fatima

Fatima

Load secrets from the local Fatima Vault.

Provider names: fatima, fatima-vault.

{
  "provider": "fatima-vault",
  "source": "e2e",
  "key": "{env:FATIMA_USER_KEY}",
  "environment": "development"
}

Options

OptionMeaning
sourcee2e; this is the implemented local encrypted Vault source.
keyUser key. If omitted, Fatima can read FATIMA_USER_KEY.
environmentVault environment to read. Defaults to the active Fatima environment.
cwdProject directory containing .fatima.
storePath / store-pathCustom Vault store path.

Load the user key from an uncommitted .env, then load Vault secrets:

{
  "providers": {
    "development": [
      { "provider": "file", "file": ".env" },
      { "provider": "fatima-vault", "key": "{env:FATIMA_USER_KEY}" }
    ]
  }
}

The provider uses user-key authentication, not the Vault password. That keeps application runtime access scoped.