Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Exmaple k8s Secret Script
#!/bin/sh
#Simple script to demonstrate how to read a key=value namespace from vault and generate a Kubernete secret
#Requires Vault server and Vault CLI (http API will also work with modifications)
#Setup app name and namespace that will match what's in the app deployment manifest
# example:
# envFrom:
# - secretRef:
# name: myappname
export APP_NAME="myappname"
export K8S_NAMESPACE="myappnamespace"
export ENVIRONMENT="development"
#Setup Vault
export VAULT_TOKEN="yourtokenhere"
export VAULT_ADDR="youraddresshere"
#Create .secret Secret file to apply to kubernetes cluster
cat << EOF > .secret
apiVersion: v1
kind: Secret
metadata:
name: ${APP_NAME}
namespace: ${K8S_NAMESPACE}
data:
EOF
#Loop through application namespace in vault and append key=value pairs to .secret
#This assumes the format of Vault is simple key=value pairs
# example:
# vault read -field=value secret/${APP_NAME}/${ENVIRONMENT}/REDIS_URL
# redis://redis:6379
echo "Reading config from: /secret/applications/${APP_NAME}/${ENVIRONMENT}"
for KEY in `vault list --format=json /secret/applications/${APP_NAME}/${ENVIRONMENT} | jq -r '.[]'`; do
VALUE=`vault read -field=value /secret/applications/${APP_NAME}/${ENVIRONMENT} | base64 -w0`; echo " ${KEY}: ${VALUE}" >> .secret
done
#Update secret in kuberentes
echo "Updating config for ${APP_NAME}"
kubectl apply -f .secret --validate=false --force=true
#Remove secret file
rm -fr .secret
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.