I’m configuring Vault’s MySQL storage backend and need to inject the password value at startup directly from Conjur (via Summon) without ever writing it to a file. My current HCL block looks like this:
hcl
Copy Code
storage “mysql” {
address = “127.0.0.1:3306”
username = “vault_user”
password = “${MYSQL_STORAGE_PASSWORD}”
database = “vault_db”
}
Is there a way to invoke Summon‑Conjur (or another external secret provider) so that Vault reads the password at runtime—ideally by piping it into the process—without persisting any temporary files?