New Secrets Engine for the Packet Host

Hey, I am thinking about writing a Secrets Engine for the Packet Host (

They have quite simple authentication with API keys. There are 2 types of keys

  • User keys, authorized to read/write whatever user can read/write
  • “Project” keys, authorized to read/write resorces in a given Project. Project is a grouping resource with quota, containing compute and storage resources.

Both types of keys can be read-only or read-write.

Is there an interest for this? I.e. if I start working on it, is there a chance that it will become part of Vault, just like the AWS Secrets Engine? I can commit to maintain it.

I have experience with Golang in HashiCorp projects, I am maintainer of the Packet Terraform Provider.

Thanks for answering,


Hi Tomas,

Thanks for offering to do this, that’s really cool!

Regarding your question on whether there’s an interest for it, so far the secret engines built into Vault have had at least somewhat widespread use or have been requested by multiple folks. When I search HashiCorp’s internal customer tickets for “Packet Host”, and I search our Vault Github issues for it, I don’t see any other mentions of it. It means that, presently, it’s not something we’ve seen requests for. Thus, I do think it’s unlikely it would become one of the plugins built into Vault.

However, plugins don’t have to be built in to be discoverable and usable. Since you’re interested in maintaining it, you could still build it and just host it under your own Github user name or org name. We could always build it in down the line if it becomes requested (and if you’re open to it), and in the meantime, it could build your reputation as a developer.

We would be happy to look it over when you’re done, if you’d like, and to answer any questions you encounter while you’re writing it. This is a fairly simple recent secret engine that you could use as an example: