#vault (2021-03)
Discussions related to Hashicorp Vault
2021-03-23
![contact871 avatar](https://secure.gravatar.com/avatar/b6ee6875b333ed77349dfb90dd004f0d.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0021-72.png)
Anyone used Vault Injector on k8s? I’m going with this solution https://www.vaultproject.io/docs/platform/k8s/injector/examples#environment-variable-example
The challenge I face is: some secrets contain keys with .
and -
and bash
doesn’t like export some.secret-key=secret
. My preferred way would be to do this in the templating layer [vault.hashicorp.com/agent-inject-template-config](http://vault.hashicorp.com/agent-inject-template-config)
. Does anyone know if some string converting functions like uppercase
and replace
are available there?
![attachment image](https://www.vaultproject.io/img/og-image.png)
This section documents examples of using the Vault Agent Injector.
![contact871 avatar](https://secure.gravatar.com/avatar/b6ee6875b333ed77349dfb90dd004f0d.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0021-72.png)
Since the Vault Injector uses Vault Agent in the InitContainer
one can use all the goodies from the Consul templating section: https://github.com/hashicorp/consul-template/blob/master/docs/templating-language.md
Template rendering, notifier, and supervisor for @HashiCorp Consul and Vault data. - hashicorp/consul-template
![contact871 avatar](https://secure.gravatar.com/avatar/b6ee6875b333ed77349dfb90dd004f0d.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0021-72.png)
In my case .foo | toUpper | replaceAll "." "_" | replaceAll "-" ""
![Zachary Loeber avatar](https://avatars.slack-edge.com/2020-05-13/1115475485942_e68ae4d6556df390de70_72.jpg)
Have you created a helm chart for the annotations yet?
![Zachary Loeber avatar](https://avatars.slack-edge.com/2020-05-13/1115475485942_e68ae4d6556df390de70_72.jpg)
My client is opting to wait for the CSI drivers for whatever reason, I believe the mutating webhook/injection/sidecar method works beautifully though
2021-03-24
2021-03-25
![Juan avatar](https://secure.gravatar.com/avatar/85763534cddf2fae482702652ad3c356.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0025-72.png)
Hi all, I’m setting up a vault cluster in AWS using this TF module https://github.com/hashicorp/terraform-aws-vault
I used one VPC to create an AMI with all the required binaries like described here: https://github.com/hashicorp/terraform-aws-vault/tree/master/examples/vault-consul-ami Now I’ve deployed a 3 node cluster in a VPC that only has 3 private subnets, similar to https://github.com/hashicorp/terraform-aws-vault/tree/master/examples/vault-cluster-private It is using consul plus S3 as the storage backend, and the VPC has all the required VPC endpoints to privately connect to AWS services.
When initializing the cluster like described here https://github.com/hashicorp/terraform-aws-vault/tree/master/modules/vault-cluster#initializing-the-vault-cluster
On the first node I can run vault operator init
and get the root token and unseal keys correctly.
I can unseal the cluster from that very same node https://github.com/hashicorp/terraform-aws-vault/tree/master/modules/vault-cluster#unsealing-the-vault-cluster
But on the other 2 nodes I cannot even run vault status
: Error checking seal status: Get https://127.0.0.1:8200/v1/sys/seal-status: dial tcp 127.0.0.1:8200: connect: connection refused
On the other 2 nodes I can copy the /opt/vault/config/default.hcl
file from the init node, and after restarting the service vault status shows:
HA Enabled true
HA Cluster https://*.*.*.27:8201
HA Mode standby
Active Node Address https://*.*.*.27:8200
.27 is the node where I ran init. And the Consul UI shows that all vault nodes have IP .27
If anyone has ran into similar issues and/or has any clue to point out I’d really appreciate it, thanks!
![Juan avatar](https://secure.gravatar.com/avatar/85763534cddf2fae482702652ad3c356.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0025-72.png)
the consul UI