mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-09 08:07:01 +02:00
9680de88ba
* docs/multiplexing: overhaul plugin documentation * update nav data * remove dupe nav data * add external plugin section to index * move custom plugin backends under internals/plugins * remove ref to moved page * revert moving custom plugin backends * add building plugins from source section to plug dev * add mux section to plugin arch * add mux section to custom plugin page * reorder custom database page * use 'external plugin' where appropriate * add link to plugin multiplexing * fix example serve multiplex func call * address review comments * address review comments * Minor format updates (#14590) * mv Plugins to top-level; update upgrading plugins * update links after changing paths * add section on external plugin scaling characteristics * add updates on plugin registration in plugin management page * add plugin learn resource * be more explicit about mux upgrade steps; add notes on when to avoid db muxing * add plugin upgrade built-in section * add caveats to built-in plugin upgrade * improvements to built-in plugin override * formatting, add redirects, correct multiplexing use case * fix go-plugin link * Apply suggestions from code review Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com> * remove single item list; add link to Database interface Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com> Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
40 lines
1.7 KiB
Plaintext
40 lines
1.7 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: Plugin System
|
|
description: Learn about Vault's plugin system.
|
|
---
|
|
|
|
|
|
# Plugin System
|
|
|
|
All Vault auth methods and secrets engines are considered plugins. This simple concept
|
|
allows both built-in and external plugins to be treated like Legos. Any plugin
|
|
can exist at multiple different locations. Different versions of a plugin may
|
|
be at each location, with each version differing from Vault's version.
|
|
|
|
## Built-In Plugins
|
|
|
|
Built-in plugins are shipped with Vault, often for commonly used implementations,
|
|
and require no additional operator intervention to run. Built-in plugins are
|
|
just like any other backend code inside Vault.
|
|
|
|
To use a different or edited version of a built-in plugin, the plugin must be
|
|
run as an external plugin. See [Overriding Built-in Plugins](/docs/upgrading/plugins#overriding-built-in-plugins)
|
|
for details on how to override a built-in plugin in-place.
|
|
|
|
## External Plugins
|
|
|
|
External plugins are not shipped with Vault and require additional operator
|
|
intervention to run.
|
|
|
|
To run an external plugin, a binary of the plugin is required. Plugin
|
|
binaries can be obtained from [releases.hashicorp.com](https://releases.hashicorp.com/)
|
|
or they can be [built from source](/docs/plugins/plugin-development#building-a-plugin-from-source).
|
|
|
|
Vault's external plugins are completely separate, standalone applications that
|
|
Vault executes and communicates with over RPC. Each time a Vault secret engine
|
|
or auth method is mounted, a new process is spawned. However, database plugins
|
|
can be made to implement [plugin multiplexing](/docs/plugins/plugin-architecture#plugin-multiplexing)
|
|
which allows a single plugin process to be used for multiple database
|
|
connections.
|