Skip to main content

Vault Settings

The Vault settings provides options for modifying the default settings for the following:

  • Folder storage
  • Rotation policies
  • Signing key settings
  • JWT key settings
  • Secret settings
  • Pangea token settings

To access Vault settings, click Settings in the left navigation menu of the Vault service.

Vault item defaults

The Vault service has default configuration values for different Vault items. These are default values that are used when creating Vault items through the Pangea admin console.

Vault item defaults are configurable by Vault item type. In the case of keys, the defaults are broken down by key purpose.

The default settings are as follows:

  • Folder
    • Designates the default folder in which new Vault items will be created.
  • Rotation policy
    • Rotate every
      • The frequency with which a Vault item should be rotated
    • Target state
      • The state a Vault item version will be assigned after rotation

Additionally, Pangea tokens have a default setting unique to them:

  • Grace period
    • The time period during which a Pangea token remains available for use after rotation.


Vault item defaults will not be applied when creating or importing Vault items via API.

Add Pangea Tokens to Vault

Enabling this setting will ensure that all newly created Pangea tokens are added to the Vault as part of the token creation process. In the event that you want to override this configuration, you can uncheck the Store token in vault setting during the token creation flow.

IP Allow List

Restrict access to specific IP addresses, ranges, or subnets. By default, it is set to Disabled. Use the toggle switch to enable or disable this setting and it autosaves the settings.


The allowed IP entries must be a single IP, a CIDR, or an IP range.

In the IP Allow List window, the following warning is displayed by default.


Current IP Address not Allowed

Your IP Address is not within your allowed IP Addresses. To access the Secrets & Keys page you must include your current IP.

IP Address: XX.XX.XXX.XX +

You can add your IP address to the IP allow list by clicking the + sign and save button. Otherwise, click + IP Address to add an allowed IP address.

In the IP Allow List window, your IP address will appear if it falls within the categories of a single IP, a CIDR, or an IP range.

  • Allowed IP Addresses: Click + IP Address to add an allowed IP address. In the Add IP address window, enter the IP address inside the IP address box.

    The following IP addresses/entries are allowed:

    • (single IP)
    • (CIDR)
    • - (IP range)

Now, click Save to see the IP address listed in the Allowed IP Addresses pane.

To remove an IP address from the Allowed IP Addresses pane, hover your move over the IP address and click ().

Was this article helpful?

Contact us