Store secrets in Vault

    To store secrets in Vault, complete the following steps:

    1. Provide Vault server address and token.
    2. .
    3. Manage secrets through the InfluxDB API.

    Start a Vault server and ensure InfluxDB has network access to the server.

    The following links provide information about running Vault in both development and production:

    InfluxDB supports the Vault KV Secrets Engine Version 2 API only. When you create a secrets engine, enable the version by running:

    Use influxd Vault-related tags or to provide connection credentials and other important Vault-related information to InfluxDB.

    Vault address

    Provide the API address of your Vault server (available in the Vault server output) using the when starting influxd or with the VAULT_ADDR environment variable.

    Vault token

    Provide your (required to access your Vault server) using the --vault-token flag when starting influxd or with the VAULT_TOKEN environment variable.

    Your Vault server configuration may require other Vault settings.

    influxd includes the following Vault configuration options. If set, these flags override any :

    • --vault-addr
    • --vault-capath
    • --vault-client-key
    • --vault-max-retries
    • --vault-client-timeout
    • --vault-skip-verify
    • --vault-tls-server-name

    For more information, see InfluxDB configuration options.

    Use the InfluxDB /org/{orgID}/secrets API endpoint to add tokens to Vault. For details, see .

    secrets