Secret Managers

This page lists all Secret Managers supported by ggscout. A configuration sample is provided for each Secret Managers to help you get started!

HashiCorp Vault

Supported engines: KV1, KV2

HashiCorp Vault namespaces are not yet supported

Configuration example:

[sources.my-hashicorp-vault]
type = "hashicorpvault"
auth_token = "${VAULT_TOKEN}"
vault_address = "${VAULT_ADDR}"
fetch_all_versions = true
# Optionally restrict the path to collect
path = "secret/some/path/"

AWS Secret Manager

Configuration example:

[sources.aws-secret-manager-playground]
type = "awssecretsmanager"
fetch_all_versions = true
# Replace with the correct AWS profile
profile_name = "my-profile"

Azure Key Vault

Configuration example:

[sources.azure-source-playground]
type = "azurekeyvault"
fetch_all_versions = true
subscription_id = "${AZURE_SUBSCRIPTION_ID}"

Google Secret Manager

Configuration example:

[sources.gcp]
type = "gcpsecretmanager"
fetch_all_versions = true
projects = ["some-project-id-441517"]
service_account_key_file = ".secure_files/.gcp_key.json"

Conjur Cloud

Configuration example:

[sources.conjur]
type = "conjurcloud"
auth_mode = "cyberark"
conjur_url = "${CONJUR_URL}"
client_id = "${CYBERARK_CLIENT_ID}"
client_secret = "${CYBERARK_CLIENT_SECRET}"
tenant_id = "${CYBERARK_TENANT_ID}"
subdomain = "my-company"
fetch_all_versions = true

Akeyless

Configuration example:

[sources.akeyless]
type = "akeyless"
access_id = "${AKEYLESS_ACCESS_ID}"
access_key = "${AKEYLESS_ACCESS_KEY}"
accessibility = "regular"
auth_mode = "apikey"
fetch_all_versions = true

Delinea Secret Server

Configuration example:

[sources.delinea]
type = "delineasecretserver"
auth_mode = "oauth"
client_id = "${DELINEA_CLIENT_ID}"
client_secret = "${DELINEA_CLIENT_SECRET}"
fetch_all_versions = true
tenant = "${DELINEA_TENANT}"
tld = "com"