Closed kirillplis closed 12 months ago
Hi @kirillplis, thank you for using Bank-Vaults!
I agree that vault-config.yml should not be a json based on the file extension 🙂
I don't quite understand step 1. though, as changing the config values in the Helm chart and then upgrading it (which should be a safe thing to do if you use consul or a bucket for storage backend) should result in changing the config just as fine (I tried it with an S3 bucket as storage).
If you'd like to get an even better experience configuring Vault, I would recommend using the vault-operator, which has a reconciliation loop to apply the changes in configuration to Vault provided in a custom resource!
Hi @akijakya, thank you for looking into this. I ran another test right now and you are totally correct, it works in json format too. Apparently, my config was off then I tested it, and I made a false conclusion that json format was the issue. I probably fixed the config during my investigation so at the moment I replaced vault-config.yml contents inside the pod with yaml version - it all worked.
Since it's resolved, and PR was merged - I'm closing this issue.
Describe the bug: In
vault-config
Secret,vault-config.yml
contents is converted into a JSON format before being encrypted, and being ignored by the application.Expected behaviour:
vault-config.yml
is kept in YAML format before encription.Steps to reproduce the bug:
Try to change policy name or add another auth method to the
externalConfig
block:This step should produce no changes to the policies/secrets/auth configuration.
Put same contents directly into the
vault-config.yml
file and observe the changesThis step should produce desired changes to the policies/secrets/auth configuration.
Environment details:
/kind bug