https://dmtn-112.lsst.io describes the offering. But basically it’s an HTTPS-accessible secret storage mechanism. Ask me (or another SQuaRE teammember) for a storage path (of the form secret/:subsystem:/:team:/:category:/:instance:, so, for example, secret/dm/square/nublado/jupyterlabdemo.lsst.codes) and we will give you a read and a write token to access and store secrets under that path.

This Vault instance is deployed on GKE, the secret storage is backed by Google Cloud Storage, and, in general, it is the model at https://github.com/sethvargo/vault-on-gke but with an actual certificate rather than a self-signed one.