Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vault Config should be configurable via kubernetes secrets #398

Closed
2 tasks done
maaft opened this issue Mar 8, 2024 · 2 comments
Closed
2 tasks done

Vault Config should be configurable via kubernetes secrets #398

maaft opened this issue Mar 8, 2024 · 2 comments
Labels
kind/support Categorizes issue or PR as support questions.

Comments

@maaft
Copy link

maaft commented Mar 8, 2024

Preflight Checklist

  • I have searched the issue tracker for an issue that matches the one I want to file, without success.
  • I agree to follow the Code of Conduct.

Problem Description

Currently, backend secrets have to be directly inserted into Vault CRD. Example:

config:
    storage:
      azure:
        accountName: "my-storage-account"
        accountKey: "abcd1234"
        container: "container-efgh5678"
        environment: "AzurePublicCloud"

This makes it impossible to push these CRDs to git.

Proposed Solution

There should be an option to specify the config from a k8s secret, like this:

config:
   fromSecret:
      name: config-secret

Alternatives Considered

No response

Additional Information

No response
@maaft maaft added the kind/enhancement Categorizes issue or PR as related to an improvement. label Mar 8, 2024
@maaft maaft changed the title Backend Secrets should be configurable via kubernetes secrets Vault Config should be configurable via kubernetes secrets Mar 8, 2024
@maaft
Copy link
Author

maaft commented Mar 8, 2024

It seems to be configurable by creating a secret like this:

https://github.com/bank-vaults/vault-operator/blob/main/deploy/examples/vault-config-from-secret.yaml

apiVersion: v1
kind: Secret
metadata:
  name: config-from-secret
  labels:
    app.kubernetes.io/name: vault-configurator
    vault_cr: vault
data:
  vault-config.yml: cG9saWNpZXM6CiAgLSBuYW1lOiBhbGxvd19hY2Nlc3NfdG9fc2VjcmV0c19mcm9tX3NlY3JldAogICAgcnVsZXM6IHBhdGggInNlY3JldC8qIiB7CiAgICAgIGNhcGFiaWxpdGllcyA9IFsiY3JlYXRlIiwgInJlYWQiLCAidXBkYXRlIiwgImRlbGV0ZSIsICJsaXN0Il0KICAgICAgfQoK

Can this please be documented? It's very obscure process and super hard to find.

@akijakya
Copy link
Contributor

Hi @maaft, good to hear you found the solution! Could you please share the steps you took, or open a pull request with them directly in our docs repo? It would be much appreciated!

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label May 12, 2024
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Jun 2, 2024
@bank-vaults bank-vaults deleted a comment from github-actions bot Jun 2, 2024
@bank-vaults bank-vaults deleted a comment from github-actions bot Jun 2, 2024
@csatib02 csatib02 closed this as completed Jun 2, 2024
@csatib02 csatib02 added kind/support Categorizes issue or PR as support questions. and removed lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. kind/enhancement Categorizes issue or PR as related to an improvement. labels Jun 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/support Categorizes issue or PR as support questions.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@maaft @akijakya @csatib02