Keeper Secrets Manager integration with Teller for dynamic secrets retrieval
Retrieve secrets from the Keeper Vault within Teller environments
Set secret credentials as environment variables in Teller
For a complete list of Keeper Secrets Manager features see the Overview
This page documents the Secrets Manager Teller integration. In order to utilize this integration, you will need:
Keeper Secrets Manager access (See the Quick Start Guide for more details)
Secrets Manager addon enabled for your Keeper account
Membership in a Role with the Secrets Manager enforcement policy enabled
A Keeper Secrets Manager Application with secrets shared to it
See the Quick Start Guide for instructions on creating an Application
An initialized Keeper Secrets Manager Configuration
The Teller integration accepts Base64 format configurations
Using Keeper Commander, add a new client to an application and initialize the configuration to a Base64 string. This will be the long text hash that appears after the "Initialized Config:" label.
That value needs to be assigned to an environment variable with the name KSM_CONFIG.
teller
will pull variables from your Keeper Vault, and will populate your current working session so you can work safely and much more productively.
teller
needs a tellerfile. This is a .teller.yml
file that lives in your repo, or one that you point teller to with teller -c your-conf.yml
.
Run teller new
and follow the wizard, pick the providers you like and it will generate a .teller.yml
for you.
Alternatively, you can use the following minimal template:
With a .teller.yml
file in the current directory, or one that you point teller to with teller -c your-conf.yml
now you can just run processes with:.
Add a teller step.
Full example below is using the default config file .teller.yml
which can be replaced in the run
command with a custom file that you point teller to with teller -c your-conf.yml
.