Secret Management

Secret Management is an enterprise-only feature. It requires the enterprise Bifrost image and a PostgreSQL config store.

Connect an external secret manager so provider keys and other credentials are never stored in Bifrost’s database. Configure vaultStore under storage.configStore in your values file. Once connected, any secret field in your values file accepts a vault.<path> reference in place of a plaintext value or env.* reference. See Secret Management for the full list of supported fields, access modes, and secret rotation.

Configuration

AWS Secrets Manager
GCP Secret Manager
HashiCorp Vault

IAM role (recommended)
Static credentials
Role assumption

Attach an IAM role to your pod via IRSA and leave credentials unset - the AWS SDK inherits the role automatically.

storage:
  configStore:
    vaultStore:
      enabled: true
      type: aws-secrets-manager
      prefix: bifrost
      accessMode: read_only
      aws:
        region: us-east-1

storage:
  configStore:
    vaultStore:
      enabled: true
      type: aws-secrets-manager
      prefix: bifrost
      accessMode: read_only
      aws:
        region: us-east-1
        accessKeyId: env.AWS_ACCESS_KEY_ID
        secretAccessKey: env.AWS_SECRET_ACCESS_KEY

accessKeyId and secretAccessKey must be set together.

Assume a cross-account or restricted IAM role on top of any existing credential source.

storage:
  configStore:
    vaultStore:
      enabled: true
      type: aws-secrets-manager
      prefix: bifrost
      accessMode: read_only
      aws:
        region: us-east-1
        roleArn: arn:aws:iam::123456789012:role/BifrostSecretsReader

AWS fields

Field	Required	Description
`region`	No	AWS region (e.g. `us-east-1`). Falls back to `AWS_DEFAULT_REGION` or instance metadata if unset.
`accessKeyId`	No	Required when not using IAM roles. Must be set with `secretAccessKey`.
`secretAccessKey`	No	Must be set with `accessKeyId`.
`sessionToken`	No	For STS-issued temporary credentials.
`roleArn`	No	IAM role to assume via STS.
`kmsKeyId`	No	KMS key for encrypting new secrets (`read_and_write` only).

Workload Identity (recommended)
Service account key

Bind a GCP service account to your GKE pod and omit credentials - ADC is used automatically.

storage:
  configStore:
    vaultStore:
      enabled: true
      type: gcp-secret-manager
      prefix: bifrost
      accessMode: read_only
      gcp:
        projectId: my-gcp-project

storage:
  configStore:
    vaultStore:
      enabled: true
      type: gcp-secret-manager
      prefix: bifrost
      accessMode: read_only
      gcp:
        projectId: my-gcp-project
        credentialsJson: env.GCP_CREDENTIALS_JSON

credentialsJson accepts a JSON string (the full key file contents) or a file path on disk.

GCP fields

Field	Required	Description
`projectId`	Yes	GCP project containing your secrets.
`credentialsJson`	No	Service account key JSON string or file path. If omitted, Application Default Credentials are used.

Bifrost uses the KV v2 secrets engine. Auth is resolved in order: explicit token → AppRole → ambient VAULT_TOKEN env var.

Token
AppRole
Ambient token

storage:
  configStore:
    vaultStore:
      enabled: true
      type: hashicorp-vault
      prefix: bifrost
      accessMode: read_only
      hashicorp:
        address: https://vault.internal:8200
        token: env.VAULT_TOKEN

storage:
  configStore:
    vaultStore:
      enabled: true
      type: hashicorp-vault
      prefix: bifrost
      accessMode: read_only
      hashicorp:
        address: https://vault.internal:8200
        mountPath: secret
        roleId: env.VAULT_ROLE_ID
        secretId: env.VAULT_SECRET_ID

If VAULT_TOKEN is set in the environment and no token or AppRole is configured, Bifrost inherits it automatically. Useful with Vault Agent injection.

storage:
  configStore:
    vaultStore:
      enabled: true
      type: hashicorp-vault
      prefix: bifrost
      accessMode: read_only
      hashicorp:
        address: https://vault.internal:8200

HashiCorp fields

Field	Required	Description
`address`	No	Vault server URL. Reads `VAULT_ADDR` env var if unset.
`token`	No	Vault token.
`namespace`	No	Vault namespace (HCP Vault / Vault Enterprise).
`mountPath`	No	KV v2 mount path. Defaults to `secret`.
`roleId`	No	AppRole role ID. Must be set together with `secretId`.
`secretId`	No	AppRole secret ID. Must be set together with `roleId`.

Common fields

These apply regardless of backend:

Field	Required	Description
`enabled`	Yes	Enable vault integration.
`type`	Yes	Backend: `aws-secrets-manager`, `gcp-secret-manager`, or `hashicorp-vault`.
`prefix`	No	Path prefix for Bifrost-managed secrets. Defaults to `bifrost`.
`accessMode`	No	`read_only` (default) - resolve refs only. `read_and_write` - also auto-store plaintext values and delete owned secrets on removal.

Using vault references

Once configured, any secret field accepts a vault.<path> reference:

bifrost:
  providers:
    openai:
      keys:
        - value: vault.bifrost/providers/openai/key
          models:
            - gpt-4o
            - gpt-4o-mini

Full example

# vault-values.yaml
storage:
  configStore:
    type: postgres
    vaultStore:
      enabled: true
      type: aws-secrets-manager
      prefix: bifrost
      accessMode: read_and_write
      aws:
        region: us-east-1

bifrost:
  providers:
    openai:
      keys:
        - value: vault.bifrost/providers/openai/key
          models:
            - gpt-4o
            - gpt-4o-mini
    anthropic:
      keys:
        - value: vault.bifrost/providers/anthropic/key
          models:
            - claude-opus-4-8
            - claude-sonnet-4-6

helm install bifrost bifrost/bifrost -f vault-values.yaml

​Configuration

​AWS fields

​GCP fields

​HashiCorp fields

​Common fields

​Using vault references

​Full example

Configuration

AWS fields

GCP fields

HashiCorp fields

Common fields

Using vault references

Full example