Hi I have added secret in my hashi corp vault in the below path

cep-kv/dev/sqlpassword

I am trying to access secret in my manifest as below

spec:
      serviceAccountName: default
      containers: # List
        - name: cep-container
          image: myinage:latest
          env:
          - name: AppSettings__Key
            value: vault:cep-kv/dev/sqlpassword#sqlpassword

This is throwing error below

failed to inject secrets from vault: failed to read secret from path: cep-kv/dev/sqlpassword: Error making API request.\n\nURL: GET https://vaultnet/v1/cep-kv/dev/sqlpassword?version=-1\nCode: 403. Errors:\n\n* 1 error occurred:\n\t* permission denied\n\n" app=vault-env

Is the path I am trying to access is correct value:

vault:cep-kv/dev/sqlpassword#sqlpassword

I tried with below path too

value: vault:cep-kv/dev/sqlpassword

This says secret not found in respective path. Can someone help me to get secret from hashi corp vault. Any help would be appreciated. Thanks

CodePudding user response：

As you are getting 403 permission you need to Configure Kubernetes authentication, you can configure authentication from the following step:

1. Enable the Kubernetes auth method:

vault enable auth kubernetes

2. Configure the Kubernetes authentication method to use the location of the Kubernetes API

vault write auth/kubernetes/config
kubernetes_host=https://192.168.99.100:<your TCP port or blank for 443>

3. Create a named role:

   vault write auth/kubernetes/role/demo
   bound_service_account_names=myapp
   bound_service_account_namespaces=default
   policies=default
   ttl=1h

4. Write out the ” myapp ” policy that enables the “read” capability for secrets at the path .

   vault policy write myapp -
   path "yourpath"
   { capabilities = ["read"]
   }

For more information follow Configuration, Here is a blog explaining the usage of secrets in kubernetes.