Inject secrets as Environment Variables

octopus20 · May 17, 2022, 5:17pm

Hello ,

I have vault-injector deployed to my k8s cluster to inject the secrets from Vault into my cluster, I added vault-agent annotations to my helm chart as below and I’m wondering if there is a way to have the secret template in key=value format

        vault.hashicorp.com/agent-inject: "true"
        vault.hashicorp.com/agent-inject-status: "update"
        vault.hashicorp.com/role: "role-name"
        vault.hashicorp.com/agent-inject-secret-config: "path/to/vault/secret"
        vault.hashicorp.com/agent-inject-secret-envvars: "path/to/vault/secret"
        vault.hashicorp.com/agent-inject-template-env: |
         {{- `{{ with secret "path/to/vault/secret" }}
            {{- range $key, $value := .Data.data }}
               {{ $key }}={{ $value }}
         {{- end -}} `}}

when the vault-init running it calls the template.server but when init job ends the injected file content map of array or JSON but not key=value format

Anyone has played with vault.hashicorp.com/agent-inject-template-env before? Any advise?

Thanks in advance,
Abeer

abdennour · May 18, 2022, 3:47am

Try:

prefixing any {{ by {{`
and suffixing any }} by `}}

By that you are telling Helm to skip template interpolation

octopus20 · May 20, 2022, 3:10pm

Thank you @abdennour , I used CSI Driver for injecting the secrets instead of vault-injector … just found it more useful for my use case.

Topic		Replies	Views
Vault-helm and kubernetes environment variables Vault k8s	15	8161	April 19, 2023
Read vault secrets as an environment variable inside k8s pod Vault	2	1067	November 29, 2022
Trouble injecting env variables via vault agent Vault	2	347	November 30, 2022
Helm template with agent template Vault	1	438	July 17, 2023
Injecting Secrets from Hashicorp Vault to a helmchart Vault vault	3	978	May 21, 2024

Inject secrets as Environment Variables

Related topics