-by: sallyom <somalley@redhat.com>

* expand Vault setup to registered SecretRef targets

Signed-off-by: sallyom <somalley@redhat.com>

* fix(vault): use sdk secret target seam

* fix(vault): preserve auth profile target paths

* docs(vault): document plugin enable step

* fix(vault): make status provider-alias aware

* fix(vault): reject noncanonical secret ids

* fix(vault): separate resolver timeout deadlines

* fix(vault): forward private CA trust settings

* fix(secrets): preserve plugin policy boundaries

---------

Signed-off-by: sallyom <somalley@redhat.com>
Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
2026-07-09 05:30:12 -05:00

47 lines
1.2 KiB
JSON

{
"id": "vault",
"name": "Vault",
"description": "HashiCorp Vault SecretRef provider integration.",
"activation": {
"onStartup": false,
"onCommands": ["vault"]
},
"commandAliases": [
{
"name": "vault",
"kind": "cli"
}
],
"secretProviderIntegrations": {
"vault": {
"providerAlias": "vault",
"displayName": "HashiCorp Vault",
"description": "Resolve OpenClaw exec SecretRefs from HashiCorp Vault KV secrets.",
"source": "exec",
"command": "${node}",
"args": ["./vault-secret-ref-resolver.js"],
"timeoutMs": 15000,
"noOutputTimeoutMs": 15000,
"maxOutputBytes": 1048576,
"passEnv": [
"VAULT_ADDR",
"VAULT_TOKEN",
"VAULT_TOKEN_FILE",
"VAULT_NAMESPACE",
"OPENCLAW_VAULT_AUTH_METHOD",
"OPENCLAW_VAULT_AUTH_MOUNT",
"OPENCLAW_VAULT_AUTH_ROLE",
"OPENCLAW_VAULT_JWT_FILE",
"OPENCLAW_VAULT_KV_MOUNT",
"OPENCLAW_VAULT_KV_VERSION",
"NODE_EXTRA_CA_CERTS",
"NODE_USE_SYSTEM_CA"
]
}
},
"configSchema": {
"type": "object",
"additionalProperties": false,
"properties": {}
}
}