open-vault/website/content/docs/platform/k8s/csi/configurations.mdx

---
layout: docs
page_title: Vault CSI Provider Configurations
sidebar_title: Configurations
description: This section documents the configurables for the Vault CSI Provider.
---

# Secret Class Provider Configurations

The following parameters are supported by the Vault provider:

- `roleName` `(string: "")` - Name of the role to be used during login with Vault.

- `vaultAddress` `(string: "")` - The address of the Vault server.

- `vaultSkipTLSVerify` `(string: "false")` - When set to true, skips verification of the Vault server 
  certificiate. Setting this to true is not recommended for production.

- `vaultCACertPath` `(string: "")` - The path on disk where the Vault CA certificate can be found
  when verifying the Vault server certificate.

- `vaultTLSClientCertPath` `(string: "")` - The path on disk where the client certificate can be found
  for mTLS communications with Vault.

- `vaultTLSClientKeyPath` `(string: "")` - The path on disk where the client key can be found
  for mTLS communications with Vault.

- `vaultTLSServerName` `(string: "")` - The name to use as the SNI host when connecting via TLS.

- `objects` `(array)` - An array of secrets to retrieve from Vault.

  - `objectName` `(string: "")` - The alias of the object which can be referenced within the secret provider class and 
  the name of the secret file.

  - `method` `(string: "GET")` - The type of HTTP request. Supported values include "GET" and "PUT".

  - `secretPath` `(string: "")` - The path in Vault where the secret is located.

  - `secretArgs` `(map: {})` - Additional arguments to be sent to Vault for a specific secret. Arguments can vary 
    for different secret engines. For example: 

    ```yaml
    secretArgs:
      common_name: "test.example.com"
      ttl: "24h"
    ```