Vault

Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Vault handles leasing, key revocation, key rolling, auditing, and provides secrets as a service through a unified API.

Object Representation (YAML)

id: String
name: String
tool_version: String
type: String
depends: [String]
tags: [String]
condition: Boolean
each: Array
verbosity: String
ignore_errors: Boolean
properties:
  suppress_data: Boolean
  credential_id: String
  server_address: String
  agent_address: String
  namespace: String
  credential: String
  secret_engine: String
  role: String
  path: String
  key: String
  kv_secret_version: String
  tls_skip_verify: Boolean
  extra_options: String

Fields

PropertyDetails
id *

String

A unique identifier for the step.

Can contain hyphens and underscores, but not spaces.

name *

String

A friendly name for the step. This name will appear in the pipeline designer and run output.

tool_version

String

The version to use. This version is only installed for the subprocess run by the step, and will not propagate to other operating system sessions.

type *

String

The type of the step. Can be pipeline or a step module type.

depends[]

[String]

A list of dependencies of this step.

This step will not be executed until all steps with ids in this list are finished executing.

tags[]

[String]

Tags are used to group related steps. Steps with the same tag can be retrieved using the findStepsByTag() helper function.

Can contain hyphens and underscores, but not spaces.

condition

Boolean

An expression which is evaluated before the step executes. If it evaluates to false, the step will be skipped. The step.result.status field will be "Skipped".

each

Array

An array of elements to execute the step once for each of them.

verbosity

String

Step event verbosity. Determines how much information about step execution is sent back to the application.

ignore_errors

Boolean

If true, errors in the step module will not halt pipeline execution, and subsequent steps will still be executed. The step.result.status field will be "Failed" if the step encounters an error.

properties.suppress_data

Boolean

If true, the secret data will not be available in the pipeline step result.

properties.credential_id

String

The ID of the output Refactr credential. This ID can be used in subsequent steps with the credential(id) filter to retrieve the secret data.

properties.server_address *

String

The HTTP address of the vault server.

properties.agent_address

String

The HTTP address of the agent.

properties.namespace

String

The namespace to use for the command.

properties.credential *

String

The Refactr credential to use for authenticating with the Vault server. This property supports username/password, API token, and Vault AppRole credential types.

properties.secret_engine *

String

The secret engine to use. One of aws, kv, or cubbhyhole.

properties.role

String

The secret role to retrive, when using the aws secret engine.

properties.path

String

The path to the secret storage.

properties.key

String

The key of the secret to retrieve, when using the kv secret engine.

properties.kv_secret_version

String

The version of the secret to retrieve, when using the kv secret engine.

properties.tls_skip_verify

Boolean

If true, TLS certificate validation errors will be ignored.

properties.extra_options

String

Extra options that will be provided to vault command.

Result Fields

The following are the step execution result fields available at steps.<step id>.result after a step executes.

KeyDetails
result.status

String

A string indicating the step execution status. Can be Succeeded, Failed, or Skipped.

result.exit_code

Number

Exit code of the vault process.

result.stdout

String

Stdout of the vault process.

result.stderr

String

Stderr of the vault process.

result.data

String

The secret data. The structure of this data depends on the secret engine.