Creating image pull secrets?

[jiphex]

I'm just interested if anyone's got a good way to use vault-secrets-operator to generate Kubernetes-compatible Image Pull Secrets?

I realise that I could do this (I think) by creating a VaultSecret object referencing a path in Vault which stores a raw .dockerconfigjson style key (as shown in a previous issue), but I guess really I'd like the keys in the Vault secret to be stored with more useful keys (e.g docker-server,docker-password etc like you can do with kubectl create secret docker-registry).

Maybe I can just implement this with the templates proposed by @bartmeuris, but I feel like this is something that people must have hit before and had a way of sorting?

[ricoberger]

Hi @jiphex, we are still creating image pull secrets in the way mentioned in the linked issue (#14). Since @bartmeuris PR is merged now and available in the latest release 1.9.0, we may switch to this approach.

[jiphex]

Thanks @ricoberger that's useful

[jiphex]

Just in case someone comes across this in future, I've made this work now using the templates support from 1.9.0

apiVersion: ricoberger.de/v1alpha1
kind: VaultSecret
metadata:
  name: an-image-pull-secret
spec:
  path: secret/some-vault-path
  type: kubernetes.io/dockerconfigjson
  templates:
    .dockerconfigjson: '{"auths":{"hostname.of.registry.com":{"username":"{% .Secrets.username %}","password":"{% .Secrets.token %}"}}}'

This assumes that the Path is a Vault KV object with username and token keys.