Hi,
We use vault agent injector as init container in our Kubernetes cluster.
Vault is currently running with secret engine kv1 and I am working to upgrade to kv2.
It seems that our current code isn’t working on kv2 with deleted secrets.
This code example works for both kv1 and kv2:
{{- range secrets "secretv1_2/kafka" }}
{{- if eq . "mainretrylevel4" }}
{{- with secret "secretv1_2/kafka/mainretrylevel4" }}
{{- if index .Data "data" }}
{{- range $k, $v := .Data.data }}
export kafka_mainretrylevel4_{{ $k }}='{{ $v }}'
export KAFKA_MAINRETRYLEVEL4_{{ $k | toUpper }}='{{ $v }}'
{{- end }}
{{- else }}
{{- range $k, $v := .Data }}
export kafka_mainretrylevel4_{{ $k }}='{{ $v }}'
export KAFKA_MAINRETRYLEVEL4_{{ $k | toUpper }}='{{ $v }}'
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
This doesn’t work for deleted secrets in kv2 that return different response.
{
"request_id": "xx-xx-xx-xx-2b69fcf6f154",
"lease_id": "",
"lease_duration": 0,
"renewable": false,
"data": {
"data": null
},
"metadata": {
"version": 1
}
},
"warnings": null
}
Not sure what is the correct way to handle the null.