Skip to content

Adds support for OpenBao #927

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
digiserg wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Adds support for OpenBao #927

digiserg wants to merge 2 commits into from
+1,107 −0

Conversation

@digiserg
Copy link
Contributor

@digiserg digiserg commented Dec 25, 2025

This PR introduces support for OpenBao as a secret provider.

Following the recent licensing changes to HashiCorp Vault (BSL), many users are transitioning to OpenBao, an open-source community fork under the LF Decentralized Trust. Since OpenBao maintains API compatibility with Vault's core functionality, this implementation leverages the existing Vault logic while allowing users to explicitly define bao as a source.

Changes

  • Added openbao to the list of supported secret providers.
  • Implemented the OpenBao provider (mirroring the Vault provider logic).
  • Updated documentation to include connection examples for OpenBao.
  • Added unit tests for the bao prefix to ensure URI parsing works correctly.

Why this is needed

As organizations move away from BSL-licensed software, vals needs to remain a neutral and flexible tool for secret injection. Providing first-class support for OpenBao allows users to migrate their infrastructure without losing the ability to manage secrets via Helmfile and other tools that depend on vals.

How to test

You can now use the openbao prefix in your configuration:

# Example usage
key: ref+openbao://secret/db#user
  1. Run an OpenBao instance (e.g., via Docker).
  2. Set the environment variable BAO_ADDR and BAO_TOKEN.
  3. Run vals eval on a file containing a ref+bao:// URI.

@digiserg
Adds support for OpenBao
1815b01 
Following the recent licensing changes to HashiCorp Vault (BSL), many users are transitioning to OpenBao, an open-source community fork under the LF Decentralized Trust. Since OpenBao maintains API compatibility with Vault's core functionality, this implementation leverages the existing Vault logic while allowing users to explicitly define bao as a source.
@digiserg
Update documentation
7fef7dc
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mumoshu mumoshu Awaiting requested review from mumoshu mumoshu is a code owner

@itscaro itscaro Awaiting requested review from itscaro itscaro is a code owner

@yxxhero yxxhero Awaiting requested review from yxxhero yxxhero is a code owner

@xiaomudk xiaomudk Awaiting requested review from xiaomudk xiaomudk is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@digiserg