I’m injecting a base64 encoded truststore file into my container and then using the ‘agent-inject-command’ annotation in an attempt to decode the secret and write it to a file. Here is a snipped of my k8s manifest:
vault.hashicorp.com/agent-inject-secret-truststore-jks: "secret/directory/truststore_jks" vault.hashicorp.com/agent-inject-file-truststore-jks: b64.truststore.jks vault.hashicorp.com/secret-volume-path-truststore-jks: /home vault.hashicorp.com/agent-inject-command-truststore-jks-truststore-jks: /bin/bash -c "base64 -d /home/b64.truststore.jks > /home/truststore.jks"
The result is that the encoded version is injected to the file, but the command does not run successfully, thus the decoded version does not exist in the container. The logs for the ‘VAULT-AGENT-INIT’ container don’t report any problem:
I have tried the same command with
kubectl exec and it had the desired result.
If someone could let me know where I’m going wrong or give me another method of achieving a similar goal it would be greatly appreciated.