Vault
plugin register
The plugin register
command registers a new plugin in Vault's plugin catalog.
The plugin's type of "auth", "database", or "secret" must be included.
Examples
Register a plugin:
$ vault plugin register \
-sha256=d3f0a8be02f6c074cf38c9c99d4d04c9c6466249 \
auth my-custom-plugin
Success! Registered plugin: my-custom-plugin
Register a plugin with custom args:
$ vault plugin register \
-sha256=d3f0a8be02f6c074cf38c9c99d4d04c9c6466249 \
-args=--with-glibc,--with-curl-bindings \
auth my-custom-plugin
Usage
The following flags are available in addition to the standard set of flags included on all commands.
Output options
-format
(string: "table")
- Print the output in the given format. Valid formats are "table", "json", or "yaml". This can also be specified via theVAULT_FORMAT
environment variable.
Command options
-sha256
(string: <required>)
- SHA256 of the plugin binary or the OCI image provided. This is required for all plugins.-args
([]string: [])
- Argument to pass to the plugin when starting. This flag can be specified multiple times to specify multiple args.-command
(string: "")
- Command to spawn the plugin. This defaults to the name of the plugin if both-oci_image
and-command
are unspecified.-env
([]string: [])
- Environment variables to set for the plugin when starting. This flag can be specified multiple times to specify multiple environment variables.-oci_image
(string: "")
- OCI image to run. If specified, setting-command
,-args
, and-env
will update the container's entrypoint, args, and environment variables (append-only) respectively.-runtime
(string: "")
- Vault plugin runtime to use if-oci_image
is specified.-version
(string: "")
- Semantic version of the plugin. Used as the tag when specifying-oci_image
, but any leading 'v' will automatically be trimmed.