Skip to main content
Secret providers allow the Maverics Orchestrator to retrieve sensitive values — such as API keys, certificates, and database credentials — from external secret management systems at runtime. This keeps secrets out of configuration files and ensures they are managed according to your organization’s security policies.
Console terminology: In the Maverics Console, Orchestrator instances and configuration delivery are managed through Deployments. When working directly with YAML, configuration is managed as files delivered via the -config flag or MAVERICS_CONFIG environment variable.

How Secret Providers Work

Secret providers are configured via the MAVERICS_SECRET_PROVIDER environment variable or the -secretProvider CLI flag — not in YAML configuration. Only one secret provider may be active at a time. 
# Configure via environment variable
export MAVERICS_SECRET_PROVIDER="hashivault://vault.example.com:8200/secret/data/maverics?token=<token>"

# Or via CLI flag
maverics -config maverics.yaml -secretProvider "hashivault://vault.example.com:8200/secret/data/maverics?token=<token>"
Once a secret provider is configured, you reference secrets in your YAML configuration using angle bracket syntax: 
connectors:
  - name: my-idp
    oauthClientSecret: <maverics.client_secret>
At startup, the Orchestrator resolves <maverics.client_secret> by fetching it from the configured secret provider. The namespace (maverics) and key (client_secret) map to the secret path and key in the provider.

Available Providers

ProviderURL SchemeUse Case
HashiCorp Vaulthashivault:// or hashivaults://Enterprise secret management with dynamic secrets
AWS Secrets Managerawssecretsmanager://AWS-native secret storage
Azure Key Vaultazurekeyvault://Azure-native secret and certificate management
Delinea Secret Serverdelinea://Enterprise privileged access management
CyberArk Conjurconjur://DevOps-oriented secrets for CI/CD and containers
CyberArk CCPcyberarkccp://CyberArk Central Credential Provider
Secret Filesecretfile://Local file-based secrets for development

Provider Pages

HashiCorp Vault

Enterprise secret management with dynamic secrets

AWS Secrets Manager

AWS-native secret storage

Azure Key Vault

Azure-native secret and certificate management

Delinea Secret Server

Enterprise privileged access management

CyberArk Conjur

DevOps-oriented secrets for CI/CD and containers

CyberArk CCP

CyberArk Central Credential Provider

Secret File

Local file-based secrets for development

Identity Fabric

Identity provider integrations

Config Sources

Where the Orchestrator reads its configuration