nomad icon indicating copy to clipboard operation
nomad copied to clipboard
verified publisher icon hashicorp

CSI: support getting Secrets from Variables or Vault

Open tgross opened this issue 5 years ago • 5 comments

In https://github.com/hashicorp/nomad/pull/7923 we added support for including secrets for volume registration, which are then passed along to plugin RPCs. If we could source these secrets from Vault, that would be even better.

cc @schmichael @dadgar

tgross avatar May 15 '20 12:05 tgross

Alternately, now that we'll have Variables in Nomad 1.4.0, we could let users get secrets from there.

tgross avatar Sep 01 '22 14:09 tgross

Note for implementation: one of the things we deliberately did with Task Access to Variables was to prefix the task variables path with nomad/jobs, leaving room for us to do something like nomad/volumes in the future. We could automatically grant claims access to secrets that match the volume name in the same way we've done with the tasks. You'd register the secrets at the time the volume is created/registered, and from there on out you wouldn't need to know about secrets. This is a much simpler solution than Vault access.

tgross avatar Sep 27 '22 14:09 tgross

I need this :)

leanst-daniel avatar May 25 '23 07:05 leanst-daniel

Any news on this?

koder29406 avatar Nov 16 '25 21:11 koder29406

We update issues when they're being worked on. So no news.

tgross avatar Nov 17 '25 14:11 tgross