I have K8s secret, similar to the below YAML. one of the fields, `AVP_SECRET_ID` . . .

kodekloud · April 29, 2022, 4:21am

Andy S:
i have K8s secret, similar to the below YAML. one of the fields, AVP_SECRET_ID , needs to be populated with short-term credentials. as it’s impractical to manually update and apply this YAML every time this value is updated, what’s the recommended way to keep this value up to date?

apiVersion: v1
data:
  VAULT_ADDR: Zm9v
  AVP_AUTH_TYPE: Zm9v
  AVP_ROLE_ID: Zm9v
  AVP_SECRET_ID: Zm9v &lt;--- short-term creds
  AVP_TYPE: Zm9v
kind: Secret
metadata:
  name: argocd-vault-plugin-credentials
  namespace: argocd
type: Opaque

kodekloud · April 29, 2022, 4:21am

Andy S:
fyi, the new AVP_SECRET_ID value is generated by the HashiCorp Vault tool and, in this case, would be generated by a command like:

vault write -f auth/approle/role/my-role/secret-id

kodekloud · April 29, 2022, 4:21am

unnivkn:
Hi @Andy S please try to follow this: https://www.hashicorp.com/blog/dynamic-database-credentials-with-vault-and-kubernetes

kodekloud · April 29, 2022, 4:21am

unnivkn:
https://nirmata.com/2018/12/19/managing-kubernetes-secrets-with-hashicorp-vault-and-nirmata/

kodekloud · April 29, 2022, 4:21am

unnivkn:
https://rafay.co/the-kubernetes-current/kubernetes-secrets-management-with-hashicorp-vault-and-rafay/