Vault-CRD
Search…
Secret Type - PROPERTIES
The PROPERTIES-Type is for rendering property-files based on secrets stored in HashiCorp Vault in the mountpoints for kv-1 or kv-2.

How To

First store some secrets in HashiCorp Vault:
1
$ vault write datasource/host host=localhost
2
$ vault kv put database/root username=root password=verysecure
Copied!
After this create the following Vault-Resource and apply it to Kubernetes:
1
apiVersion: "koudingspawn.de/v1"
2
kind: Vault
3
metadata:
4
name: properties-example
5
spec:
6
type: "PROPERTIES"
7
propertiesConfiguration:
8
files:
9
application.properties: |
10
datasource.username={{ vault.lookupV2('database/root').get('username') }}
11
datasource.password={{ vault.lookupV2('database/root').get('password') }}
12
datasource.host={{ vault.lookup('datasource/host', 'host') }}
Copied!
Now you should see, that the secret gets rendered and stored in Kubernetes and the Vault resource is also available:
1
$ kubectl get vault properties-example
2
NAME AGE
3
properties-example 10s
Copied!
1
$ kubectl get secret properties-example
2
NAME TYPE DATA AGE
3
properties-example Opaque 1 9s
Copied!

Rendering Options

The following expressions are available for rendering secrets stored in HashiCorp Vault:
Method
returns
Description
vault.lookup(String path)
Java:HashMap
Looks inside a KV-1 Store for stored key-value pairs. The secrets are now available via .get('key')
vault.lookup(String path, String key)
String
Looks inside a KV-1 Store for stored key in key-value path.
vault.lookupV2(String path)
Java:HashMap
Looks inside a KV-2 Store for stored key-value pairs. The secrets are now available via .get('key'). It uses the latest version.
vault.lookupV2(String path, String key)
String
Looks inside a KV-2 Store for stored key in key-value path. It uses the latest version.
vault.lookupV2(String path, int version, String key)
String
Looks inside a KV-2 Store for stored key in key-value path with a specific version.

Change Adjustment Callback

For more details please see Change Detection!
Last modified 1yr ago