Enable consuming an entire secret instead of a single key in Secret.generic.vault.jet.crossplane.io

What problem are you facing?

The Secret.generic.vault.jet.crossplane.io resource is automatically configured by Terrajet to use the SecretKeySelector type from crossplane-runtime. This type requires selecting a specific key from a secret.

This creates a heavy burden on platform-operators and/or development teams to explicitly create a Secret.generic.vault.jet.crossplane.io for every key in a connection detail they might need in their secret store.

How could Vault Provider help solve your problem?

Allow consuming all fields from a secret instead of individual keys, as in this example:

apiVersion: v1
kind: Secret
metadata:
  name: example-secret
  namespace: default
stringData:
  keyOne: valueOne
  keyTwo: valueTwo
type: Opaque

---
apiVersion: generic.vault.jet.crossplane.io/v1alpha1
kind: Secret
metadata:
  name: example-vault-secret
spec:
  forProvider:
    path: "secret/foo"
    dataSecretRef:
      name: example-secret
      namespace: default

The resulting secret in vault would look like this:

$ vault kv get secret/foo

===== Data =====
Key        Value
---        -----
keyone     valueone
keytwo     valuetwo

crossplane-contrib / provider-jet-vault

Enable consuming an entire secret instead of a single key in Secret.generic.vault.jet.crossplane.io #2

What problem are you facing?

How could Vault Provider help solve your problem?