-
-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Enhancement]: Run init commands before storing secrets to Vault #7532
Comments
Hi @ThomasKasene, yes, I think it's a bit confused but I would recommend to use just .withInitCommand(
"secrets enable transit",
"write -f transit/keys/my-key",
"secrets enable -path=postgresql kv",
"kv put postgresql/test username=test password=test"); Short term, I see the deprecation of |
Thanks for your reply and suggested workaround! It worked, of course 😄 I'd contest any decision to not provide helper-methods, however: Personally, I have no interest in knowing the APIs or command lines involved in talking to Vault. Vault is configured out-of-band of my application. Nevertheless, I needed to waste time reading up on them in order to get the testcontainer to work (and the API engine versioning stuff is no laughing matter, holy smokes!) It would've been a lot simpler for me if this had worked out of the box. I appreciate what you say about coupling, but the helper methods could be overridable, could they not? And optionally, accept a DTO parameter that is also overridable for more flexibility. |
I can understand this as you are fine by running |
Module
Vault
Proposal
In the
VaultContainer
there's this little method:This works fine for the most part, but I recently had a situation where I needed to run the
kv
(v1) engine on thepostgresql
secret path, so I added this to my config:It doesn't look as though existing secrets are affected by the
secrets enable -path=postgresql kv
, however. It does work if I comment out the.withSecretsInVault(...)
line and add this monstrosity after the block above, which is more or less the same logic you'll find inside theaddSecrets()
-method:So my suggestion is to adjust the implementation of
containerIsStarted(InspectContainerResponse)
to this:The text was updated successfully, but these errors were encountered: