Get secrets from OCI Vault

[luddevik]

Currently trying to run this in container instances in OCI. The container is set up to fetch secret from OCI Vault, by providing the VAULT_ID and VAULT_SECRET_NAME. The common.ConfigurationProviderEnvironmentVariables("vault","") and secrets.NewSecretsClientWithConfigurationProvider(configProvider) in vault.go can not create client if not vault_tenancy_ocid, vault_user_ocid, vault_fingerprint, vault_region is defined. This is intended to run as a standalone container in container instances and let the cotnainer be able to read the secret (without any additional users added or config files located on the container).

The dynamic group has been set up with: matching_rule = "All {resource.type='computecontainerfamily'}" The identity policy has been set up with: Allow dynamic-group GROUP to read vaults in tenancy Allow dynamic-group GROUP to read secret-bundles in tenancy.

[markxnelson]

Hi @luddevik and thank you for reporitng this issue. I will set up a reproducer and prepare a fix for you.