vault-secrets-operator icon indicating copy to clipboard operation
vault-secrets-operator copied to clipboard
verified publisher icon hashicorp

VSO Secret Data Transformation with Helm

Open alexdga opened this issue 1 year ago • 1 comments

I keep facing a problem with secret data transformation in Helm Charts.

For example :

spec:
  destination:
    create: true
    name: app-secret
    transformation:
      excludes:
       - .*
      templates:
        url:
          text: |
            {{- $host := get .Annotations "myapp.config/postgres-host" -}}
            {{- printf "postgresql://%s:%s@%s/postgres?sslmode=disable" (get .Secrets "username") (get .Secrets "password") $host -}}
  path: creds/dev-postgres

In the transformation text field, '{{-' forces helm rendering go template wich leads to errors.

I can't find any character escape or file loading tricks with helm to solve this problem.

Does anybody have a solution with helm for this ?

Another solution could be allowing implicit go template syntax for lines in transformation text field, so we could write the lines without specifying '{{-' and '-}}'.

alexdga avatar Apr 03 '24 20:04 alexdga

Hi @alexdga, I think the solution you are looking for is here: https://github.com/hashicorp/vault-secrets-operator/issues/619#issuecomment-1984053146 - Please let us know if you require any further assistance.

benashz avatar Apr 03 '24 20:04 benashz

Closing this issue out, as the solution is mentioned here: https://github.com/hashicorp/vault-secrets-operator/issues/619#issuecomment-1984053146

benashz avatar May 28 '24 13:05 benashz