Hardik Patel
Reputation: 179
How to get secrets from external vault with aws eks
I am facing minor issue with getting secrets from external vaults to aws eks container.
I am using sidecar container for inject secrets in to pods.
I have created secrets at below path ,
vault kv put secrets/mydemo-eks/config username='admin' password='secret'
my pod yaml is as below,
apiVersion: v1
kind: Pod
metadata:
name: mydemo
labels:
app: mydemo
annotations:
vault.hashicorp.com/agent-inject: 'true'
vault.hashicorp.com/agent-inject-status: 'update'
vault.hashicorp.com/auth-path: 'auth/mydemo-eks'
vault.hashicorp.com/namespace: 'default'
vault.hashicorp.com/role: 'mydemo-eks-role'
vault.hashicorp.com/agent-inject-secret-credentials.txt: 'secrets/data/mydemo-eks/config'
spec:
serviceAccountName: mydemo-sa
containers:
- name: myapp
image: nginx:latest
ports:
- containerPort: 80
when i m checking real time logs,
getting as below,
My Hashicorp Vault policy is as below,
vault policy write mydemo-eks-policy - <<EOF
path "secrets/data/mydemo-eks/config" {
capabilities = ["read"]
}
EOF
actually secrets already there on mentioned path,
Any idea....
Is there any wrong i have done.
any one have worked on this scenario?
Thanks
Upvotes: 0
Views: 380
Answers (1)
Hardik Patel
Reputation: 179
I have modified the policy as below,
vault policy write mydemo-eks-policy - <<EOF
path "secrets/mydemo-eks/config" {
capabilities = ["read"]
}
EOF
Earlier i used like ,
vault policy write mydemo-eks-policy - <<EOF
path "secrets/data/mydemo-eks/config" {
capabilities = ["read"]
}
EOF
Upvotes: 1
Related Questions
- Injecting vault secrets into Kubernetes Pod Environment variable
- Access Denied error calling AWS Pinpoint API from EKS cluster
- Cannot connect HCP Vault with AWS EKS
- Unable to retrieve stored Vault secrets to the Springboot application in Kubernetes
- Unable to read Vault secrets - using Vault Sidecar Injector
- Certificate error when deploying Hashicorp Vault with Kubernetes Auth Method on AWS EKS