To configure the mfsecretsaws vault, edit the secrets.cfg file to include values for the provider name, authorization credentials, geographical region endpoint, optional secrets base paths, and secret recovery and polling options.
The following is an example configuration file for the mfsecretsaws vault provider:
[awsvault] # This should be the name of the provider so/dll. No file extension # required. provider name=mfsecretsaws # The geographical region endpoint region=us-east-2 # AWS credentials required to authenticate a connection access_key= secret_access_key= # Optional path to store and access all secrets under secrets_base_path= # Optional secret recovery window, between 7 and 30 days inclusive # Recommended: leave as 0 if using mfsecrets with Enterprise Developer recovery_window=0 # Polling options for deleted secrets polling # Maximum times to poll a secret waiting to be deleted maximum_polls_delete=20 # Time in seconds between polls time_between_polls_delete=3 # Polling options for written secrets polling # Maximum times to poll a secret waiting to be written maximum_polls_write=10 # Time in milliseconds between polls time_between_polls_write=500
See Vault Providers for more information.