Secret Management Configuration

The SecretManagement section controls where Vectra resolves sensitive configuration values (API keys, connection strings, JWT signing keys).

Properties

Property	Type	Default	Description
`DefaultProvider`	`SecretManagementProviderType`	`None`	Active provider: `None`, `EnvironmentVariables`, or `AzureKeyVault`
`Providers.EnvironmentVariables`	`EnvironmentVariablesSecretConfiguration`	`{}`	Environment variable provider (no extra config needed)
`Providers.AzureKeyVault.VaultUri`	`string`	—	Azure Key Vault URI

Providers

None (Default)

No external secret resolution. Configuration values are read directly from appsettings.json or environment variables passed to the process.

"SecretManagement": {
  "DefaultProvider": "None"
}

Environment Variables

Resolves secrets from environment variables. Useful for containerised deployments.

"SecretManagement": {
  "DefaultProvider": "EnvironmentVariables"
}

Azure Key Vault

Integrates with Azure Key Vault using the Azure SDK. Vectra uses DefaultAzureCredential, so it works with managed identities, service principals, or az login locally.

"SecretManagement": {
  "DefaultProvider": "AzureKeyVault",
  "Providers": {
    "AzureKeyVault": {
      "VaultUri": "https://your-vault.vault.azure.net/"
    }
  }
}

Properties​

Providers​

None (Default)​

Environment Variables​

Azure Key Vault​

Properties

Providers

None (Default)

Environment Variables

Azure Key Vault