Automic VaultAutomic Vault

brew

Install argocd-vault-plugin with Homebrew, Nix

Argo CD plugin to retrieve secrets from Secret Management tools. Version 1.18.1 via Homebrew; verified from local package data.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install argocd-vault-plugin

local Homebrew formula metadata

Linux

Nixverified · 92%
nix profile install nixpkgs#argocd-vault-plugin

nixpkgs package indexes · pkgs/by-name/ar/argocd-vault-plugin/package.nix · source: api.github.com

overview

Package summary

Argo CD plugin to retrieve secrets from Secret Management tools

Commands and aliases

  • argocd-vault-plugin

history

Project history and usage

Argo CD Vault Plugin is an Argo CD config-management plugin that reads secret references from Kubernetes manifests and resolves them from secret-management systems before Argo CD applies the rendered resources.

Project history

The project lives in argoproj-labs, the Argo project area for ecosystem tooling. Its README presents it as a plugin for retrieving secrets from backends such as HashiCorp Vault, IBM Cloud Secrets Manager, AWS Secrets Manager, Google Secret Manager, Yandex Cloud Lockbox, and 1Password Connect, then injecting the values into Kubernetes resources.

Adoption history

Adoption follows Argo CD's GitOps operational model: teams want manifests in Git while keeping secret values in dedicated secret stores. The documentation focuses on ways to supply backend configuration through Kubernetes Secrets, configuration files, and environment variables, which matches real Argo CD repo-server and plugin workflows.

How it is used

The common CLI shape is `argocd-vault-plugin generate`, optionally with `-c /path/to/config/file.yaml` for a Viper-supported configuration file or `-s` for a Kubernetes Secret containing backend settings. It is also registered as an Argo CD config-management plugin so manifests can be rendered during application reconciliation.

Why package nerds care

For package managers, this formula matters because it packages a small but operationally important GitOps helper: one executable that sits between Kubernetes YAML, Argo CD plugin execution, and several external secret-store SDKs. Its configuration surface is intentionally portable, so the Homebrew binary can be used locally for manifest generation or installed into Argo CD plugin images.

Timeline

  • 2020s: Project maintained under argoproj-labs for Argo CD ecosystem use.
  • Current stable docs: Read the Docs documents backend configuration through Kubernetes Secrets, config files, and environment variables.

Related projects

  • Argo CD provides the GitOps controller and plugin execution model.
  • HashiCorp Vault, AWS Secrets Manager, Google Secret Manager, IBM Cloud Secrets Manager, Yandex Cloud Lockbox, and 1Password Connect are documented secret backends.

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Build metadata lists 1 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
/path/to/config/file.yaml

executables

Installed executables

CommandKindExposureNote
argocd-vault-plugincliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version1.18.1
manager updated
local dataok
upstreamnot checked
latest detectednot detected

https://github.com/argoproj-labs/argocd-vault-plugin

install metadata

Package metadata

Package keybrew:argocd-vault-plugin
Version1.18.1
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/argocd-vault-plugin
Homepagehttps://argocd-vault-plugin.readthedocs.io
Repositoryhttps://github.com/argoproj-labs/argocd-vault-plugin
Upstream docshttps://argocd-vault-plugin.readthedocs.io/en/stable
LicenseApache-2.0
Source archivehttps://github.com/argoproj-labs/argocd-vault-plugin.git
Build dependenciesgo
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Nameargocd-vault-plugin
Version Scheme0
Revision0
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

argocd-vault-plugin

nix profile install nixpkgs#argocd-vault-plugin
  • normalized package name match
  • Matched by: Argocd Vault Plugin
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/ar/argocd-vault-plugin/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment