Vault-CRD
Search…
Secret Type - KEYVALUEV2
The KEYVALUEV2-Type is made for synchronising Secrets stored in the new KV2 Secret Engine with Kubernetes Secrets.

How To

First write some secrets to HashiCorp Vault:
1
$ vault kv put versioned/example key=value
Copied!
After this create the following Vault-Resource and apply it to Kubernetes:
1
apiVersion: "koudingspawn.de/v1"
2
kind: Vault
3
metadata:
4
name: versionedsecret
5
spec:
6
path: "versioned/example"
7
type: "KEYVALUEV2"
8
versionConfiguration:
9
version: 1
Copied!
Now you should see, the new Secret and the Vault resource are available:
1
$ kubectl get vault versionedsecret
2
NAME AGE
3
versionedsecret 10m
Copied!
1
$ kubectl get secret versionedsecret
2
NAME TYPE DATA AGE
3
versionedsecret Opaque 1
Copied!

Configuration Options

The versionConfiguration in the Vault-Custom Resource Definition is optional. If no version is specified the latest version will be used and in case of a new version in Vault it will be synchronized automatically to Kubernetes.
1
apiVersion: "koudingspawn.de/v1"
2
kind: Vault
3
metadata:
4
name: versionedsecret
5
spec:
6
path: "versioned/example"
7
type: "KEYVALUEV2"
Copied!

Change Adjustment Callback

For more details please see Change Detection!
Last modified 1yr ago