search

argoproj-labs / argocd-vault-plugin

An Argo CD plugin to retrieve secrets from Secret Management tools and inject them into Kubernetes secrets
https://argocd-vault-plugin.readthedocs.io
Apache License 2.0
812 stars 190 forks source link

Ability to add request headers #582

Open via-justa opened 10 months ago

via-justa commented 10 months ago

Is your feature request related to a problem? Please describe. We're using Cloudflare Access in front of Vault. We must pass the Cloudflare token via the cf-access-token header when accessing the vault.

When we log in to Vault directly via CLI, we use the following script.

export CF_TOKEN=$(cloudflared access login ${VAULT_ADDR} | grep -o -E ".{100,}")
export VAULT_TOKEN=$(vault login -header "cf-access-token=${CF_TOKEN}" -method=oidc $VAULT_ROLE -format=yaml | yq e ".auth.client_token" -)

Describe the solution you'd like Ability to pass headers to the plugin when running in CLI, either by a flag or Environment variable. Example expected usage

export VAULT_ADDR='https://vault.example.com'
export CF_TOKEN=$(cloudflared access login ${VAULT_ADDR} | grep -o -E ".{100,}")
export VAULT_TOKEN=$(vault login -header "cf-access-token=${CF_TOKEN}" -method=oidc $VAULT_ROLE -format=yaml | yq e ".auth.client_token" -)
helm template release --namespace ns my/chart | argocd-vault-plugin -H "cf-access-token=${CF_TOKEN}" generate -

Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.

Additional context Add any other context or screenshots about the feature request here.