-
Notifications
You must be signed in to change notification settings - Fork 46
Secrets #20
Comments
@nicholasjackson Any way we can get this added in the near future. I have a couple really good use cases but I need secrets via Vault. I would totally help write the code to get my Go skills up to par. I definitely need the practice. |
@cpitkin Yes, I have actually been having a think about this, I think the best way is that the secrets are directly added to vault and the nomad provider would just read the secrets from Vault rather than the CLI pushing secrets to to the provider and it writing and reading Vault. This both should give a more consistent Vault / Nomad workflow. I will get this added to my schedule and hopefully will complete it this week. |
The CLI only specifies the name of secrets... not the plaintext values. |
I have added a first pass at this in the following pull request Currently this would only support the v1 API, templates have a different form for the v2 api, we could detect this based on the path as v1 would use /secret/mysecret and v2 /secret/data/mysecret |
I've also added #50 to provide a consistent approach to faas-cli usage and yaml declaration of secrets (only secret names, no Vault-style paths since I don't think that translates between providers). |
All merged in v0.3.1 |
Provide capability to store and access secrets for a function using HashiCorp Vault.
This issue is currently blocked by the lack of E2E TLS in OpenFaaS, there is currently an open issue to resolve this.
The text was updated successfully, but these errors were encountered: