open-vault/website/content/docs/plugins/index.mdx

---
layout: docs
page_title: Plugin System
description: Learn about Vault's plugin system.
---


# Plugin System

All Vault auth methods and secrets engines are considered plugins. This concept
allows both built-in and external plugins to be treated like building blocks.
Any plugin can exist at multiple different mount paths. Different versions of a
plugin may be at each location, with each version differing from Vault's
version.

## Built-In Plugins

Built-in plugins are shipped with Vault, often for commonly used implementations,
and require no additional operator intervention to run. Built-in plugins are
just like any other backend code inside Vault.

To use a different or edited version of a built-in plugin, the plugin must be
run as an external plugin. See [Overriding Built-in Plugins](/docs/upgrading/plugins#overriding-built-in-plugins)
for details on how to override a built-in plugin in-place.

## External Plugins

External plugins are not shipped with Vault and require additional operator
intervention to run.

To run an external plugin, a binary of the plugin is required. Plugin
binaries can be obtained from [releases.hashicorp.com](https://releases.hashicorp.com/)
or they can be [built from source](/docs/plugins/plugin-development#building-a-plugin-from-source).

Vault's external plugins are completely separate, standalone applications that
Vault executes and communicates with over RPC. Each time a Vault secret engine
or auth method is mounted, a new process is spawned. However, plugins can be
made to implement [plugin multiplexing](/docs/plugins/plugin-architecture#plugin-multiplexing)
to improve performance. Plugin multiplexing allows plugin processes to be
reused across all mounts of a given type.
docs/multiplexing: overhaul plugin documentation (#14509) * docs/multiplexing: overhaul plugin documentation * update nav data * remove dupe nav data * add external plugin section to index * move custom plugin backends under internals/plugins * remove ref to moved page * revert moving custom plugin backends * add building plugins from source section to plug dev * add mux section to plugin arch * add mux section to custom plugin page * reorder custom database page * use 'external plugin' where appropriate * add link to plugin multiplexing * fix example serve multiplex func call * address review comments * address review comments * Minor format updates (#14590) * mv Plugins to top-level; update upgrading plugins * update links after changing paths * add section on external plugin scaling characteristics * add updates on plugin registration in plugin management page * add plugin learn resource * be more explicit about mux upgrade steps; add notes on when to avoid db muxing * add plugin upgrade built-in section * add caveats to built-in plugin upgrade * improvements to built-in plugin override * formatting, add redirects, correct multiplexing use case * fix go-plugin link * Apply suggestions from code review Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com> * remove single item list; add link to Database interface Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com> Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com> 2022-03-22 20:07:32 +00:00			`---`
			`layout: docs`
			`page_title: Plugin System`
			`description: Learn about Vault's plugin system.`
			`---`


			`# Plugin System`

docs: update plugin docs for secrets/auth multiplexing (#16923) * docs: update plugin docs for secrets/auth multiplexing * update index * update plugin development * fix spacing in code snippet * update links to multiplexing resources * add note on sdk version and update db example text * Update website/content/docs/plugins/plugin-architecture.mdx Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com> * reword index intro * Update website/content/docs/plugins/plugin-development.mdx Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com> * Update website/content/docs/plugins/plugin-development.mdx Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com> * remove word and fix code format Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com> 2022-08-31 18:21:20 +00:00			`All Vault auth methods and secrets engines are considered plugins. This concept`
			`allows both built-in and external plugins to be treated like building blocks.`
			`Any plugin can exist at multiple different mount paths. Different versions of a`
			`plugin may be at each location, with each version differing from Vault's`
			`version.`
Vault 3992 documentation changes (#14918) * doc changes * adding config changes * adding chnages to plugins * using include * making doc changes * adding newline 2022-04-08 19:27:04 +00:00
docs/multiplexing: overhaul plugin documentation (#14509) * docs/multiplexing: overhaul plugin documentation * update nav data * remove dupe nav data * add external plugin section to index * move custom plugin backends under internals/plugins * remove ref to moved page * revert moving custom plugin backends * add building plugins from source section to plug dev * add mux section to plugin arch * add mux section to custom plugin page * reorder custom database page * use 'external plugin' where appropriate * add link to plugin multiplexing * fix example serve multiplex func call * address review comments * address review comments * Minor format updates (#14590) * mv Plugins to top-level; update upgrading plugins * update links after changing paths * add section on external plugin scaling characteristics * add updates on plugin registration in plugin management page * add plugin learn resource * be more explicit about mux upgrade steps; add notes on when to avoid db muxing * add plugin upgrade built-in section * add caveats to built-in plugin upgrade * improvements to built-in plugin override * formatting, add redirects, correct multiplexing use case * fix go-plugin link * Apply suggestions from code review Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com> * remove single item list; add link to Database interface Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com> Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com> 2022-03-22 20:07:32 +00:00			`## Built-In Plugins`

			`Built-in plugins are shipped with Vault, often for commonly used implementations,`
			`and require no additional operator intervention to run. Built-in plugins are`
			`just like any other backend code inside Vault.`

			`To use a different or edited version of a built-in plugin, the plugin must be`
			`run as an external plugin. See [Overriding Built-in Plugins](/docs/upgrading/plugins#overriding-built-in-plugins)`
			`for details on how to override a built-in plugin in-place.`

			`## External Plugins`

			`External plugins are not shipped with Vault and require additional operator`
			`intervention to run.`

			`To run an external plugin, a binary of the plugin is required. Plugin`
			`binaries can be obtained from [releases.hashicorp.com](https://releases.hashicorp.com/)`
			`or they can be [built from source](/docs/plugins/plugin-development#building-a-plugin-from-source).`

			`Vault's external plugins are completely separate, standalone applications that`
			`Vault executes and communicates with over RPC. Each time a Vault secret engine`
docs: update plugin docs for secrets/auth multiplexing (#16923) * docs: update plugin docs for secrets/auth multiplexing * update index * update plugin development * fix spacing in code snippet * update links to multiplexing resources * add note on sdk version and update db example text * Update website/content/docs/plugins/plugin-architecture.mdx Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com> * reword index intro * Update website/content/docs/plugins/plugin-development.mdx Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com> * Update website/content/docs/plugins/plugin-development.mdx Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com> * remove word and fix code format Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com> 2022-08-31 18:21:20 +00:00			`or auth method is mounted, a new process is spawned. However, plugins can be`
			`made to implement [plugin multiplexing](/docs/plugins/plugin-architecture#plugin-multiplexing)`
			`to improve performance. Plugin multiplexing allows plugin processes to be`
			`reused across all mounts of a given type.`