Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for HashiCorp Vault #1

Open
2 of 11 tasks
Just-Insane opened this issue Mar 16, 2019 · 0 comments
Open
2 of 11 tasks

Add support for HashiCorp Vault #1

Just-Insane opened this issue Mar 16, 2019 · 0 comments

Comments

@Just-Insane
Copy link
Owner

Just-Insane commented Mar 16, 2019
edited
Loading

Preamble

I have added basic support for HashiCorp Vault with this commit bbd02c1.

Features

Implemented Features

  • secret value storage in vault
  • secret value retrieval from vault

Unimplemented Features

  • working with helm-wrapper
    • on-the-fly decryption for use with install/upgrade/diff/lint
  • ability to change plaintext secret deliminator (currently hard-coded as "changeme")
  • ability to change the path that secrets are stored to in Vault
  • hide secret data on input/do not show on output
  • helm secrets clean appears to be broken, though it is unmodified
  • view support
  • edit support

Untested Features

  • multi-line secret values

Unplanned Features

  • non-K/V secrets
  • non-text secrets

Documentation

Prerequisites

  • Working Vault server
  • Vault agent setup on local machine
    • $VAULT_ADDR
    • $VAULT_TOKEN (or other auth configuration)

Workflow

  1. Modify your values.yaml files to change your secret values to 'changeme'
  2. Run helm secrets enc values.yaml
    1. You will be prompted to enter secret values for each 'changeme' found
    2. The entered secret values will be written to Vault
    3. You will be presented with the path where the secrets are stored
  3. Run helm secrets dec values.yaml
    1. You will be presented with the found secret values from Vault
    2. These secret values will automatically be substituted into values.yaml and stored at values.yaml.dec
  4. Run 'helm secrets install --name [name] -f values.yaml.dec stable/[chart]`
    1. Helm will install your chart with the secrets stored in values.yaml.dec
  5. Clean up by running rm values.yaml.dec

Misc.

Support/Questions

If you have any questions or run into issues, open an issue at Just-Insane/helm-secrets or futuresimple/helm-secrets and @Just-Insane

Feature Requests

If you would like to suggest a new feature, open an issue at Just-Insane/helm-secrets or futuresimple/helm-secrets and @Just-Insane

Standalone Code

The standalone code for converting yaml into Vault secrets can be found here: Just-Insane/helm-vault. It is (nearly) the same code that is integrated into helm-secrets
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Just-Insane