External secret stores let your organization use secrets, API keys, passwords, and other credentials, in Torq integrations without storing sensitive data in Torq itself. This keeps your team in full control of secret management, including rotation and revocation.
Supported secret stores:
HashiCorp Vault
AWS SSM Parameter Store
Azure Key Vault
Contact your support representative if you use a different secret management service.
How to use
Set up an external secret store
Add the integration: Go to Integrations > Secret Management, select your secret store, and click Add Instance.
Configure the integration: Enter a meaningful name and fill in the required fields.
Enable as secret store: Check Use this integration as a secret store for my account and click Add.
For AWS integrations, ensure the IAM role has GetParameter permission.
Edit an external secret store integration
Find the integration: Go to Integrations > Secret Management and locate the integration in the list.
Open settings: Click the three-dot menu (...) next to the integration and select Edit.
Update and save: Make your changes and click Save.
Connect a third-party integration to a secret store
Select the integration: Go to Integrations, find the third-party vendor, and click Add.
Configure secret fields: For each sensitive field, use the dropdown to select whether the value comes from an external secret store or Torq's local secret store.
Provide the secret path: Enter the path to the secret value using the format for your secret store (see below), and click Add.
Secret path formats
HashiCorp Vault
Get the secret path: In HashiCorp Vault, go to Secrets to view available engine paths.
For example, for the secret below, use
secret/test/webapp/api_keyto get the secret value in Torq.Use the secret: In the Torq integration form, use the secret value in integration fields that require sensitive information.
AWS SSM Parameter Store
Enter the path: Provide the region and parameter name in the format
<region>/<parameter name>.For example, for the parameter
/A/Abelow, useus-east-1/A/Ato get the secret value in Torq.Use the secret: In the Torq integration form, use the secret value in integration fields that require sensitive information.
Azure Key Vault
Get the secret name: In Azure Key Vault, go to Secrets to view available secret names.
Enter the name: Provide the secret name exactly as listed, for example:
my-secret.Use the secret: In the Torq integration form, paste the name into any field that requires sensitive information.








