Skip to content

A Quorum account plugin that enables storing accounts in a Hashicorp Vault


Notifications You must be signed in to change notification settings


Folders and files

Last commit message
Last commit date

Latest commit


Repository files navigation

Hashicorp Vault plugin for Quorum

The Hashicorp Vault plugin enables the storage of Quorum account private keys in a Hashicorp Vault.

It can be used with Quorum or clef.

Using the Hashicorp Vault plugin offers several benefits:

  • Account private keys are stored in a Hashicorp Vault which can be deployed on separate infrastructure to the node

  • Vault allows for fine-grained access control to secrets

Storage options

Accounts can be stored in the standard Hashicorp Vault KV v2 secret engine or the custom quorum-signer secret engine:

  • kv

    • Account private keys are stored in Vault but must be retrieved by Quorum when signing data
  • quorum-signer (v0.2.0+ only)

    • Account private keys never leave the Vault boundary. Data is sent to the quorum-signer for signing.


Quorum will automatically download the plugin from bintray at startup.

Alternatively, the plugin can be downloaded or built manually and added to the baseDir:

cp build/dist/quorum-account-plugin-hashicorp-vault-<version>.zip /path/to/baseDir


See the quickstart examples for step-by-step walkthroughs of how to set up and manage Quorum accounts with Vault:


See docs/configuration for complete documentation of the configuration options.

Creating accounts

See docs/creating-accounts for details on creating Vault-stored accounts.


See docs/faq for additional info on various items.

Run tests

make test

# run integration tests (vault, quorum and clef must be on PATH)
make itest

Further reading