luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
open-vault/website/content/docs/plugins/plugin-management.mdx
John-Michael Faircloth 15e693bf91
docs/multiplexing: overhaul plugin documentation (#14509) 
* docs/multiplexing: overhaul plugin documentation

* update nav data

* remove dupe nav data

* add external plugin section to index

* move custom plugin backends under internals/plugins

* remove ref to moved page

* revert moving custom plugin backends

* add building plugins from source section to plug dev

* add mux section to plugin arch

* add mux section to custom plugin page

* reorder custom database page

* use 'external plugin' where appropriate

* add link to plugin multiplexing

* fix example serve multiplex func call

* address review comments

* address review comments

* Minor format updates (#14590)

* mv Plugins to top-level; update upgrading plugins

* update links after changing paths

* add section on external plugin scaling characteristics

* add updates on plugin registration in plugin management page

* add plugin learn resource

* be more explicit about mux upgrade steps; add notes on when to avoid db muxing

* add plugin upgrade built-in section

* add caveats to built-in plugin upgrade

* improvements to built-in plugin override

* formatting, add redirects, correct multiplexing use case

* fix go-plugin link

* Apply suggestions from code review

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* remove single item list; add link to Database interface

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-03-22 15:07:32 -05:00

70 lines
2.2 KiB
Plaintext
Raw Blame History

---
layout: docs
page_title: Plugin Management
description: >-
External Plugins are mountable backends that are implemented using Vault's
plugin system.
---
# Plugin Management
External plugins are the components in Vault that can be implemented separately
from Vault's built-in plugins. These plugins can be either authentication or
secrets engines.
The [`api_addr`][api_addr] must be set in order for the plugin process to
establish communication with the Vault server during mount time. If the storage
backend has HA enabled and supports automatic host address detection (e.g.
Consul), Vault will automatically attempt to determine the `api_addr` as well.
Detailed information regarding the plugin system can be found in the
[internals documentation](/docs/plugins).
## Registering External Plugins
Before an external plugin can be mounted, it needs to be
[registered](/docs/plugins/plugin-architecture#plugin-registration) in the
plugin catalog to ensure the plugin invoked by Vault is authentic and maintains
integrity:
```shell-session
$ vault plugin register -sha256=<SHA256 Hex value of the plugin binary> \
secret \ # type
my-secrets
Success! Registered plugin: myplugin-database-plugin
```
## Enabling/Disabling External Plugins
After the plugin is registered, it can be mounted by specifying the registered
plugin name:
```shell-session
$ vault secrets enable -path=my-secrets passthrough-plugin
Success! Enabled the passthrough-plugin secrets engine at: my-secrets/
```
Listing secrets engines will display secrets engines that are mounted as
plugins:
```shell-session
$ vault secrets list
Path Type Accessor Plugin Default TTL Max TTL Force No Cache Replication Behavior Description
my-secrets/ plugin plugin_deb84140 passthrough-plugin system system false replicated
```
Disabling an external plugins is identical to disabling a built-in plugin:
```shell-session
$ vault secrets disable my-secrets
```
## Upgrading Plugins
Upgrade instructions can be found in the [Upgrading Plugins - Guides][upgrading_plugins]
page.
[api_addr]: /docs/configuration#api_addr
[upgrading_plugins]: /docs/upgrading/plugins
Reference in a new issue View git blame Copy permalink