steampipe plugin install theapsgroup/vaultsteampipe plugin install theapsgroup/vault

Hashicorp Vault + Turbot Steampipe

Vault is an industry-leading Secrets Management & Data Protection solution from Hashicorp.

Steampipe is an open source CLI for querying cloud APIs using SQL from Turbot

Getting Started


Download and install the latest Vault plugin:

steampipe plugin install theapsgroup/vault


  • Vault Server
  • Vault API Token


The preferred option is to use Environment Variables for configuration as the Vault Token should be rotated frequently, however you can configure in the ~./steampipe/config/vault.spc (this will take precedence).

Environment Variables (default from Hashicorp Vault):

  • VAULT_ADDR for the server address (ex:
  • VAULT_TOKEN for the API token (ex: s.f7Ea3C3ojOYE0GRLzmhSGNkE)

Configuration File:

connection "vault" {
plugin = "theapsgroup/vault"
address = ""
token = "s.f7Ea3C3ojOYE0GRLzmhSGNkE"


A quick test can be performed from your terminal with:

steampipe query "select * from vault_engine"


The following tables are available for querying, follow the links for more information.