Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Implement /system/secrets and use Nomad's configured Vault API #69
What are the steps to reproduce this issue?
The secret endpoints are not yet supported.
Any other comments?
Adding this for tracking. The approach so far is to implement against Vault's API using the already-established convention of the default Vault policy and key prefix from faas-nomad.
@nicholasjackson My implementation thus far uses the Nomad agent self config, which contains the Vault info. Ultimately faas-nomad needs a management style Nomad ACL token,
Actually, the only way to do this properly is to have an "openfaas" Vault policy (already required with secrets) and an AppRole token tied to that policy which is provided to faas-nomad. That way, the faas-cli can only manage secrets defined in the policy. The vault service and other config is discovered via
This requires some Vault management up front, but I don't see a way around that. Suggestions?