Iterating on secret implementation:

[acornies]

Hi @nicholasjackson, I wanted to iterate on the work you started for secrets, so here it is:

• updated vault key prefix to follow this convention: secret/openfaas/{function}
• updated deploy test to reflect changes
• Added mapped volumes to the secrets location to follow openfaas format
• secrets in a function.yml are now defined the same way as k8s, Swarm

Example Vault secret curl:

curl -i -H "X-Vault-Token: token" -H "Content-Type: application/json" -X POST -d '{"cows_test":"TESTACCESS", "another_secret": "SECRET"}' https://{vault_host}:8200/v1/secret/openfaas/cows

Example faas-cli:

faas-cli store deploy cows --secret "cows_test" --secret "another_secret"  --gateway http://{gateway}:8080

The secrets are then present in the container:

sudo docker exec -it cows-{uuid} ls /var/openfaas/secrets
another_secret  cows_test

This makes it so that secrets are defined the same way in .yml or faas-cli regardless if openfaas is running on K8s, Swarm or Nomad. However, it is expected that the secrets be stored in this format in Vault: secret/openfaas/{function}.