Skip to main content

Secret configurations from files

Learn how to configure secrets for Piiano Vault securely by reading them from file

In some deployments, there is a security requirement for secrets, such as the database password, to be read from files instead of environment variables. This is considered more secure because environment variables are usually more exposed.

Vault supports reading sensitive configurations from files at startup. The following configurations are supported:

SecretPathEnvironment variable
Database password/etc/pvault/secrets/db_password/contentPVAULT_DB_PASSWORD
Admin API key/etc/pvault/secrets/api_key/contentPVAULT_SERVICE_ADMIN_API_KEY

Environment variables, if present, override the corresponding values in the default or custom system configuration file.

On this page