Secret configurations from files
Learn how to configure secrets for Piiano Vault securely by reading them from file
In some deployments, there is a security requirement for secrets, such as the database password, to be read from files instead of environment variables. This is considered more secure because environment variables are usually more exposed.
Vault supports reading sensitive configurations from files at startup. The following configurations are supported:
| Secret | Path | Environment variable |
|---|---|---|
| Database password | /etc/pvault/secrets/db_password/content | PVAULT_DB_PASSWORD |
| Admin API key | /etc/pvault/secrets/api_key/content | PVAULT_SERVICE_ADMIN_API_KEY |
| License | /etc/pvault/secrets/license/content | PVAULT_SERVICE_LICENSE |
note
Environment variables, if present, override the corresponding values in the default or custom system configuration file.