diff --git a/extensions/store-asset-api/src/main/java/org/upm/inesdata/storageasset/StorageAssetApiExtension.java b/extensions/store-asset-api/src/main/java/org/upm/inesdata/storageasset/StorageAssetApiExtension.java
index a6f5ef8..319249e 100644
--- a/extensions/store-asset-api/src/main/java/org/upm/inesdata/storageasset/StorageAssetApiExtension.java
+++ b/extensions/store-asset-api/src/main/java/org/upm/inesdata/storageasset/StorageAssetApiExtension.java
@@ -10,6 +10,7 @@
 import org.eclipse.edc.jsonld.spi.JsonLd;
 import org.eclipse.edc.runtime.metamodel.annotation.Extension;
 import org.eclipse.edc.runtime.metamodel.annotation.Inject;
+import org.eclipse.edc.spi.security.Vault;
 import org.eclipse.edc.spi.system.ServiceExtension;
 import org.eclipse.edc.spi.system.ServiceExtensionContext;
 import org.eclipse.edc.spi.types.TypeManager;
@@ -33,7 +34,13 @@
 public class StorageAssetApiExtension implements ServiceExtension {
 
     public static final String NAME = "StorageAsset API Extension";
-    
+    public static final String DEFAULT_VALUE = "";
+    public static final String AWS_ACCESS_KEY = "edc.aws.access.key";
+    public static final String AWS_SECRET_ACCESS = "edc.aws.secret.access.key";
+    public static final String AWS_ENDPOINT_OVERRIDE = "edc.aws.endpoint.override";
+    public static final String AWS_REGION = "edc.aws.region";
+    public static final String AWS_BUCKET_NAME = "edc.aws.bucket.name";
+
     @Inject
     private AssetService assetService;
     
@@ -57,6 +64,8 @@ public class StorageAssetApiExtension implements ServiceExtension {
     @Inject
     private JsonLd jsonLd;
 
+    @Inject
+    private Vault vault;
 
     @Override
     public String name() {
@@ -81,11 +90,11 @@ public void initialize(ServiceExtensionContext context) {
         validator.register(EDC_DATA_ADDRESS_TYPE, DataAddressValidator.instance());
 
         // Leer las variables de entorno
-        String accessKey = context.getSetting("edc.aws.access.key","");
-        String secretKey = context.getSetting("edc.aws.secret.access.key","");
-        String endpointOverride = context.getSetting("edc.aws.endpoint.override","");
-        String regionName = context.getSetting("edc.aws.region","");
-        String bucketName = context.getSetting("edc.aws.bucket.name","");
+        var accessKey = vault.resolveSecret(context.getSetting(AWS_ACCESS_KEY, DEFAULT_VALUE));
+        var secretKey = vault.resolveSecret(context.getSetting(AWS_SECRET_ACCESS, DEFAULT_VALUE));
+        var endpointOverride = context.getSetting(AWS_ENDPOINT_OVERRIDE, DEFAULT_VALUE);
+        var regionName = context.getSetting(AWS_REGION, DEFAULT_VALUE);
+        var bucketName = context.getSetting(AWS_BUCKET_NAME, DEFAULT_VALUE);
 
         Region region = Region.of(regionName);