Reputation: 1
How can I represent authorization bearer token in YAML
I have generated the access token and placed in below mentioned mount path and this token need to be included in the Authorization header when making a request against the retrieve secret endpoint.
How can we achieve it in yaml scripting
volumeMounts:
- mountPath: /run/test
name: conjur-access-token
readOnly: true
Upvotes: 0
Views: 1020
Answers (2)
Reputation: 39
This question is referencing CyberArk's Conjur Secrets Manager's Kubernetes authenticator. It uses a sidecar authenticator client to keep an authenticated session token for Conjur's API refreshed in a shared volume mount with an application container running within a Kubernetes pod. This allows the application container to request secret values Just-in-Time (JiT) from the Conjur API with a single API call.
There is a file located at /run/test/conjur-access-token (according to the manifest snippet you provided) that contains the authenticated session token to use to connect to the Conjur API. Your application container needs to read /run/test/conjur-access-token and use it in the Authorization header as a Token-based authorization. To use curl, this would look like:
curl -H "Authorization: Token token='$(cat /run/test/conjur-access-token)'" https://conjur.example.com/secrets/myorg/variable/prod%2Fdb%2Fpassword
Where:
/run/test/conjur-access-tokenis the path to the shared volume mount of the application container and sidecar Kubernetes authenticator client.conjur.example.comis the Base URL for your Conjur Follower in the Kubernetes cluster (or outside, if that's the deployment method).myorgis the organzation account configured at the time of Conjur deployment and configuration.prod%2Fdb%2Fpasswordis the URLified secret variable path in Conjur. This would be referenced otherwise asprod/db/passwordbut since forward-slashes are part of URL/URI, we need this URLified to%2F.
Upvotes: 1
Reputation: 15302
If the file containing your token in the mount path is called token, then you can simply do (assuming that you use curl):
curl -H "Authorization: Bearer $(cat /run/test/token)" ...
Upvotes: 0
Related Questions
- Accessing Kubernetes api via Bearer Token Authorization
- How to specify yaml file to use secret as intended?
- How to add vault secrets to kubernetes env vars?
- Create access token for native Kubernetes
- How to parse a JSON secret to YAML in Vault?
- how to configure kubernetes container spec for oauth2 proxy using Azure provider and Hashicorp Vault secret injector
- How to create a bearer token for kubernetes
- How to properly set bearer API token as an environment variable in K8 pod
- How to manage service account token usage in K8s?
- How to set secret data to kubernetes secrets by yaml?