@swampadmin/vault-secrets
v2026.02.20.0
Pluggable secret providers for HashiCorp Vault, AWS Secrets Manager, and 1Password.
All providers support automatic rotation detection and lease renewal where the backend supports it. Configuration is validated at startup with clear error messages for missing credentials.
Labels
secretsvaultsecurity
Contents
Install
$ swamp extension pull @swampadmin/vault-secretsRelease Notes
New
- 1Password provider — reads secrets via 1Password CLI (
op)
Improved
- HashiCorp Vault provider now supports KV v2 secret engine
- AWS Secrets Manager provider caches lookups for 60s to reduce API calls
hashicorp-vaultconfigurable
vault-providerhashicorp.ts
hashicorp-vault secrets provider
Config Fields
| Field | Type | Description |
|---|---|---|
| address | string | Vault server URL (e.g. https://vault.example.com:8200) |
| token | string | Vault authentication token |
| namespace? | string | Vault namespace for enterprise deployments |
| mount_path? | string | KV secret engine mount path (default: secret) |
aws-secrets-managerconfigurable
vault-provideraws-secrets.ts
aws-secrets-manager secrets provider
Config Fields
| Field | Type | Description |
|---|---|---|
| region | string | AWS region for Secrets Manager API calls |
| cache_ttl? | number | Seconds to cache secret values (default: 60) |
onepasswordconfigurable
vault-provideronepassword.ts
onepassword secrets provider
Config Fields
| Field | Type | Description |
|---|---|---|
| vault | string | 1Password vault name |
| account? | string | 1Password account shorthand (e.g. my.1password.com) |
2026.01.05.081.0 KBFeb 13, 2026
HashiCorp Vault and AWS Secrets Manager providers
linux-x86_64linux-aarch64darwin-x86_64darwin-aarch64
secretsvaultsecurity