Hi,
We need to inject a binary file as a secret, so we need to decode while ingesting. The correct settings are like that
-
Secrets(binary file) in encoded form are stored in vault as hadoopsuperuser.keytab
-
We need to mount the above secrets in kubernetes deployment while transforming the contents of the secret in the .yaml file and what’s happening right now is that it’s not decoding the secret. It’s just copying the encoded content of the secret from vault and mounting it to the pods in kubernetes deployment. We have used the following code in the values.yaml
transformation:
templateSpecs:
- name: test1
text: '{{- get .Secrets "test1" | b64dec -}}' and the configurations of the template file for vault-secrets is below where the nifi-cluster is the kubernetes cluster and the hadoopsuperuser.keytab is the secret which is stored in vault
apiVersion: v1
kind: Secret
metadata:
name: hadoopsuperuser.keytab
type: Opaque
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
name: hadoopsuperuser.keytab
spec:
vaultAuthRef: nifi-cluster
mount: {{ .Values.global.environment }}
path: nifi-cluster/hadoopsuperuser.keytab
type: kv-v2
refreshAfter: 5m
destination:
name: hadoopsuperuser.keytab
the external volume config in values.yaml looks like
- name: hadoop-keytab
mountPath: /opt/nifi/nifi-current/conf/hdfs/hadoopsuperuser.keytab
subPath: hadoopsuperuser.keytab
secret:
secretName: hadoopsuperuser.keytab
So, we are having issues with the md5sum of the end output. Is there any other way of doing this base64 decoding while fetching secrets from vault using the vault secret operator? Please let us know. Thank you !!!