- Add the possibility to read the Vault token from a mounted volume. Therefor we introduce a new environment variable
VAULT_TOKEN_PATH
which should contain the path to a file with the Vault token. This variable is only processed if the authentication method is set totoken
and theVAULT_TOKEN
environment variable is empty. - The Helm chart supports three new values:
vault.tokenPath
: Can be used to set theVAULT_TOKEN_PATH
environment variable.image.volumeMounts
: Can be used to mount additional volumes to the container.volumes
: Can be used to provide additional volumes.
Example
cat <<EOF | k apply -f -
apiVersion: v1
kind: ConfigMap
metadata:
name: vault-token
data:
token: |
MY_VAULT_TOKEN
EOF
cat <<EOF | helm upgrade --install vault-secrets-operator ./charts/vault-secrets-operator -f -
image:
repository: ricoberger/vault-secrets-operator
tag: 1.2.3
args: ["--zap-encoder", "console"]
volumeMounts:
- name: vault-token
mountPath: /etc/vault
vault:
address: "vault:8200"
authMethod: "token"
tokenPath: "/etc/vault/token"
volumes:
- name: vault-token
configMap:
name: vault-token
items:
- key: token
path: token
EOF