search

guerzon / vaultwarden

Helm chart for Vaultwarden, the (unofficial) Bitwarden-compatible server written in Rust, formerly known as bitwarden_rs
MIT License
151 stars 72 forks source link

Improve database existingSecret functionality #92

Open davidfrickert opened 5 months ago

davidfrickert commented 5 months ago

The current existingSecret options is not great. It forces you to create a secret with the full database URI including host and credentials. I think the chart should support passing each param separately. Ideal format (taken from bitnami/keycloak)

externalDatabase:
  host: tools-pg
  user: bn_keycloak
  database: bitnami_keycloak
  existingSecret: bn-keycloak.tools-pg.credentials.postgresql.acid.zalan.do
  existingSecretUserKey: username
  existingSecretPasswordKey: password

The big benefit is that i can re-use the generated secret from posgres operator very easily and in current setup i have to create a new secret with full DB url which is not great. It also does not allow me to take advantage of automatic credential rotation.

current setup:

database:
  type: postgresql
  existingSecret: vaultwarden-pg
  existingSecretKey: uri

proposed setupp:

database:
  type: postgresql
  existingSecret: vaultwarden-pg
  host: tools-pg
  user: bn_keycloak
  database: bitnami_keycloak
  existingSecret: bn-keycloak.tools-pg.credentials.postgresql.acid.zalan.do
  existingSecretUserKey: username
  existingSecretPasswordKey: password
  # existingSecretKey: uri

If existingSecretKey is set then use it, else use individual settings.

danielr1996 commented 4 months ago

I also would be very happy to use this feature in combination with the postresql operator. I spent a couple of hours trying to figure out how to get this to work and submitted a pullrequest with the results, please let me know what you think about this. For the meantime I published a patched version at oci://ghcr.io/danielr1996/vaultwarden:0.24.3