Is there a way to auto generate secrets in a kv engine?


I was wondering if I can create secrets in a KV engine that have a certain key and an automated generated value? (something similar with dynamic secrets but for a kv engine)

Thank you!

I’m not aware of anything that exists, out of the box, now, but, as your example hints at, it’s certainly possible to add that to Vault. For example, Seth Vargo did that a long time ago with what he called the Vault Password Generator plug-in. (And then Sean Carolan made use of it in his neat Painless Password Rotation repo / talk!)

1 Like

Thank you for the response! I will have a look! :+1:

1 Like

You can also generate random passwords from Vault without any extra plugins, if you setup a Password Policy.

1 Like

Thank you for the response. :+1:
Can this generated password be also automatically stored in a kv engine by specifying a certain path?

No, that would take a second API call.
One to generate the password and another to store it in KV.

1 Like

Ok, understood! Thank you!

There is also on K8s Operator Vault Config Operator, which provides a CR RandomSecret, that can be used to generate a random password based on a password policy and store it in a kv secret engine.