Injecting Secrets from Hashicorp Vault to a helmchart

MSP85 · January 8, 2024, 8:18pm

We are trying to inject secrets into our helm charts values.yaml using agent injector. Can you point me to some examples on what annotations need to be used in helm charts to inject a password

kschoche · January 22, 2024, 4:03pm

The typical workflow is to use the helm chart’s pod annotation fields to add templating logic that enables the agent injector to inject secrets into the application at run time. This of course relies on the helm chart exposing that field.

Here’s a very hand-wavy example of how I would do it if trying to inject a secret through the postgresql helm chart:

global:
  primary:
    podAnnotations: |
      vault.hashicorp.com/agent-inject: 'true'
      vault.hashicorp.com/role: 'role1'
      vault.hashicorp.com/agent-inject-secret-config: 'kvv1/secret'

MSP85 · February 17, 2024, 3:49am

I do need to add the vault details as well in the chart?

something on these lines:

Vault:
enabled: true
address:
authpath:
secretPath:

glisav · May 21, 2024, 2:48pm

You can refer to this documentation for more information regarding this topic:

Topic		Replies	Views
How to access a secret injected into a Kubernetes pod? Vault k8s , helm , vault	5	1123	January 19, 2024
Inject secrets as Environment Variables Vault k8s , vault	2	2899	May 20, 2022
Vault secret injection with Helm charts Vault k8s	0	499	October 15, 2020
Vault-helm and annotations in a helm chart Vault k8s	2	3525	September 3, 2021
Recommended way to inject secrets into pod from multiple path with annotations? Vault	3	1887	March 8, 2022

Injecting Secrets from Hashicorp Vault to a helmchart

Related topics