I'm having a use case with me.
currently, I'm using helm over on premise Kubernetes cluster where all of my environment variables and secrets are stored in helm itself but now I want to store them in hashicorp vault.
as of now its totaly new for me and i'm having some hard time to make it work.
so the use case is something like, how we can use hashicorp vault to store the values which are getting use by Helm as of now. Once we store the values which we want how we can call them by using helm it self only.
any help will be greatly appreciated
To use external-secrets.io to mount secrets from Hashicorp Vault as Kubernetes secrets and consume them as environment variables in a pod, you can follow these steps:
kubectl apply -f https://external-secrets.io/install
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: mysecret
spec:
provider: hashivault
hashivault:
path: secret/myapp
data:
- key: username
name: USERNAME
- key: password
name: PASSWORD
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp
spec:
replicas: 1
selector:
matchLabels:
app: myapp
template:
metadata:
labels:
app: myapp
spec:
containers:
- name: myapp
image: myapp:latest
env:
- name: USERNAME
valueFrom:
secretKeyRef:
name: mysecret
key: USERNAME
- name: PASSWORD
valueFrom:
secretKeyRef:
name: mysecret
key: PASSWORD
kubectl apply -f deployment.yaml
This will mount the secrets from Vault into a Kubernetes secret, and then consume the secrets as environment variables in the pod. You can access the values of the secrets in your application as os.getenv("USERNAME")
and os.getenv("PASSWORD")
.
Note: You will need to have the Hashicorp Vault CLI installed and configured, and have access to the Vault server, in order to complete these steps.