Assuming that I’m using vault injection to generate the username/password, is there a way to pass the values as a secret variable to the pods?
annotations:
# Environment variable export template
vault.hashicorp.com/agent-inject-template-temporal-db-creds.sh: |
{{ with secret "db/creds/data" -}}
export SQL_USER="{{ .Data.user.user }}"
export SQL_PWD="{{ .Data.user.pwd }}"
{{- end }}
# pod
spec:
initContainers:
name: 'temporal
command: ['/bin/bash', '-c']
args:
- |
source /vault/secrets/temporal-db-creds.sh
temporal-{{ include "temporal.persistence.sql.driver" (list $ $store) }}-tool --database {{ include "temporal.persistence.sql.database" (list $ $store) }} create-database
This is my current approach, but would get an error:
/bin/bash: line 2: temporal-mysql-tool: command not found