Vault-CRD
  • Introduction
  • How does Vault-CRD work?
  • Supported Secret Types
    • Secret Type - KEYVALUE
    • Secret Type - KEYVALUEV2
    • Secret Type - PKI
    • Secret Type - PKIJKS
    • Secret Type - CERT
    • Secret Type - CERTJKS
    • Secret Type - DOCKERCFG
    • Secret Type - PROPERTIES
  • Change Detection
  • Install Vault-CRD
    • Self Signed Certificates
    • Enable Admission Webhook
Powered by GitBook
On this page
  • How To
  • Configuration Options
  • Change Adjustment Callback
  1. Supported Secret Types

Secret Type - KEYVALUEV2

The KEYVALUEV2-Type is made for synchronising Secrets stored in the new KV2 Secret Engine with Kubernetes Secrets.

How To

First write some secrets to HashiCorp Vault:

$ vault kv put versioned/example key=value

After this create the following Vault-Resource and apply it to Kubernetes:

apiVersion: "koudingspawn.de/v1"
kind: Vault
metadata:
  name: versionedsecret
spec:
  path: "versioned/example"
  type: "KEYVALUEV2"
  versionConfiguration:
    version: 1

Now you should see, the new Secret and the Vault resource are available:

$ kubectl get vault versionedsecret
NAME                 AGE
versionedsecret      10m
$ kubectl get secret versionedsecret
NAME                                   TYPE                                  DATA      AGE
versionedsecret                        Opaque                                1

Configuration Options

The versionConfiguration in the Vault-Custom Resource Definition is optional. If no version is specified the latest version will be used and in case of a new version in Vault it will be synchronized automatically to Kubernetes.

apiVersion: "koudingspawn.de/v1"
kind: Vault
metadata:
  name: versionedsecret
spec:
  path: "versioned/example"
  type: "KEYVALUEV2"

Change Adjustment Callback

PreviousSecret Type - KEYVALUENextSecret Type - PKI

Last updated 4 years ago

For more details please see !

Change Detection