Secret configurations from files
Learn how to configure secrets for Piiano Vault securely by reading them from file
If you're using the hosted version of Vault, Piiano securely manages secrets for your instance.
In some deployments, there is a security requirement for secrets, such as the database password, to be read from files instead of environment variables. This is considered more secure because environment variables are usually more exposed.
Vault supports reading sensitive configurations from files at startup. The following configurations are supported:
|Admin API key||PVAULT_SERVICE_ADMIN_API_KEY|
|KMS export seed||PVAULT_KMS_EXPORT_SEED|
Environment variables, if present, override the corresponding values in the default or custom system configuration file.