vault-csi-provider icon indicating copy to clipboard operation
vault-csi-provider copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Support for secret encoding?

Open schantaraud opened this issue 4 years ago • 4 comments
trafficstars

It seems that a common way of storing non-Unicode secrets in Vault is to base64-encode them. Is there currently a way to mount these through the CSI provider without adding a manual decoding process? If not, the Azure driver supports an objectEncoding property (see https://github.com/Azure/secrets-store-csi-driver-provider-azure/pull/236). Would you accept a PR that adds a similar feature?

schantaraud avatar Aug 24 '21 09:08 schantaraud

Hi @schantaraud, thanks for opening this issue. There's no support for this currently, but you're not the first to express interest so I would definitely be open to receiving a PR for it. I think the design of the linked PR broadly looks like a good fit for this project too.

tomhjp avatar Aug 26 '21 12:08 tomhjp

In search of this functionality too. We're storing certs in vault as base64 encoded string and it's getting base64 encoded again when created as a k8 Secret object via SecretProviderClass.

Better yet it might help having a functionality that base64 decodes vault secret

therealsamlin avatar Oct 13 '21 11:10 therealsamlin

Same here, this would be great to have. We run some third party services that require certificates in pem string format but we have them base64 encoded everywhere else in Vault.

bimtauer avatar Jul 01 '22 12:07 bimtauer

@therealsamlin and @bimtauer, then how did you resolve such issue? We have the same issue here.

LianwMS avatar Jul 13 '22 02:07 LianwMS

Fixed by #194. Thanks for the contribution @BroCanDo!

tomhjp avatar Apr 18 '23 22:04 tomhjp