Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multi Key Value Secret support #82

Open
spintower opened this issue Nov 13, 2024 · 6 comments
Open

Multi Key Value Secret support #82

spintower opened this issue Nov 13, 2024 · 6 comments
Assignees
@linglingye001

Comments

@spintower
Copy link

Does AppConfiguration-KubernetesProvider support multi-key-value secrets similar to https://akv2k8s.io/tutorials/sync/4-multi-key-value-secret/ and https://external-secrets.io/latest/guides/all-keys-one-secret/?
@RichardChen820
Copy link
Contributor

RichardChen820 commented Nov 13, 2024
edited
Loading

@spintower Short answer is yes.

Secrets resolved from keyVault references are saved into the Secret you specify in the AzureAppConfigurationProvider yaml:

apiVersion: azconfig.io/v1
kind: AzureAppConfigurationProvider
metadata:
  name: appconfigurationprovider-sample
spec:
  endpoint: <your-app-configuration-store-endpoint>
  target:
    configMapName: my-configmap
  configuration:
    selectors:
      - keyFilter: '*'
  secret:
    target:
      secretName: my-secret
    auth:
      managedIdentityClientId: <your-user-assigned-managed-identity-client-id>

Use above yaml as an example, all the selected keyVault reference items will be saved into my-secret, use the AppConfig item‘s key as the key, and the value of the referenced KeyVault secret as the value. And the target my-secret would be in opaque type.

@RichardChen820
Copy link
Contributor

RichardChen820 commented Nov 13, 2024
edited
Loading

@linglingye001 The doc for this part is not very clear. Can we add some examples to clearly illustrate what kind of Secret will be generated with different configurations?

@linglingye001
Copy link
Contributor

@linglingye001 The documentation for this part is not very clear. Can we add some examples to clearly illustrate what kind of Secret will be generated with different configurations?

I will update the doc.

@spintower
Copy link
Author

Thanks @RichardChen820 , I'm looking for a way to extract structured data from a secret (turn one AKV key/value into multiple key/value pairs in k8s secret). For example, https://akv2k8s.io/tutorials/sync/4-multi-key-value-secret/ can take a secret value that contains JSON

{
  "key1": "value1",
  "key2": "value2",
  "key3": "value3"
}

and create a secret with parsed key/value pairs:

apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: db-config
data:
  key1: dmFsdWUx
  key2: dmFsdWUy
  key3: dmFsdWUz

akv2k8s needs the line contentType: application/x-json to indicate that it needs to parse the JSON.

It's my understanding that AppConfiguration-KubernetesProvider in this case will simply insert the JSON-encoded string into the secret without parsing the JSON, is that right?

@RichardChen820
Copy link
Contributor

RichardChen820 commented Nov 13, 2024
edited
Loading

Sounds it's a special protocol defined in akv2k8s targeting to resolve certain format of secret value.

@RichardChen820
Copy link
Contributor

Does the secret in key vault needs application/x-json content type as well?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@linglingye001 linglingye001

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@spintower @RichardChen820 @linglingye001