vault-secrets-operator icon indicating copy to clipboard operation
vault-secrets-operator copied to clipboard
verified publisher icon hashicorp

VaultStaticSecret merge secrets from multiple path to one kubernetes secret

Open suxiaoxiaomm opened this issue 1 year ago • 1 comments

Is your feature request related to a problem? Please describe. We have one shared secret path for all services. And per service also has its specific secret path.

Could we use one VaultStaticSecret to merge multiple path into one Kubernetes secret? As below at path, instead one path, it accepts a list of paths

apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
  namespace: app
  name: app1-static-secret
spec:
  namespace: application
  mount: secret
  type: kv-v2
  path: 
    - app1/shared-secrets
    - app1/specific-secrets
  refreshAfter: 60s
  destination:
    create: true
    name: app-secret

suxiaoxiaomm avatar Oct 21 '24 06:10 suxiaoxiaomm

I want this feature, I also want this feature for dynamic secret, this would reduce unnecessary service restart, if multiple credentials is referred by one project, without this feature, the service would have to be restarted repeatedly, which could be problematic.

I think a new resource named secret bundle to combine all these secrets together would resolve a bit of the problem.

LeoQuote avatar Feb 19 '25 10:02 LeoQuote