secrets-store-csi-driver-provider-azure
secrets-store-csi-driver-provider-azure copied to clipboard
Format of the spec:parameters:objects string in SecretProviderClass for Azure
The way how you need to format the string for the objects you want to read from a KeyVault is very confusing. I know that you have to provide a string because of the CRD specification, answered already here (https://github.com/Azure/secrets-store-csi-driver-provider-azure/issues/155)
But if I compare Azure and AWS it is easier to create a SecretProviderClass in AWS.
In AWS: https://github.com/aws/secrets-store-csi-driver-provider-aws#secretproviderclass-options
parameters:
objects: |
- objectName: "MySecret"
objectType: "secretsmanager"
In Azure:
parameters:
objects: |
array:
- |
objectName: secret1
objectAlias: SECRET_1
objectType: secret
The result is, that it is much easier to create this file (manually and especially automatically - e.g. with HCL)
In AWS:
spec = {
provider = "aws"
parameters = {
objects = yamlencode([
{
objectName = aws_secretsmanager_secret.sensitive.id
objectType = "secretsmanager"
objectAlias = "sensitive"
}
])
}
In Azure:
spec = {
provider = "azure"
parameters = {
objects = <<EOF
array:
- |
objectName: ${var.ingress_cert_name}
objectType: secret
EOF
}
If I want to build this even more generic, I can simply iterate through a list in the AWS way. For Azure, I need to use weird templates.
Why is it implemented that way for Azure? Can this be improved?