vault-secret | Kubernetes controller and tool for creating k8s secret | Identity Management library
kandi X-RAY | vault-secret Summary
kandi X-RAY | vault-secret Summary
A Kubernetes controller and tool for creating k8s secret from hashicorp vault
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- Reconcile reconciles a Vault secret
- main entry point
- kvPreflightVersionRequest makes a kvPreflight version request .
- GetTokenFromSA returns the token associated with the service account
- getWatchMultiNamespaces retrieves the list of namespaces from the environment variable
- NewCachedClient creates a new CachedClient
- contains returns the index of str in s .
- NewConfig returns a new Config struct
- NewAppRoleProvider creates a new AppRoleProvider
- AddLabelFilter adds a new label filter .
vault-secret Key Features
vault-secret Examples and Code Snippets
Lines of Code : 62License : Permissive (Apache-2.0)
CopyapiVersion: maupu.org/v1beta1
kind: VaultSecret
metadata:
name: example-vaultsecret
namespace: nma
spec:
secretName: vault-secret-test
secretLabels:
foo: bar
secretAnnotations:
foo: bar
secrets:
- secretKey: username
kvP config:
addr: https://vault.example.com
auth:
approle:
roleId:
secretId:
config:
addr: https://vault.example.com
auth:
kubernetes:
role: myrole
cluster: kubernetes
Community Discussions
Trending Discussions on vault-secret
QUESTION
I am using Azure functions (JavaScript/node) to query and retrieve data from CosmosDB. That works fine. However, I haven't been successful at implementing key vault secrets to store the primary key for cosmosDB. I get the error:
...ANSWER
Answered 2021-Jun-07 at 05:18Please change the following lines of code:
QUESTION
firstly I create a web activity to get keyvault,and then create a "set variable" activity. when I try to create variable in the "set variable" activity, it shows "no results found". BTW I cannot attach screenshot due to less reputation . I refer to this doc to do execution
...ANSWER
Answered 2021-Jun-03 at 09:07QUESTION
I am trying to create a key vault backed secret scope in Azure databricks using a powershell script that runs during Azure DevOps deployment. It works fine when I run locally using my own credentials but I get an error when I try to run it using the service principal credentials.
The problem I'm having is similar to but not exactly the same as this previous post.
Here is my script:
...ANSWER
Answered 2021-May-12 at 11:43You can't execute this operation using the service principal - this is a limitation on the Azure side. The documentation says about this explicitly:
You need an Azure AD user token to create an Azure Key Vault-backed secret scope with the Databricks CLI. You cannot use an Azure Databricks personal access token or an Azure AD application token that belongs to a service principal.
P.S. It's a big pain point when automating the provisioning of workspaces, but because it's a problem in Azure, everything that you can do is to escalate to their support, maybe it will be prioritized.
P.P.S. have you looked onto Databricks Terraform Provider - it may make your life easier compared to Powershell + REST API
QUESTION
I'm updating some scripts that were using Microsoft's older azure-storage module and switching up the the v12 SDK.
I'm encountering an issue generating SAS tokens for blobs. Using the following code:
...ANSWER
Answered 2021-May-04 at 01:32In your code using V12 SDK, for generate_blob_sas function, the param name should be permission instead of permissions
This is my test code based on the code you shared:
QUESTION
I am trying to automate the creation of certain azure resources via an Azure PowerShell script that is triggered from an Azure DevOps release pipeline. I want to create a function app, and automatically integrate reading right access to secrets in an already existing Key Vault. This Key Vault is in the same Azure subscription.
While I can create most resources following the documentation, there seems to be a lack of documentation regarding the creation of certain resources using Azure PowerShell (or I can't find it).
If I follow the sample from this link, I can accomplish it without a problem by using the UI in the Azure Portal, but I can't find any documentation on Microsoft Docs to do it using PowerShell.
...ANSWER
Answered 2021-Feb-22 at 16:01Two potential issues to check out here:
- your app creation assigns the result to $fnApp. perhaps
$fnAppor as commented above,$fnApp.ApplicationIdis what you should be using for the-ServicePrincipalNameparameter on the access policy grant. - you don't have privileges to assign RBAC roles. Go to the Key Vault, choose
Access Control, then click the Role Assignments tab and verify that your user appears in the list as an Administrator, User Access Administrator, or Owner.
Edit: With respect to the RBAC privilege, since this is running in Azure Powershell from Azure DevOps, you need to check the role assignment for the Service Connection's service principal - under Azure Active Directory in the Azure Portal, look up the principal used to create the service connection, and make sure THAT gets the correct Role on the key vault.
QUESTION
I have a Spring Boot application which needs to make use of CosmosDB. My goal is to load the CosmosDB connection key from Key Vault and use that to connect to CosmosDB. I have placed the key as a secret in Key Vault, but it seems that there is an ordering issue going on, as the Cosmos bean is created before the Key Vault. I am able to connect to successfully connect to Key Vault and have received several keys before this, and I am also able to connect to Cosmos if I hard code the connection key. Is it possible to load the key from Key Vault and use it to create the Cosmos bean?
What I have tried is the following, but I receive a connection error with Cosmos (due to the key being not set) - probably because it loads before the Key Vault. Is there a robust way to connect to Cosmos or any proper examples available for Spring boot?
Dependencies I am using:
...ANSWER
Answered 2021-Feb-25 at 01:33My idea on your case is add judgement when creating 'CosmosClient'. And here's my code.
QUESTION
I am using Python3 SDK for azure. Here is version details of all the modules currently installed. I want to list the Storage Account Types/SKU using SDK. Not sure how to do it.
...ANSWER
Answered 2021-Feb-07 at 03:33From azure-mgmt-storage==16.0.0, there is a list() method in the SkuOperations class. Since the method will return multiple skus for every region and storage kind available, you can use a set to remove duplicate SKU names.
QUESTION
This Python script is deployed to run from Azure Function App on Linux Consumption plan, This script is expected to read secrets from Azure Key Vault.
Apart from code deployment, following configurations are made
1.)System Assigned Managed Access Enabled for Azure Function App
2.)Azure Key Vault's Role Assignments Reference this Function App with >Reader role.
Here is the script from > > >init.py
...ANSWER
Answered 2021-Jan-08 at 17:16From the error, it seems managed identity is not applied to your Function app correctly. You should be able to see that going to the identity blade of Function app.
Additionally, you should add the required access policy (separate from role assignment in access control) (secret get here) to allow the identity (same name as the app) to access keyvault if you are not using the new preview access control. Refer How to set and get secrets from Azure Key Vault with Azure Managed Identities and Python.
Using the Azure Portal, go to the Key Vault's access policies, and grant required access to the Key Vault.
- Search for your Key Vault in “Search Resources dialog box” in Azure Portal.
- Select "Overview", and click on Access policies
- Click on "Add Access Policy", select required permissions.
- Click on "Select Principal", add your account
- Save the Access Policies
You can also create an Azure service principal either through Azure CLI, PowerShell or the portal and grant it the same access.
QUESTION
I am trying to create a new Azure Key Vault secret using the Azure Cli v2.9.0 (we use this version in our pipelines and upgrading would be difficult at the moment.) via the command below,
...ANSWER
Answered 2020-Dec-09 at 19:27QUESTION
I have the following code which I use to acquire a secret, use secret to log into portal and download a csv table. This works ok outside a function.
...ANSWER
Answered 2020-Dec-03 at 06:49The code is what I test in my side with a csv file in local. But I'm not sure if the line dict_reader = csv.DictReader(table) works in your side. You can do some test and modify the code by yourself if it show error.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install vault-secret
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
