tls using truststore; latests properties

Author: vsevel

README.md

@@ -68,7 +68,7 @@ kubectl exec -n vault -it $vault sh
     
     # create vault policy  
 cat <<EOF | vault policy write mypolicy -
-path "secret/foo" {
+path "secret/vaultappconfig" {
   capabilities = ["read"]
   }
 path "database/creds/mydbrole" {
@@ -84,8 +84,8 @@ EOF
       
     # static secrets
     vault secrets enable -path=secret kv
-    vault kv put secret/foo password=mypass
-    vault kv get secret/foo
+    vault kv put secret/vaultappconfig password=mypass
+    vault kv get secret/vaultappconfig
       
     # dynamic secrets
     vault secrets enable database

src/main/resources/application.properties

@@ -4,7 +4,7 @@
 quarkus.vault.url=https://vault.vault.svc.cluster.local:8200
 quarkus.vault.authentication.kubernetes.role=myapprole
 
-quarkus.vault.credentials-provider.static.kv-path=foo
+quarkus.vault.credentials-provider.static.kv-path=vaultappconfig
 quarkus.vault.credentials-provider.dynamic.database-credentials-role=mydbrole
 
 # static

src/test/k8s/create-cert.sh

@@ -2,6 +2,7 @@
 
 BASEDIR=$(dirname $0)
 echo executing from $BASEDIR
+rm -rf $BASEDIR/local-test
 mkdir $BASEDIR/local-test
 cp $BASEDIR/vault-csr.json $BASEDIR/local-test
 pushd $BASEDIR/local-test
@@ -37,6 +38,7 @@ kubectl get csr vault.vault -o jsonpath='{.status.certificate}' | base64 --decod
 
 cp vault-key.pem tls.key
 cp vault.crt tls.crt
+kubectl delete secret vault-tls --ignore-not-found=false
 kubectl create secret tls vault-tls --key ./tls.key --cert ./tls.crt -n vault
 
 # build a jks from k8s ca.crt