Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add integration with Hashicorp Vault, AWS SSM, SecretsManager #906

Merged
merged 2 commits into from
Oct 25, 2019
Merged

Add integration with Hashicorp Vault, AWS SSM, SecretsManager #906

merged 2 commits into from
Oct 25, 2019

Conversation

klebediev
Copy link
Contributor

@klebediev klebediev commented Oct 23, 2019
edited by mumoshu
Loading

Fields which are rendered: Release.Values, Release.SetValues.Value, Release.SetValues.Values

Example:

values:
- foo: ref+vault://mykv/foo?address=http://127.0.0.1:8200#/mykey
set:
- name: xyz
  values:
  - ref+vault://mykv/foo?address=http://127.0.0.1:8200#/mykey3

Resolves #881

@klebediev
feat: Add integration with Hashicorp Vault, AWS SSM, SecretsManager
765a0ea 
Fields which are rendered: Release.Values, Release.SetValues.Value, Release.SetValues.Values

Example:
```
values:
- foo: ref+vault://127.0.0.1:8200/mykv/foo?proto=http#/mykey
set:
- name: xyz
  values:
  - ref+vault://127.0.0.1:8200/mykv/foo?proto=http#/mykey3
```

Resolves roboll#881
@excavador
Copy link

I need this

@mumoshu
Copy link
Collaborator

mumoshu commented Oct 25, 2019
edited
Loading

@klebediev Thanks a lot for the PR! I'm super excited to finally get this into Helmfile 🎉

This generally LGTM. The only thing I wanted to do before merging this is to consult you about the latest changes I've made in vals helmfile/vals@8e822fb

The biggest improvement (I believe it is) is the use of host part in URLs. I've also added several query params to make it even more configurable so that more use-cases can be supported.

The usage examples can be found at: https://github.com/variantdev/vals#suported-backends

Does it look good to you? If so, please update the vals by running go get -u github.com/variantdev/vals and then I'll merge this asap :)

Thanks in advance for your support!

@klebediev
Copy link
Contributor Author

Hi @mumoshu !
I'm super-excited we are so close!
The only small issue that disallows me to update vals version in gp.mod is addressed here

I like your latest improvements to vals. Thank you!
Also, looks like we'll have to extend syntax vault provider in order to be able to support retrieving secrets from multiple vault servers, see details here

So, waiting for you to merge above PR tp vals, then I'll be able to update go.mod

@mumoshu
Copy link
Collaborator

mumoshu commented Oct 25, 2019

@klebediev Thanks for the confirmation and submitting the PR!

I've just merged it and also implemented the enhancement to the vault provider. Hope you like it.

@klebediev
Copy link
Contributor Author

updated go.mod

mumoshu
mumoshu approved these changes Oct 25, 2019
View reviewed changes
Copy link
Collaborator

@mumoshu mumoshu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks a lot for your contribution, @klebediev!

Let's merge this and see how it works in the wild. Fingers crossed.

@mumoshu mumoshu merged commit 4680010 into roboll:master Oct 25, 2019
@mumoshu
Copy link
Collaborator

mumoshu commented Oct 25, 2019

I've updated the PR description to accomodate the latest syntax.

@mumoshu
Copy link
Collaborator

mumoshu commented Oct 25, 2019

This should resolve #745 as well.

@mumoshu mumoshu mentioned this pull request Oct 25, 2019
Closed
@mumoshu
Copy link
Collaborator

mumoshu commented Oct 25, 2019

v0.89.0 is live with this feature.

@excavador
Copy link

Thank you so much!

@tduffield
Copy link
Contributor

@mumoshu @klebediev thank you both so much for the fast turnaround on this functionality :) You managed to get this designed, implemented, and released within the timeline of my Helm POC.

This was referenced Nov 3, 2019
Open
Closed
Open
@mumoshu mumoshu mentioned this pull request Nov 17, 2019
Closed
@mumoshu mumoshu mentioned this pull request Nov 25, 2019
Closed
@mumoshu mumoshu mentioned this pull request Dec 19, 2019
Merged
@mumoshu mumoshu mentioned this pull request Jan 6, 2020
Open
@etiennejournet
Copy link

Hi @mumoshu, thanks for the fast reply on #392

It looks like it doesn't work with ~/.vault-token ? But it works with env variables.

Thanks

@Xtigyro Xtigyro mentioned this pull request Jan 7, 2020
Closed
@mumoshu mumoshu mentioned this pull request Jan 12, 2020
Open
@mumoshu mumoshu mentioned this pull request Mar 29, 2020
Open
@ghost ghost mentioned this pull request Apr 16, 2020
Open
@GolubevV GolubevV mentioned this pull request May 11, 2021
Closed
@zystem zystem mentioned this pull request Sep 10, 2021
Open
@adecchi
Copy link

adecchi commented Jan 8, 2022

Is possible to get all secrets from aws secrets manager and map as environment variable in the deployment using it in a helm chart repository that then we run with helmfile ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mumoshu mumoshu mumoshu approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Direct support of Hashicorp Vault
6 participants
@klebediev @excavador @mumoshu @tduffield @etiennejournet @adecchi