HashiConf 2025 Don't miss the live stream of HashiConf Day 2 happening now View live stream
Vault
Vault Home

You are viewing documentation for version v1.20.x. View latest version.

Configure the Vault EKM provider

Configuration is stored in a config.json file under ProgramData in a path that mirrors the installation folder. This defaults to C:\ProgramData\HashiCorp\Transit Vault EKM Provider\config.json.

Note: If the Vault EKM Provider has already been installed, Microsoft SQL Server needs to be restarted for configuration changes to take effect.

The following options are supported:

  • vaultApiBaseUrl (string: required) - Address of Vault server, e.g. https://vault.example.com:8200
  • enableTrace (bool: false) - Enable trace logging. Logs are viewable from the event viewer. See troubleshooting for further details.
  • namespace (string: "") - Set the Vault namespace to use. Applies to both AppRole and Transit.
  • appRoleMountPath (string: "approle") - Use this to specify the path to the AppRole auth mount if it was set to a non-default path.
  • transitMountPath (string: "transit") - Use this to specify the path to the Transit mount if it was set to a non-default path.
Edit this page on GitHub