48 lines
1.8 KiB
Markdown
48 lines
1.8 KiB
Markdown
---
|
|
layout: "docs"
|
|
page_title: "Custom Plugin Backends"
|
|
sidebar_current: "docs-plugin"
|
|
description: |-
|
|
Plugin backends are mountable backends that are implemented unsing Vault's plugin system.
|
|
---
|
|
|
|
# Custom Plugin Backends
|
|
|
|
Plugin backends are the components in Vault that can be implemented separately from Vault's
|
|
builtin backends. These backends can be either authentication or secrets engines.
|
|
|
|
The [`api_addr`][api_addr] must be set in order for the plugin process establish
|
|
communication with the Vault server during mount time. If the storage backend
|
|
has HA enabled and supports automatic host address detection (e.g. Consul),
|
|
Vault will automatically attempt to determine the `api_addr` as well.
|
|
|
|
Detailed information regarding the plugin system can be found in the
|
|
[internals documentation](https://www.vaultproject.io/docs/internals/plugins.html).
|
|
|
|
# Enabling/Disabling Plugin Backends
|
|
|
|
Before a plugin backend can be mounted, it needs to be registered via the
|
|
[plugin catalog](https://www.vaultproject.io/docs/internals/plugins.html#plugin-catalog). After
|
|
the plugin is registered, it can be mounted by specifying the registered plugin name:
|
|
|
|
```text
|
|
$ vault secrets enable -path=my-secrets -plugin-name=passthrough-plugin plugin
|
|
Successfully mounted plugin 'passthrough-plugin' at 'my-secrets'!
|
|
```
|
|
|
|
Listing secrets engines will display secrets engines that are mounted as
|
|
plugins:
|
|
|
|
```text
|
|
$ vault secrets list
|
|
Path Type Accessor Plugin Default TTL Max TTL Force No Cache Replication Behavior Description
|
|
my-secrets/ plugin plugin_deb84140 passthrough-plugin system system false replicated
|
|
```
|
|
|
|
Disabling a plugin backend is the identical to disabling internal secrets engines:
|
|
|
|
```text
|
|
$ vault secrets disable my-secrets
|
|
```
|
|
|
|
[api_addr]: /docs/configuration/index.html#api_addr |