vault-csi-provider
vault-csi-provider copied to clipboard
hashicorp
HashiCorp Vault Provider for Secret Store CSI Driver
error making mount request: failed to login: Error making API request, how to fix this issue? 2022-08-02T21:11:38.710Z [INFO] server: Finished unary gRPC call: grpc.method=/v1alpha1.CSIDriverProvider/Mount grpc.time=3.701903602s grpc.code=Unknown err= | error making...
The vault-agent-in-sidecar supports secret templates: https://www.vaultproject.io/docs/platform/k8s/injector#secret-templates Are there plans to support it in this secrets csi provider? (it seems to be briefly mentioned in https://github.com/hashicorp/vault-csi-provider/pull/61#discussion_r568650698) Thanks!
It seems that a common way of storing non-Unicode secrets in Vault is to base64-encode them. Is there currently a way to mount these through the CSI provider without adding...
Hi, wonderful people. I'm using Vault to provide dynamic AWS secrets to on-prem Kubernetes clusters and reach AWS components, I created the storage class to get the credentials and I...
Related to https://github.com/hashicorp/vault-csi-provider/issues/150 with [auto-rotation](https://secrets-store-csi-driver.sigs.k8s.io/topics/secret-auto-rotation.html) enabled this pattern of login and secret /GET is done every `rotation-poll-interval` (2 minutes) for every pod in a replica set - which is extremely...
If I am understanding correctly, the Vault CSI can only be pointed at a single `vaultAddress`. For [example](https://www.vaultproject.io/docs/platform/k8s/csi/examples): ``` --- apiVersion: secrets-store.csi.x-k8s.io/v1alpha1 kind: SecretProviderClass metadata: name: vault-db-creds spec: provider: vault...
Would it be possible to push the container image to [Hashicorp's public ECR registry](https://gallery.ecr.aws/hashicorp/)? I'd like to use the public ECR registry instead of Docker Hub so that I can...
This problem is connected to [secrets auto-rotation](https://secrets-store-csi-driver.sigs.k8s.io/topics/secret-auto-rotation.html) but not only - this only makes it visible. When enabled this makes CSI provider ask Vault about secrets every 2 minutes (by...
Vault token (and credentials) active renew of lease during lifetime of Pod to avoid TTL expiration?
The vault-agent-in-sidecar does active renewal of token (and/ credentials) lease for the lifetime of the Pod. cf https://www.vaultproject.io/docs/platform/k8s/injector#renewals-and-updating-secrets and https://www.vaultproject.io/docs/agent/template#renewals-and-updating-secrets That's especially useful as it allows using workload without any...
The Secrets Store CSI driver supports [sending a token](https://github.com/kubernetes-sigs/secrets-store-csi-driver/commit/7ac887a55786306157ad308c751dc1c1fc064fdf) as part of the mount request as of [1.1.0](https://github.com/kubernetes-sigs/secrets-store-csi-driver/releases/tag/v1.1.0) ([relevant issue with rollout timeline](https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/585)), which is based on this [feature](https://kubernetes-csi.github.io/docs/token-requests.html) from...
