Hello and good evening,
I’m facing with a problem using Vault within GitHub workflow, let me try to explain my scenario:
I’ve deployed on my k8s cluster (placed inside of an eks) a Vault instance using Helm and I’ve expose correctly this service to an ec2 instance (again in same eks) with a nodePort.
On this ec2 I’ve a docker container that run a self-hosted github runner, linked to a gh repo.
On this repo I’ve wrote a dummy workflow just to communicate with my vault instance to retrieve and consume secrets.
From vault-0 pod bash:
- I successfully unseal server using the 3 vault keys
- I’ve create kv/secret path (v2)
- I wrote a policy just with capabilities = [“read”] for the kv/secret
- Finally I’ve added a test secret like foo=bar
From vault-workflow in github action:
- I’m using these commands:
The problem is that when I run this workflow, job fail with Response code 500 (Internal Server Error).
I thought that was an ip or port issue but I tried to make a curl from inside of my gh runner container (in ec2) like:
curl -H "X-Vault-Token: <my-vault-root-token>" -X GET http://my.eks.cluster.ip:<exposed_service_nodeport>/v1/kv/data/secret?version=1
and vault service answered with response code 204 with the correct json (I can see my foo=bar secret), sign that the service is correctly exposed.
Now, idk what is the problem because it’s my first time with vault and I’m newby to this.
Maybe I’ve made a mistake or I miss something? My vault server is in standalone mode and I don’t want to run it in dev mode, neither in HA mode…can someone help me? It will be much appreciated, thanks!
Good evening at all