# Hashicorp Vault variable resolver ### Functionality This variable resolver can retrieve secrets from a [Hashicorp Vault](https://www.vaultproject.io/). Here are the options to use: * Vault address: The base address and port of the Vault server (for example: ) * Vault token: The token to use to authenticate * Validate HTTPS connections?: It’s recommended to enable connection validation in production. This secures the connection with the X.509 certificate specified in one of either next option. * PEM file path: The name of the file (VFS) containing the X.509 certificate string * PEM string: The X.509 string itself in case you’re not using a file * Open connection timeout: The connection timeout when getting a http(s) connection in milliseconds. * Read connection timeout: The timeout in milliseconds when reading. The variable expression you can resolve with this plugin type is (as always) in the following format: `#{name:path-key:value-key}` * name: the name of the variable resolver metadata element to use * path-key: the path to the secret in the Vault. * value-key: the key of the value to retrieve. In case we don’t specify a `value-key`, you will give back the complete JSON string of the secret. ### Example Suppose we have a secret defined in the Vault, in a KV secrets engine: image:metadata-types/variable-resolver/vault-variable-resolver-server.png We can define a connection called `vault` and retrieve values with expressions: * `#{vault:hop/data/some-db:hostname}` : localhost * `#{vault:hop/data/some-db:username}` : john * `#{vault:hop/data/some-db}` : `{"db":"test","hostname":"localhost","password":"some-password","port":"3306","username":"john"}` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.primeur.com/data-shaper-1.21/knowing-the-data-shaper-designer/index-2/index/vault-variable-resolver.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.