Hi I have added secret in my hashi corp vault in the below path
cep-kv/dev/sqlpassword
I am trying to access secret in my manifest as below
spec:
serviceAccountName: default
containers: # List
- name: cep-container
image: myinage:latest
env:
- name: AppSettings__Key
value: vault:cep-kv/dev/sqlpassword#sqlpassword
This is throwing error below
failed to inject secrets from vault: failed to read secret from path: cep-kv/dev/sqlpassword: Error making API request.\n\nURL: GET https://vaultnet/v1/cep-kv/dev/sqlpassword?version=-1\nCode: 403. Errors:\n\n* 1 error occurred:\n\t* permission denied\n\n" app=vault-env
Is the path I am trying to access is correct value:
vault:cep-kv/dev/sqlpassword#sqlpassword
I tried with below path too
value: vault:cep-kv/dev/sqlpassword
This says secret not found in respective path. Can someone help me to get secret from hashi corp vault. Any help would be appreciated. Thanks
As you are getting 403 permission you need to Configure Kubernetes authentication, you can configure authentication from the following step:
vault enable auth kubernetes
vault write auth/kubernetes/config \
kubernetes_host=https://192.168.99.100:<your TCP port or blank for 443>
Create a named role:
vault write auth/kubernetes/role/demo \
bound_service_account_names=myapp \
bound_service_account_namespaces=default \
policies=default \
ttl=1h
Write out the ” myapp ” policy that enables the “read” capability for secrets at the path .
vault policy write myapp -path "yourpath"
{ capabilities = ["read"] }
For more information follow Configuration, Here is a blog explaining the usage of secrets in kubernetes.