I wrote a custom plugin and enabled it successfully. I can see it at the secrets list:
Path Type Accessor Description
---- ---- -------- -----------
my/ myplugin my_17369d75 My local plugin
cubbyhole/ cubbyhole cubbyhole_10c1fbe7 per-token private secret storage
identity/ identity identity_e4c40d5b identity store
sys/ system system_23e8ac04 system endpoints used for control, policy and debugging
transit/ transit transit_ac536f20 n/a
I sent an HTTP POST request and received a response.
I tried to read the value with read command:
vault read my/id
When I’m trying to read the value I received an error:
and furthermore, you clearly haven’t implemented a ReadOperation in
so I’m not sure how you expect that read to return anything.
That’s not making it clear… I think you might be misunderstanding what a Vault secret is … it’s a piece of information managed by a Vault plugin… like the one you are writing. It’s not something that necessarily gets written as is. Vault has internal storage, which is used by plugins to store data that they need to track secrets… but that’s something the plugins do by calling other Vault APIs.
That’s like turning up at the garage and asking them to tell you how to fix your car, but refusing them access to see your car.
You should consider writing a fully functional, testable, sharable mock, and only adding in confidential content once you have it working.
There is no comprehensive documentation for Vault plugin development, so the best learning source is picking an existing plugin and examining how it works, coupled with personal experimentation. That’s how I learned.