Hashicorpvault
Benefit
-
Secret engine
Manage credentials without humans getting involved (grant, revoke, rotate, etc.)
- See
dynamic database credential,rotate root database credential
- See
Kubernetes
- agent guide https://learn.hashicorp.com/tutorials/vault/agent-kubernetes?in=vault/kubernetes
- sidecar agent https://learn.hashicorp.com/tutorials/vault/kubernetes-sidecar?in=vault/kubernetes
- security concern https://learn.hashicorp.com/tutorials/vault/kubernetes-security-concerns?in=vault/kubernetes
Cookbook
Read all var and export as env
vault.hashicorp.com/agent-inject-template-env: |
{{ with secret "uat/admin-api" -}}
{{ range $k, $v := .Data.data }}
export {{ $k }}="{{ $v }}"
{{ end }}
{{- end }}