Loading/Storing binary files as secrets

kgunjikar · March 30, 2021, 4:35pm

I generate some keys using the command below. The keyfile.enc is encoded in binary

openssl enc -aes-256-cbc -md sha1   -pass file:/tmp/keyfile.key \
                                          -in /tmp/keyfile \
                                          -out /tmp/keyfile.enc

I want to write the contents of this file as a secret in vault

cat keyfile.enc | vault kv put secret/mysecret key=-

However, when I use this secret in my mutating webhook config I have problems getting the contents of this secret.

Are there any limitations wrt binary files ?

kalafut · April 9, 2021, 6:24am

Are there any limitations wrt binary files ?

Yes. The CLI will be building a JSON body to send to the Vault API, so binary data must be encoded (typically with base64) before sending it to the Vault CLI.

kgunjikar · May 4, 2021, 5:38pm

Thank you . Good to know.