VaultConfigProvider - A Config Provider for reading Vault Secrets


I’ve recently released VaultConfigProvider, a Distillery 2.0 config provider for loading Vault secrets into application environment.

I wanted to have a drop in config provider I can use without compatibility issues and as a compliment to existing config providers. VaultConfigProvider should be broadly compatible with other config providers.

VaultConfigProvider meant to be run after other config providers. It scans the loaded application environment for values that match the following patterns and replaces those keys with the loaded values.

Secret addresses are matched against two formats:

  • String addresses:

    config :my_app, value: "secret:secret/path key=name"
  • keyword addresses with optional transformation:

    config :my_app, value: [path: "secret/path", key: "name", fun: &transform_fun/1]

I’m open to all your comments and thoughts, and they are more than welcome!

I hope you find at least interesting!