I have deployed vault in K8s . I would like to know how to inject the vault secret in the configmap of a application which has all the configuration of the application.
Asked
Active
Viewed 1,974 times
1
-
2This might help https://learn.hashicorp.com/tutorials/vault/agent-kubernetes#start-vault-agent-with-auto-auth , if you add a sample scenario then you might get exact answer. – Tarun Khosla May 18 '22 at 06:39
-
Secrets are injected as mounts into the containers. – Matthew Schuchard May 18 '22 at 13:58
1 Answers
1
It's not possible you can not mount the vault secret into config map. But you can parallelly inject both configmap and vault secret to single deployment.
- If you are mounting configmap as the file you can mount vault secret as file into same directory or another directory.
- If injecting configmap as an environment variable you can also do the same with vault secret.
If you are injecting the configmap as environment variable i would suggest checking out the : https://github.com/DaspawnW/vault-crd
vault-crd sync the vault secret to Kubernetes secret and you can easily inject Kubernetes secret to deployment. Although it's not good considering the security perspective.
There are many different method you can inject vault secret into deployment.
Harsh Manvar
- 27,020
- 6
- 48
- 102
-
Thank you @Harsh Manvar. Application is not expecting it as a environment variable. We use a property file which has list of attribute settings. So I mounted that as a configmap. But now some of the attributes are marked as sensitive information. So is there any way to achieve this scenario by using vault? – Sowmiya May 18 '22 at 08:21
-
only option i am seeing to inject both as different file or you merge it inside pod by running init container, which fetch data from vault and configmap make single file mount that file further to single container. – Harsh Manvar May 18 '22 at 08:27