datadog-secret-backend

command module
v0.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 5, 2025 License: BSD-3-Clause Imports: 12 Imported by: 0

README

datadog-secret-backend

.github/workflows/release.yaml

datadog-secret-backend is an implementation of the Datadog Agent Secrets Management executable supporting multiple backend secret providers.

IMPORTANT NOTE: If you're using Agent version 7.69 or newer, setup is significantly simplified because the datadog-secret-backend binary is now bundled inside the Agent itself. In that case, you don’t need to install or manage the binary separately--please use the secret_backend_type and secret_backend_config config options in your datadog.yaml file instead.

Quick Start (Agent Version < 7.69)

  1. For agents before < 7.69.0, you need to install the secret backend manually: Follow the manual installation instructions below.
  2. Configure the backend type and its settings: Refer to the supported backends section for more information.
    1. You should reference secrets in your datadog.yaml file using the ENC[backend_id:secret_id] format. Here is more information on how this works.
    2. Any necessary configuration will be specified in a file named datadog-secret-backend.yaml which should be located in the same directory as the installed datadog-secret-backend executable.

Supported Backends

Backend Provider Description
aws.secrets aws Datadog secrets in AWS Secrets Manager
aws.ssm aws Datadog secrets in AWS Systems Manager Parameter Store
azure.keyvault azure Datadog secrets in Azure Key Vault
hashicorp.vault hashicorp Datadog secrets in Hashicorp Vault
file.json file Datadog secrets in local JSON files
file.yaml file Datadog secrets in local YAML files

Manual Installation

  1. Make a new folder to hold all the files required for this module in one place (in this example will use datadog-secret-backend:

    ## Linux
mkdir -p /etc/datadog-secret-backend

## Windows
mkdir 'C:\Program Files\datadog-secret-backend\'

  2. Download the most recent version of the secret backend module by hitting the latest release endpoint from this repo by running one of the commands below:

    ## Linux (amd64)
curl -L https://github.com/DataDog/datadog-secret-backend/releases/download/v0.3.0/datadog-secret-backend-linux-amd64.tar.gz \ 
-o /tmp/datadog-secret-backend-linux-amd64.tar.gz

## Linux (386)
curl -L https://github.com/DataDog/datadog-secret-backend/releases/download/v0.3.0/datadog-secret-backend-linux-386.tar.gz \ 
-o /tmp/datadog-secret-backend-linux-386.tar.gz

## Windows (amd64)
Invoke-WebRequest https://github.com/DataDog/datadog-secret-backend/releases/download/v0.3.0/datadog-secret-backend-windows-amd64.zip -OutFile 'C:\Program Files\datadog-secret-backend\datadog-secret-backend-windows-amd64.zip'

## Windows (386)
Invoke-WebRequest https://github.com/DataDog/datadog-secret-backend/releases/download/v0.3.0/datadog-secret-backend-windows-386.zip -OutFile 'C:\Program Files\datadog-secret-backend\datadog-secret-backend-windows-386.zip'

  3. Once you have the file from the github repo, you'll need to unzip it to get the executable:

    ## Linux (amd64, change end of filename to "386" if needed)
tar -xvzf /tmp/datadog-secret-backend-linux-amd64.tar.gz \
-C /etc/datadog-secret-backend

## Windows (amd64, change end of filename to "386" if needed)
Expand-Archive -LiteralPath 'C:\Program Files\datadog-secret-backend\datadog-secret-backend-windows-amd64.zip' -DestinationPath 'C:\Program Files\datadog-secret-backend\'

  4. (Optional) Remove the old tar'd file:

    ## Linux
rm /tmp/datadog-secret-backend-linux-amd64.tar.gz

## Windows
Remove-Item 'C:\Program Files\datadog-secret-backend\datadog-secret-backend-windows-amd64.zip'

  5. Update the executable to have the required Agent security permissions.

  6. Provide an executable path to the datadog agent via the main datadog.yaml file using the secret_backend_command variable:

    ## datadog.yaml ##

secret_backend_command: /etc/datadog-secret-backend/datadog-secret-backend

  7. Provide a configuration for the secrets executable. Documentation for each supported provider can be found here.

Usage

Reference each supported backend type's documentation on specific usage examples and configuration options.

License

BSD-3-Clause License

Documentation

Overview

main package for the datadog-secret-backend

Source Files

View all Source files

Directories

Path Synopsis
Package backend aggregates all supported backends and allow fetching secrets from them
 Package backend aggregates all supported backends and allow fetching secrets from them
akeyless
Package akeyless allows to fetch secrets from akeyless service
 Package akeyless allows to fetch secrets from akeyless service
aws
Package aws allows to fetch secrets from Aws SSM and Secrets Manager service
 Package aws allows to fetch secrets from Aws SSM and Secrets Manager service
azure
Package azure allows to fetch secrets from Azure keyvault service
 Package azure allows to fetch secrets from Azure keyvault service
file
Package file allows to fetch secrets from JSON and YAML files
 Package file allows to fetch secrets from JSON and YAML files
hashicorp
Package hashicorp allows to fetch secrets from Hashicorp vault service
 Package hashicorp allows to fetch secrets from Hashicorp vault service
Package secret contains the structure to receive and return secrets to the Datadog Agent
 Package secret contains the structure to receive and return secrets to the Datadog Agent

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.