Version tracked:
v2.3.xLast updated:2026-04-15
OpenBao is an identity-based secrets and encryption management system, forked from HashiCorp Vault and managed by the Linux Foundation (LF Edge). It provides authentication-gated encryption services accessible via UI, CLI, or HTTP API.
| Page | Description |
|---|---|
| Overview | What it is, system requirements, key concepts |
| Architecture | Internal components and dev/prod/HA deployment topologies |
| Installation | Package managers, containers, binary, Kubernetes (Helm) |
| Configuration | Server config reference and annotated examples |
| Secrets Engines | KV, PKI, Transit, SSH, Database, and more |
| Auth Methods | AppRole, Kubernetes, JWT/OIDC, LDAP, Token, and more |
| Secrets Lifecycle | Leases, TTL, renewal, revocation, and response wrapping |
| Use Cases | K8s secret injection, PKI automation, dynamic DB creds, CI/CD |
| API & CLI Reference | Key bao CLI commands and HTTP API endpoints |
| FAQ & Links | Common questions and useful links |
Agent instructions (source URLs per page, custom section definitions, update notes) are in
AGENTS.md.