Skip to content

Create a Kubernetes secret with the service account key from a vault gcp roleset. This handles generic (Opaque) secrets or docker-registry (dockerconfigjson) secrets.

License

Notifications You must be signed in to change notification settings

TJM/vault-gcp-secrets

Repository files navigation

Vault GCP Secrets

Use vault agent to keep a vault_gcp_secrets_roleset service account key updated as a Kubernetes secret, either for docker-registry or generic (Opaque). This can be used for various other pods needing access to Google Services without having a vault agent for each one. It can also be used as imagePullSecrets (for docker type) to retrieve images from a private GCR repository.

NOTE: We are using this code in the production environment. You may use it at your own risk.

See helm chart readme: charts/vault-gcp-secrets/README.md

Prerequisites

  • Google Cloud Platform (GCP) Account setup with Vault
  • AppRole or Kubernetes authentication to Vault

Installation

  • helm repo add vault-gcp-secrets https://tjm.github.io/vault-gcp-secrets/
  • helm repo update
  • helm install vault-gcp-secrets vault-gcp-secrets/vault-gcp-secrets

NOTE: You will most likely need to set some values, like authentication method, path, etc.

This chart was roughly based on the vault-secrets-operator, which at the time was unable to support GCP secrets engine.

About

Create a Kubernetes secret with the service account key from a vault gcp roleset. This handles generic (Opaque) secrets or docker-registry (dockerconfigjson) secrets.

Topics

Resources

License

Stars

Watchers

Forks

Packages

 
 
 

Contributors 3

  •  
  •  
  •