Inject vault secrets as environment variables

azuan · March 5, 2024, 2:39am

Assuming that I’m using vault injection to generate the username/password, is there a way to pass the values as a secret variable to the pods?

annotations:
  # Environment variable export template
  vault.hashicorp.com/agent-inject-template-temporal-db-creds.sh: |
    {{ with secret "db/creds/data" -}}
      export SQL_USER="{{ .Data.user.user }}"
      export SQL_PWD="{{ .Data.user.pwd }}"
    {{- end }}

# pod
spec:
  initContainers:
    name: 'temporal
      command: ['/bin/bash', '-c']
      args:
        - |
          source /vault/secrets/temporal-db-creds.sh
          temporal-{{ include "temporal.persistence.sql.driver" (list $ $store) }}-tool --database {{ include "temporal.persistence.sql.database" (list $ $store) }} create-database

This is my current approach, but would get an error:
/bin/bash: line 2: temporal-mysql-tool: command not found

azuan · March 7, 2024, 4:35pm

My bad. Should be temporal-sql-tool, not temporal-mysql-tool.

Topic		Replies	Views
Connecting to ES with user name and password Community Support elasticsearch	4	1189	December 20, 2022
Is it possible to remove Cassandra Visibility keyspace if using Elasticsearch? Community Support cassandra	1	1093	January 5, 2021
Is adding custom archival provider a hack? Community Support server	1	455	November 28, 2021
Custom search fields Community Support go-sdk	1	874	May 27, 2021
Configuring a private S3 endpoint for archival Server Deployment s3 , archival	0	230	December 19, 2023

Inject vault secrets as environment variables

Related Topics