Closed nicholasjackson closed 6 years ago
@nicholasjackson Any way we can get this added in the near future. I have a couple really good use cases but I need secrets via Vault. I would totally help write the code to get my Go skills up to par. I definitely need the practice.
@cpitkin Yes, I have actually been having a think about this, I think the best way is that the secrets are directly added to vault and the nomad provider would just read the secrets from Vault rather than the CLI pushing secrets to to the provider and it writing and reading Vault. This both should give a more consistent Vault / Nomad workflow.
I will get this added to my schedule and hopefully will complete it this week.
The CLI only specifies the name of secrets... not the plaintext values.
I have added a first pass at this in the following pull request https://github.com/hashicorp/faas-nomad/pull/48
Currently this would only support the v1 API, templates have a different form for the v2 api, we could detect this based on the path as v1 would use /secret/mysecret and v2 /secret/data/mysecret
I've also added #50 to provide a consistent approach to faas-cli usage and yaml declaration of secrets (only secret names, no Vault-style paths since I don't think that translates between providers). In a future version I can definitely see us supporting v2 and more advanced usage of Vault.
All merged in v0.3.1
Provide capability to store and access secrets for a function using HashiCorp Vault.
This issue is currently blocked by the lack of E2E TLS in OpenFaaS, there is currently an open issue to resolve this.