Secret Type - PROPERTIES
The PROPERTIES-Type is for rendering property-files based on secrets stored in HashiCorp Vault in the mountpoints for kv-1 or kv-2.
First store some secrets in HashiCorp Vault:
$ vault write datasource/host host=localhost$ vault kv put database/root username=root password=verysecure
After this create the following Vault-Resource and apply it to Kubernetes:
apiVersion: "koudingspawn.de/v1"kind: Vaultmetadata:name: properties-examplespec:type: "PROPERTIES"propertiesConfiguration:files:application.properties: |datasource.username={{ vault.lookupV2('database/root').get('username') }}datasource.password={{ vault.lookupV2('database/root').get('password') }}datasource.host={{ vault.lookup('datasource/host', 'host') }}
Now you should see, that the secret gets rendered and stored in Kubernetes and the Vault resource is also available:
$ kubectl get vault properties-exampleNAME AGEproperties-example 10s
$ kubectl get secret properties-exampleNAME TYPE DATA AGEproperties-example Opaque 1 9s
The following expressions are available for rendering secrets stored in HashiCorp Vault:
Method | returns | Description |
vault.lookup(String path) | Java:HashMap | Looks inside a KV-1 Store for stored key-value pairs. The secrets are now available via .get('key') |
vault.lookup(String path, String key) | String | Looks inside a KV-1 Store for stored key in key-value path. |
vault.lookupV2(String path) | Java:HashMap | Looks inside a KV-2 Store for stored key-value pairs. The secrets are now available via .get('key'). It uses the latest version. |
vault.lookupV2(String path, String key) | String | Looks inside a KV-2 Store for stored key in key-value path. It uses the latest version. |
vault.lookupV2(String path, int version, String key) | String | Looks inside a KV-2 Store for stored key in key-value path with a specific version. |
For more details please see Change Detection!