Secret Type - KEYVALUEV2

Last updated 2 months ago

The KEYVALUEV2-Type is made for synchronising Secrets stored in the new KV2 Secret Engine with Kubernetes Secrets.

How To

First write some secrets to HashiCorp Vault:

$ vault kv put versioned/example key=value

After this create the following Vault-Resource and apply it to Kubernetes:

apiVersion: "koudingspawn.de/v1"
kind: Vault
metadata:
name: versionedsecret
spec:
path: "versioned/example"
type: "KEYVALUEV2"
versionConfiguration:
version: 1

Now you should see, the new Secret and the Vault resource are available:

$ kubectl get vault versionedsecret
NAME AGE
versionedsecret 10m
$ kubectl get secret versionedsecret
NAME TYPE DATA AGE
versionedsecret Opaque 1

Configuration Options

The versionConfiguration in the Vault-Custom Resource Definition is optional. If no version is specified the latest version will be used and in case of a new version in Vault it will be synchronized automatically to Kubernetes.

apiVersion: "koudingspawn.de/v1"
kind: Vault
metadata:
name: versionedsecret
spec:
path: "versioned/example"
type: "KEYVALUEV2"