Purpose of plugin to get values from vault server and without any middle steps
run helm install/upgrade
-
To set specific vault address set environment variable
export VAULT_ADDR=https://vault.com:8200 -
To set specific namespace set environment variable
export VAULT_NAMESPACE=secret/development/creds -
In case of problems with ssl
export VAULT_SKIP_VERIFY=1 -
Search secrets in needed location
export VAULT_SECRET_PATH=secret/development
Plugin in development.
You can build ./cmd/vault/vault.go and leave at $HELM_PLUGIN_DIR/bin/
Also leave plugin.yaml in $HELM_PLUGIN_DIR
You need to export variables that described higher and run helm vault
-f - write secrets to file and return filename
-u - set username. If empty VAULT_TOKEN will be used
-p - set password. Can be empty.
-t - set auth type. Can be userpass (by default) and ldap
Example of using:
export VAULT_ADDR=https://vault.com:8200
export VAULT_NAMESPACE=secret/development/creds
export VAULT_SKIP_VERIFY=1
export VAULT_TOKEN=s.XXXXXXXXXXXXXX
helm install release_name chart -f $(helm vault -f /tmp/test.yaml)
helm vault -u username -p password -t ldap -f /tmp/test.yaml
- Installation script to automate install process