Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support mount multiple secrets #58

Open
ardimaul opened this issue Dec 21, 2020 · 7 comments
Open

Add support mount multiple secrets #58

ardimaul opened this issue Dec 21, 2020 · 7 comments

Comments

@ardimaul
Copy link

ardimaul commented Dec 21, 2020

Hi..
When vault come into different path for applying some policy for different departement like database credentials, apps configuration and others, We need to merge into one environment configuration in kubernetes apps.
Rather than create more than one vault kind for each path, I think this can be done by mount multiple path of vault in one kind vault-crd then combine it into one secrets, then mount it into kubernetes apps environment for only single secrets

@DaspawnW
Copy link
Owner

Hi @ardimaul,

please have a look at this: https://vault.koudingspawn.de/supported-secret-types/secret-type-properties
Does it support your requirements?

@ardimaul
Copy link
Author

ardimaul commented Jan 4, 2021

Hi @DaspawnW
Yes, it works like that, multiple mounting.. But it doesn't support return as string without specify the key like KV/KV2 mounting type.

@ardimaul
Copy link
Author

Maybe it will looks like this,

spec:
  type: "KEYVALUE"
  path:
    - "secret/one-secret"
    - "secret/two-secret"

If key exist in both secret, the last key in secret will apply to them

@DaspawnW
Copy link
Owner

Hi @ardimaul,

I would really welcome a merge request for it :-)

@matiri132
Copy link

Hi DaspawnW , i can work with this issue cause i need it for a project, can you give some hints on how to proceed to make ir more faster. Where in the source code do you think this issue can be solved. I'm reading the code but it can be faster if you sendme a hint to how to start.

@DaspawnW
Copy link
Owner

Hi @matiri132,

I would recommend you create a new Secret Type:

The other option is you add an additional property next to the path property called paths (to prevent collision) https://github.com/DaspawnW/vault-crd/blob/master/crd.yml#L25 and update the corresponding VaultSpec in Java:
https://github.com/DaspawnW/vault-crd/blob/master/src/main/java/de/koudingspawn/vault/crd/VaultSpec.java#L10

Then you can "simply" change the KeyValueGenerator / KeyValueRefresh classes to take this up.

@matiri132
Copy link

Hi @DaspawnW , i was working around the propossals that you give me to start the resolution of the issue but i'm blocked.
I'm trying to add a property called paths what works as Array in the crd.yaml, so the VaultSpec receives this Array as "paths".
But then the KeyValueGenerator wants to return a single secret.
Here i'm blocked cause i can't reach where the KeyGenerator is used to create the Kubernetes secret from the VaultSecret.
If you can guide me in the code flow or give me some documentation of how works the whole program to figure out how continue with this.
I'll give to you this first changes in a new branch (but the code not compile yet).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants