ZenML Documentation
Home
Blog
GitHub
Search…
0.12.0
Getting Started
Introduction
Core Concepts
Installation
Quickstart
Examples & Use-Cases
Learn MLOps with ZenML (ZenBytes)
See Full ZenML Examples (ZenFiles)
See Integration Examples
Developer Guide
Steps & Pipelines
Stacks, Profiles, Repositories
Advanced Usage
MLOps Stacks
Categories of MLOps Tools
Integration Overview
Orchestrators
Artifact Stores
Metadata Stores
Container Registries
Secrets Managers
Local Secrets Manager
AWS Secrets Manager
Google Cloud Secrets Manager
Azure Secrets Manager
Github Secrets Manager
HashiCorp Vault Secrets Manager
Develop a Custom Secrets Manager
Data Validators
Experiment Trackers
Model Deployers
Step Operators
Alerters
Feature Stores
Annotators
Cloud Guide
Overview: Options for Deploying Infrastructure
AWS
GCP
Azure
Collaborate
Collaborate with ZenML
Export/Import Stacks
Share Stacks and Profiles via ZenStores
Organization-Wide Collaboration with ZenServer
Resources
Join the Slack Community
Community Events
Blog
Podcast
YouTube
Newsletter
Roadmap
Contribution Guide
External Integration Guide
Best Practices
Global Configuration
System Environmental Variables
Usage Analytics
FAQ
Reference
Glossary
CLI Cheat Sheet
CLI Reference
API Reference
Powered By
GitBook
HashiCorp Vault Secrets Manager
How to store secrets in HashiCorp Vault
The HashiCorp Vault secrets manager is a
secrets manager
flavor provided with the ZenML
vault
integration that uses
HashiCorp Vault
to store secrets.
When to use it
You should use the HashiCorp Vault secrets manager if:
a component of your stack requires a secret for authentication or you want to use secrets inside your steps.
you're already using HashiCorp Vault to store your secrets or want a self-hosted secrets solution.
How to deploy it
To get started with this secrets manager, you need to either:
​
self-host a Vault server
​
​
register for the managed HashiCorp Cloud Platform Vault
​
Once you decided and finished setting up one of the two solutions, you need to enable the
KV Secrets Engine - Version 2
.
How to use it
To use the Vault secrets manager, we need:
The ZenML
vault
integration installed. If you haven't done so, run
zenml integration
install
vault
The Vault server URL and KV Secrets Engine v2 endpoint.
A client token to authenticate with the Vault server. Follow
this tutorial
to generate one.
We can then register the secrets manager and use it in our active stack:
zenml secrets-manager register
<
NAME
>
\
--flavor
=
vault
\
--url
=<
VAULT_SERVER_URL
>
\
--token
=<
VAULT_TOKEN
>
\
--mount_point
=<
PATH_TO_KV_V2_ENGINE
>
​
# Add the secrets manager to the active stack
zenml stack update -x
<
NAME
>
You can now
register, update or delete secrets
using the CLI or
fetch secret values inside your steps
.
You can use
secret scoping
with the Vault Secrets Manager to manage multiple Secrets Manager namespaces on top of a single Vault service instance.
A concrete example of using the HashiCorp Vault secrets manager can be found
here
.
For more information and a full list of configurable attributes of the HashiCorp Vault secrets manager, check out the
API Docs
.
Previous
Github Secrets Manager
Next
Develop a Custom Secrets Manager
Last modified
7d ago
Copy link
Outline
When to use it
How to deploy it
How to use it