search

hashicorp / nomad

Nomad is an easy-to-use, flexible, and performant workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications. Nomad is easy to operate and scale and has native Consul and Vault integrations.
https://www.nomadproject.io/
Other
15k stars 1.96k forks source link

CSI: support getting Secrets from Variables or Vault #7978

Open tgross opened 4 years ago

tgross commented 4 years ago

In https://github.com/hashicorp/nomad/pull/7923 we added support for including secrets for volume registration, which are then passed along to plugin RPCs. If we could source these secrets from Vault, that would be even better.

cc @schmichael @dadgar

tgross commented 2 years ago

Alternately, now that we'll have Variables in Nomad 1.4.0, we could let users get secrets from there.

tgross commented 2 years ago

Note for implementation: one of the things we deliberately did with Task Access to Variables was to prefix the task variables path with nomad/jobs, leaving room for us to do something like nomad/volumes in the future. We could automatically grant claims access to secrets that match the volume name in the same way we've done with the tasks. You'd register the secrets at the time the volume is created/registered, and from there on out you wouldn't need to know about secrets. This is a much simpler solution than Vault access.

leanst-daniel commented 1 year ago

I need this :)