Configuration

To configure the mfsecretsaws vault, edit the secrets.cfg file to include values for the provider name, authorization credentials, geographical region endpoint, optional secrets base paths, and secret recovery and polling options.

The following is an example configuration file for the mfsecretsaws vault provider:

[awsvault]

# This should be the name of the provider so/dll. No file extension 
# required.
provider name=mfsecretsaws

# The geographical region endpoint
region=us-east-2

# AWS credentials required to authenticate a connection
access_key=
secret_access_key=

# Optional path to store and access all secrets under
secrets_base_path=

# Optional secret recovery window, between 7 and 30 days inclusive
# Recommended: leave as 0 if using mfsecrets with Enterprise Developer
recovery_window=0


# Polling options for deleted secrets polling

# Maximum times to poll a secret waiting to be deleted
maximum_polls_delete=20

# Time in seconds between polls
time_between_polls_delete=3


# Polling options for written secrets polling

# Maximum times to poll a secret waiting to be written
maximum_polls_write=10

#  Time in milliseconds between polls
time_between_polls_write=500

See Vault Providers for more information.