Secret Type - DOCKERCFG

Vault-CRD

Github

Search…

Introduction

How does Vault-CRD work?

Supported Secret Types

Secret Type - KEYVALUE

Secret Type - KEYVALUEV2

Secret Type - PKI

Secret Type - PKIJKS

Secret Type - CERT

Secret Type - CERTJKS

Secret Type - DOCKERCFG

Secret Type - PROPERTIES

Change Detection

Install Vault-CRD

Secret Type - DOCKERCFG

The DOCKERCFG-Type is for syncing the Pull-Credentials for secured Docker repositories. The data has to be saved in a specific format inside a KV Secret Engine.
Based on your used Key Value Secret Engine please see the following instructions.
How To for KV Engine V1:
As already described the Pull-Credentials must be saved in a specific format inside a KV Secret Engine:
1
$ vault write secret/gitlab-hub url=registry.gitlab.com username=username password=VERYSECUREPASSWORD [email protected]
Copied!
After this you can apply the following Vault Resource to Kubernetes:
1
apiVersion: "koudingspawn.de/v1"
2
kind: Vault
3
metadata:
4
  name: test-dockercfg
5
spec:
6
  path: "secret/gitlab-hub"
7
  type: "DOCKERCFG"
Copied!
Now you should see a Vault resource in Kubernetes and the created Docker Pull-Credentials:
1
$ kubectl get vault test-dockercfg
2
NAME             AGE
3
test-dockercfg   8d
Copied!
1
$ kubectl get secret test-dockercfg
2
NAME             TYPE                      DATA      AGE
3
test-dockercfg   kubernetes.io/dockercfg   1         8d
Copied!
How To for KV Engine V2:
As already described the Pull-Credentials must be saved in a specific format inside a KV2 Secret Engine:
1
$ vault kv put secret/gitlab-hub url=registry.gitlab.com username=username password=VERYSECUREPASSWORD [email protected]
Copied!
After this you can apply the following Vault Resource to Kubernetes:
1
apiVersion: "koudingspawn.de/v1"
2
kind: Vault
3
metadata:
4
  name: test-dockercfg
5
spec:
6
  path: "secret/gitlab-hub"
7
  type: "DOCKERCFG"
8
  dockerCfgConfiguration:
9
    type: "KEYVALUEV2"
10
    version: 1
Copied!
Now you should see a Vault resource in Kubernetes and the created Docker Pull-Credentials:
1
$ kubectl get vault test-dockercfg
2
NAME             AGE
3
test-dockercfg   8d
Copied!
1
$ kubectl get secret test-dockercfg
2
NAME             TYPE                      DATA      AGE
3
test-dockercfg   kubernetes.io/dockercfg   1         8d
Copied!
Supported Values in dockerCfgConfiguration
1
dockerCfgConfiguration:
2
  type: "KEYVALUEV2" or "KEYVALUE"   if not provided default: "KEYVALUE"
3
  version: 1                         if not provided default is latest
Copied!
Change Adjustment Callback
For more details please see Change Detection!

Secret Type - CERTJKS

Secret Type - PROPERTIES

Last modified 1yr ago

Copy link

Contents

How To for KV Engine V1:

How To for KV Engine V2:

Supported Values in dockerCfgConfiguration

Change Adjustment Callback