-
Notifications
You must be signed in to change notification settings - Fork 466
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Azure - credentialsConfig #1797
Comments
Hi @itmwiw, thanks for using Bank-Vaults! File-based authentication via credentialsConfig is currently only possible when using Azure's Key Vault to store the Vault unseal keys and root token. For the Azure secrets engine only the second method mentioned by you (with env variables) works as per Vault's own documentation. Although I think it wouldn't be impossible to implement it as a feature within Bank-Vaults if you have time to contribute a solution 🙂 |
Thank you for your contribution! This issue has been automatically marked as |
Thank you for your contribution! This issue has been automatically marked as |
Describe the bug:
I'm trying to add an Azure secret engine with some roles using 'credentialsConfig' to authenticate to Azure.
Here's the YAML section:
However it seems the vault-configurer does not use the credentials to configure the secret engine and I get "subscription_id is required" in the logs.
Expected behaviour:
The vault configurer uses the credentials to configure the secret engine.
Steps to reproduce the bug:
Try to configure the Azure secret engine using 'credentialsConfig' to manage the authentication part.
Additional context:
Everything works fine if I configure the secret engine myself without using the 'credentialsConfig' :
However, I don't want the secrets to being exposed as environment variables.
Environment details:
/kind bug
The text was updated successfully, but these errors were encountered: