This post is based on my experience writing a plugin for HashiCorp’s Vault. While HashiCorp provides thorough documentation, I found that I had to read the code of several open-source plugins before I grokked a bigger picture. This is my attempt to document details that are not spelled out in HashiCorp’s basic example of a secrets engine. Vault Paths & Policies Paths are a key concept of Vault. It’s fundamental to understand how they work, because Vault gets its utility and flexibility largely from the path mechanism.