# Built-in Vault Connectors (HashiCorp Vault, Azure Key Vault, AWS Secrets Manager)

## Module
Integrations

## Status
VERIFIED

## Description
Three vault connectors using raw HTTP clients: HashiCorp Vault (Token, AppRole, Kubernetes auth), Azure Key Vault (Service Principal, Managed Identity), and AWS Secrets Manager (IAM SigV4). Unified secret resolution interface for integration configuration encryption.

## Implementation Details
- **Integration core**: `src/Integrations/__Libraries/StellaOps.Integrations.Core/Integration.cs` -- base integration with vault-type references for HashiCorp Vault, Azure Key Vault, AWS Secrets Manager
- **Integration models**: `src/Integrations/__Libraries/StellaOps.Integrations.Core/IntegrationModels.cs` -- vault connection configuration models
- **Integration enums**: `src/Integrations/__Libraries/StellaOps.Integrations.Core/IntegrationEnums.cs` -- vault type enumerations
- **Connector plugin contract**: `src/Integrations/__Libraries/StellaOps.Integrations.Contracts/IIntegrationConnectorPlugin.cs` -- unified secret resolution interface
- **Integration service**: `src/Integrations/StellaOps.Integrations.WebService/IntegrationService.cs` -- manages vault connector instances
- **Persistence**: `src/Integrations/__Libraries/StellaOps.Integrations.Persistence/PostgresIntegrationRepository.cs` -- vault configuration persistence
- **Infrastructure**: `src/Integrations/StellaOps.Integrations.WebService/Infrastructure/Abstractions.cs`, `DefaultImplementations.cs` -- vault-agnostic abstractions
- **Tests**: `src/Integrations/__Tests/StellaOps.Integrations.Tests/IntegrationServiceTests.cs`
- **Source**: SPRINT_20260110_102_005_INTHUB_vault_connector.md

## E2E Test Plan
- [ ] Verify HashiCorp Vault connector authenticates via Token, AppRole, and Kubernetes auth
- [ ] Test Azure Key Vault connector with Service Principal and Managed Identity
- [ ] Verify AWS Secrets Manager connector uses IAM SigV4 signing
- [ ] Test unified secret resolution interface across all vault types
- [ ] Verify vault credential encryption in persistence layer