-
Notifications
You must be signed in to change notification settings - Fork 151
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vault Namespace Login for Secret Sharing in non Hierarchical Relationship #694
Comments
In Spring Cloud vault, we keep a single We need to come up with a proper design approach without introducing too much complexity on our end and I expect this can take a while. |
@jschell96 @mp911de I also need to use different namespaces in both login and vault-get in Spring Vault. Can you please share some ref on how did you achieve this? |
Problem Description
With the release of Vault 1.13.0 it's possible to share secrets between namespaces without an hierachical relationship.
See documentation.
For Auth Methods (other than Token, e.g. Kubernetes) the Namespace is required for the login.
For importing secrets without the namespace a full path is needed.
If the namespace is set in the vault configuration the 'X-Vault-Namespace' header is set for every request.
Therefore its not possible to read secrets with an full qualified path.
Desired Solution
It would be nice to set the namespace for the login only.
So we could reference the secrets like:
Workaround
In order to make this possible we found following workaround:
Register a custome WebClientFactory in the Application Class:
Creating an CustomVaultWebClientFactory:
Adding an ExchangeFilterFunction (Interceptor) to the (Kubernetes) auth method:
The text was updated successfully, but these errors were encountered: