Hcl environment variables parsing

Hello, I have a vault deployment on my openshift cluster,
I would like to use secrets for my backend credentials.
I use a postgres backend. I added the secrets to the porject, and imported them as environment variables to my deployment.
Now, when I try to use the in my configmap, the vault cant parse my connection string when I’m using environment variables.

storage "postgresql" {
    connection_url = "postgres://${user}:${password}:5432/${name}?search_path=${schema}" 

This configuration works when I replace the variables with plain text.


I understand your concerns. I have found a way to secure the secrets inside the Vault’s config file using SOPS. The usage is like sops exec-file secret.enc.json 'vault server -config={}. They have more detailed information on their SOPS github page.