Reputation: 1244
Detect when a secret changes in Hashicorp Vault
I'm totally new to Vault and what I want is to detect when a secret changes and execute some code in response. I've been googling for resources about how to do that but haven't found anything useful. From what I've read and learnt, I think the only way of achieving what I want is by implementing a custom secrets engine. Am I right? Do you know a better way of achieving what I want?
Upvotes: 4
Views: 3490
Answers (2)
Reputation: 30160
There is no event option in the vault as of now, so on changes, we get notified it's natively changing the Key/value pairs.
i would recommend using the polling method if you have any such scenario with the vault.
Here is one nice CRD which also does the polling option and syncs the vault secret to Kubernetes secret.
This might useful for reference : https://github.com/DaspawnW/vault-crd
Upvotes: 2
Reputation: 2768
There currently are no triggers that'll tell you when the secret has changed. If you're running kubernetes (sidecar) or using the Vault agent, this is minimized as the agent will auto-pull any new secrets down (configurable).
Upvotes: 1
Related Questions
- How to restart Kubernetes pod when a secret is updated in Hashicorp Vault?
- How to get Vault secret through Terraform?
- fetching vault secret value using terraform
- Reading secrets from Vault CLI
- Terraform: update resources only when Vault secret data has changed
- Vault: Get key value secrets
- Single use secret in Hashicorp vault
- Vault: how to create an secret-id
- Vault: Get current backends
- HashiCorp Vault: Secret backends