I am making a template for postgres-exporter and encountered such question. Is it possible to use two or more paths to secrets in the "with secret" section? For example {{ with secret "TEST/A/TEST/DEV_COMMON1" "TEST/A/TEST/DEV_COMMON2"}}? In this configuration, Sidecar only reads the last instruction:
vault.hashicorp.com/agent-inject-template-pgsource: |
{{- range .Values.secman.secrets }}
{{`{{ with secret `}}{{ .path | quote }}{{` }}`}}
{{- end }}
#!/bin/sh
{{- $dns := list -}}
{{- range $db := $.Values.database -}}
{{ $dns = append $dns (printf "postgresql://%s:{{ .Data.%s }}@%s:%s/%s?sslmode=%s" $db.user $db.pass $db.hostName $db.port $db.dbSchema $db.sslmode) }}
{{ end -}}
{{`export DATA_SOURCE_NAME=`}}{{ join "," $dns | quote }}
{{- range .Values.secman.secrets }}
{{`{{- end }}`}}
{{- end }}
After templating:
vault.hashicorp.com/agent-inject-template-pgsource: >
{{ with secret "TEST/A/TEST/DEV_COMMON1" }}
{{ with secret "TEST/A/TEST/DEV_COMMON2" }}
#!/bin/sh
export DATA_SOURCE_NAME="postgresql://user1:{{
.Data.pass1
}}@host1:5433/postgres?sslmode=disable,postgresql://user2:{{
.Data.pass2
}}@host2:5433/postgres?sslmode=disable"
{{- end }}
{{- end }}
If I open the pgsource file, I see there "no value":
#!/bin/sh
export DATA_SOURCE_NAME="postgresql://user1:<no value>@host1:5433/postgres?sslmode=disable,postgresql://user2:pass2@host2:5433/postgres?sslmode=disable"
Is it possible for pass1 to be substituted from one tenant and pass2 from another? Thanks!
