External vault integration

Enterprise and uses: Insomnia

AWS Secrets Manager

Navigate to Preferences > Cloud Credentials.
Click Add Credentials, select AWS, and enter your temporary security credentials.
Open AWS Secrets Manager from the context menu.
Fill in the required fields:
- Secret name
- Secret version
- Secret type

There are three options to authenticate to your AWS vault from Inso CLI:

export INSOMNIA_AWS_TYPE='temporary'
export INSOMNIA_AWS_ACCESSKEYID='YOUR AWS ACCESS KEY ID'
export INSOMNIA_AWS_SECRETACCESSKEY='YOUR AWS ACCESS SECRET ACCESS KEY'
export INSOMNIA_AWS_SESSIONTOKEN = 'YOUR AWS SESSION TOKEN'
export INSOMNIA_AWS_REGION = 'YOUR AWS REGION'

Credentials file:

export INSOMNIA_AWS_TYPE='file'
export INSOMNIA_AWS_SECTION='SECTION NAME IN YOUR AWS CREDENTIALS FILE'
export INSOMNIA_AWS_FILEPATH='PATH TO YOUR AWS CREDENTIALS FILE'
export INSOMNIA_AWS_ENABLECACHE='BOOLEAN, ENABLES FILE CACHE IF SET TO TRUE'
export INSOMNIA_AWS_REGION = 'YOUR AWS REGION'

SSO credentials:

export INSOMNIA_AWS_TYPE='file'
export INSOMNIA_AWS_SECTION='SECTION NAME IN YOUR AWS CREDENTIALS FILE'
export INSOMNIA_AWS_CONFIGFILEPATH='PATH TO THE AWS CONFIG FILE'
export INSOMNIA_AWS_FILEPATH='PATH TO YOUR AWS CREDENTIALS FILE'
export INSOMNIA_AWS_ENABLECACHE='BOOLEAN, ENABLES FILE CACHE IF SET TO TRUE'
export INSOMNIA_AWS_REGION = 'YOUR AWS REGION'

The INSOMNIA_AWS_CONFIGFILEPATH, INSOMNIA_AWS_FILEPATH, and INSOMNIA_AWS_ENABLECACHE variables are optional. If they aren’t provided, Insomnia will use the default AWS CLI values.

GCP Secret Manager

Navigate to Preferences > Cloud Credentials.
Click Add Credentials, select GCP, and upload your service account key.
Open GCP Secrets Manager from the context menu.
Fill in the required fields:
- Secret name
- Secret version

export INSOMNIA_GCP_SERVICEACCOUNTKEYFILEPATH = 'GCP SERVICE ACCOUNT KEY FILE PATH'

HashiCorp Vault

Navigate to Preferences > Cloud Credentials.
Click Add Credentials, select HashiCorp, and choose your environment:
- For HashiCorp Cloud Platform, select Cloud and provide credentials using a service principal client ID and client secret.
- For HashiCorp Vault Server, select On-Premises and choose an authentication method:
  - With AppRole, enter the server address, role ID, and secret ID.
  - With Token, enter the server address and authentication token.

For HashiCorp, the environment variables to define for Inso CLI depend on the platform and authentication method:

HashiCorp Cloud Platform

export INSOMNIA_HASHICORP_TYPE = 'cloud'
export INSOMNIA_HASHICORP_CLIENT_ID = 'HASHICORP SERVICE PRINCIPAL CLIENT ID'
export INSOMNIA_HASHICORP_CLIENT_SECRET = 'HASHICORP SERVICE PRINCIPAL CLIENT SECRET'

HashiCorp Vault Server

AppRole authentication:

export INSOMNIA_HASHICORP_TYPE = 'onPrem'
export INSOMNIA_HASHICORP_AUTHMETHOD = 'appRole'
export INSOMNIA_HASHICORP_SERVERADDRESS = 'HASHICORP VAULT SERVER ADDRESS'
export INSOMNIA_HASHICORP_ROLE_ID = 'HASHICORP VAULT SERVER APP ROLE ID'
export INSOMNIA_HASHICORP_SECRET_ID = 'HASHICORP VAULT SERVER APP ROLE SECRET ID'

Token authentication:

export INSOMNIA_HASHICORP_TYPE = 'onPrem'
export INSOMNIA_HASHICORP_AUTHMETHOD = 'token'
export INSOMNIA_HASHICORP_SERVERADDRESS = 'HASHICORP VAULT SERVER ADDRESS'
export INSOMNIA_HASHICORP_ACCESS_TOKEN = 'HASHICORP VAULT SERVER ACCESS TOKEN'

Azure Key Vault

Navigate to Preferences > Cloud Credentials.
Click Add Credentials, select Azure.
You will be redirected to authorize Insomnia in your browser.
After authorization, you’ll return to Insomnia with your Azure account credential added.
Open Azure Key Vault from the context menu.
Enter the Secret Identifier for the secret you want to access.

Vault secrets cache

Vault secret caching works like the following in Insomnia:

Secrets retrieved from cloud vault services are cached in memory for 30 minutes by default.
If the cache expires or is missing, Insomnia re-fetches the secret automatically.
You can configure cache duration and reset the cache in Preferences > Cloud Credentials.