Skip to main content
Bifrost integrates with HashiCorp Vault for centralized secret management, allowing you to store provider API keys and virtual keys in your existing Vault infrastructure and automatically sync them into Bifrost.

Configuration

Add a vault block to your Bifrost configuration to connect to your HashiCorp Vault instance: 
{
  "vault": {
    "type": "hashicorp",
    "address": "https://vault.company.com:8200",
    "token": "${VAULT_TOKEN}",
    "mount": "secret",
    "sync_interval": "300s"
  }
}

Configuration Fields

FieldTypeDescription
typestringMust be set to "hashicorp" to use HashiCorp Vault.
addressstringThe full URL of your HashiCorp Vault server, including the port.
tokenstringAuthentication token for Vault access. Supports environment variable interpolation via ${VAULT_TOKEN}.
mountstringThe secrets engine mount path in Vault (e.g., "secret" for the default KV secrets engine).
sync_intervalstringHow often Bifrost syncs keys from Vault. Accepts duration strings such as "300s", "5m", or "1h".
The sync_interval field controls how frequently Bifrost polls your vault for key changes. Lower intervals detect changes faster but increase load on your vault server. See the Vault Support page for full sync configuration options including sync_paths and auto_deprecate.
For key synchronization, deprecation management, and security configuration, see Vault Support.