mirror of
https://github.com/openclaw/openclaw.git
synced 2026-07-10 00:11:19 +00:00
* Add Vault SecretRef plugin Signed-off-by: sallyom <somalley@redhat.com> * expand Vault setup to registered SecretRef targets Signed-off-by: sallyom <somalley@redhat.com> * fix(vault): use sdk secret target seam * fix(vault): preserve auth profile target paths * docs(vault): document plugin enable step * fix(vault): make status provider-alias aware * fix(vault): reject noncanonical secret ids * fix(vault): separate resolver timeout deadlines * fix(vault): forward private CA trust settings * fix(secrets): preserve plugin policy boundaries --------- Signed-off-by: sallyom <somalley@redhat.com> Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
47 lines
1.2 KiB
JSON
47 lines
1.2 KiB
JSON
{
|
|
"id": "vault",
|
|
"name": "Vault",
|
|
"description": "HashiCorp Vault SecretRef provider integration.",
|
|
"activation": {
|
|
"onStartup": false,
|
|
"onCommands": ["vault"]
|
|
},
|
|
"commandAliases": [
|
|
{
|
|
"name": "vault",
|
|
"kind": "cli"
|
|
}
|
|
],
|
|
"secretProviderIntegrations": {
|
|
"vault": {
|
|
"providerAlias": "vault",
|
|
"displayName": "HashiCorp Vault",
|
|
"description": "Resolve OpenClaw exec SecretRefs from HashiCorp Vault KV secrets.",
|
|
"source": "exec",
|
|
"command": "${node}",
|
|
"args": ["./vault-secret-ref-resolver.js"],
|
|
"timeoutMs": 15000,
|
|
"noOutputTimeoutMs": 15000,
|
|
"maxOutputBytes": 1048576,
|
|
"passEnv": [
|
|
"VAULT_ADDR",
|
|
"VAULT_TOKEN",
|
|
"VAULT_TOKEN_FILE",
|
|
"VAULT_NAMESPACE",
|
|
"OPENCLAW_VAULT_AUTH_METHOD",
|
|
"OPENCLAW_VAULT_AUTH_MOUNT",
|
|
"OPENCLAW_VAULT_AUTH_ROLE",
|
|
"OPENCLAW_VAULT_JWT_FILE",
|
|
"OPENCLAW_VAULT_KV_MOUNT",
|
|
"OPENCLAW_VAULT_KV_VERSION",
|
|
"NODE_EXTRA_CA_CERTS",
|
|
"NODE_USE_SYSTEM_CA"
|
|
]
|
|
}
|
|
},
|
|
"configSchema": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"properties": {}
|
|
}
|
|
}
|