Injecting multiple secret paths into pod

HI all,

I am looking for a way to inject multiple paths into a pod using templating as described here (https://learn.hashicorp.com/tutorials/vault/kubernetes-sidecar)

I have the first path working just fine, but I have multiple paths I need to inject. and some with 700 entries…

template:
metadata:
annotations:
vault.hashicorp.com/agent-inject: “true”
vault.hashicorp.com/agent-inject-secret-id: “app/path1”
vault.hashicorp.com/role: “app”
vault.hashicorp.com/agent-inject-template-id: |
{{ with secret “app/path1” -}}
export ID="{{ .Data.id }}"
{{- end }}
labels:
app: web1

Is it safe to just repeat the template pattern?

vault.hashicorp.com/agent-inject: “true”
vault.hashicorp.com/agent-inject-secret-id: “app/path1”
vault.hashicorp.com/agent-inject-secret-id: “app/path2”
vault.hashicorp.com/role: “app1_role”
vault.hashicorp.com/agent-inject-template-id: |
{{ with secret “app/path1” -}}
export ID="{{ .Data.id }}"
{{- end }}
vault.hashicorp.com/agent-inject-template-id: |
{{ with secret “app/path2” -}}
export root="{{ .Data.root }}"
export key1="{{ .Data.key1 }}"
export key2="{{ .Data.key2 }}"
export key3="{{ .Data.key3 }}"
{{- end }}
labels:
app: web1

also, is there a limit to the amount of secrets we can import, because I have about 700 to map?

Ta,

x

1 Like

Right, so I got a working template, and it seems to work just fine…

`annotations:
    vault.hashicorp.com/agent-inject: "true"
    vault.hashicorp.com/secret-volume-path: "/app_injector"
    vault.hashicorp.com/role: "app_role"
    vault.hashicorp.com/agent-inject-secret-keys: "app1_keys"
    vault.hashicorp.com/agent-inject-template-keys: |
      {{ with secret "app1_keys" }}
      {{ range $k, $v := .Data.data }}export {{ $k }}="{{ $v }}"
      {{ end }}
      {{ end }}
    vault.hashicorp.com/agent-inject-secret-keys2: "app2_keys"
    vault.hashicorp.com/agent-inject-template-keys2: |
      {{ with secret "app2_keys" }}
      {{ range $k, $v := .Data.data }}export {{ $k }}="{{ $v }}"
      {{ end }}
      {{ end }}
    vault.hashicorp.com/agent-inject-secret-keys3: "app3_keys"
    vault.hashicorp.com/agent-inject-template-keys3: |
      {{ with secret "app3_keys" }}
      {{ range $k, $v := .Data.data }}export {{ $k }}"{{ $v }}"
      {{ end }}
      {{ end }}
    vault.hashicorp.com/agent-inject-secret-keys4: "app4_keys"
    vault.hashicorp.com/agent-inject-template-keys4: |
      {{ with secret "app4_keys" }}
      {{ range $k, $v := .Data.data }}export {{ $k }}="{{ $v }}"
      {{ end }}
      {{ end }}
    vault.hashicorp.com/agent-inject-secret-keys5: "app5_keys"
    vault.hashicorp.com/agent-inject-template-keys5: |
      {{ with secret "app5_keys" }}
      {{ range $k, $v := .Data.data }}export {{ $k }}="{{ $v }}"
      {{ end }}
      {{ end }} 
    vault.hashicorp.com/agent-inject-secret-keys6: "app6_keys"
    vault.hashicorp.com/agent-inject-template-keys6: |
      {{ with secret "app6_keys" }}
      {{ range $k, $v := .Data.data }}export {{ $k }}="{{ $v }}"
      {{ end }}
      {{ end }} `