Skip to content

Vault Plugin New Access

Once registered, enable it like a normal Vault engine:

To build a new secrets engine plugin, you will use the Go programming language and the official vault/sdk library. Step 1: Initialize the Project Create a new directory and initialize your Go module:

Before you run go build on your new plugin, ensure your environment is ready: vault plugin new

Generate, store, or dynamically create credentials (e.g., custom API keys or niche cloud providers).

err := plugins.Serve(plugin.Factory, apiClientMeta.GetTLSConfig()) if err != nil panic(err) Once registered, enable it like a normal Vault

Use go build to compile your plugin into a binary.

A basic backend factory function might look like this: A basic backend factory function might look like

Congratulations — you’ve successfully used vault plugin new to create, build, and run a custom plugin!

Open a new terminal window, export your Vault address, and register the binary using the checksum generated earlier:

var config config if err := entry.DecodeJSON(&config); err != nil return nil, err