Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Vault usage explanation

See original GitHub issue

Description

I am trying to use Vault to read secrets from. I have a chart yaml file that looks like this

  Master:
    ContainerEnv:
      - name: CASC_VAULT_TOKEN
        value: "some-auth-token"
      - name: CASC_VAULT_URL
        value: "http://10.180.0.1:8200"
      - name: CASC_VAULT_PATHS
        value: "database/creds/pgsql_role"

I generated the CASC_VAULT_TOKEN with vault token create -policy=token-policy -use-limit=10, and that policy has read access to the database/creds/pgsql_role path. My problem is how to read the secrets from vault after spinning up Jenkins. Do I use certain env variables? Basically I want Jenkins to do vault read database/creds/pgsql_role and use the username and password generated. It seems the documentation is talking about using Docker secrets but does not give specific examples. Any help would be appreciated.

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:14 (6 by maintainers)

github_iconTop GitHub Comments

1reaction
dhs-reccommented, Oct 15, 2021

I wonder why this ticket has been closed w/o improving the documentation (as requested). I also needed to find this ticket to really understand how things work. Please reopen and improve the docs.

0reactions
alan-mascommented, Apr 5, 2022

Hi all! I just found this thread and it has been pretty helpfull for me, but I do still do not find a solution of my issue (in case adding a comment in a close issue is wrong, please feel free to delete my comment @jetersen).

CONTEXT: I am triying to deploy a Jenkins using helm with JCASC to get vault secrets. I am using a local minikube to create mi k8 cluster and a local vault instance in my machine (not in k8 cluster).

Even that I am trying using initContainerEnv and ContainerEnv I am not able to reach the vault values. For CASC_VAULT_TOKEN value I am using vault root token. This is helm command i run locally:

helm upgrade --install -f values.yml mijenkins jenkins/jenkins

And here is my values.yml file code:

controller:
  installPlugins:
    # need to add this configuration-as-code due to a known jenkins issue: https://github.com/jenkinsci/helm-charts/issues/595
  - "configuration-as-code:1414.v878271fc496f"
  - "hashicorp-vault-plugin:latest"

  # passing initial environments values to docker basic container
  initContainerEnv:
  - name: CASC_VAULT_TOKEN
    value: "my-vault-root-token"
  - name: CASC_VAULT_URL
    value: "http://localhost:8200"
  - name: CASC_VAULT_PATHS
    value: "cubbyhole/jenkins"
  - name: CASC_VAULT_ENGINE_VERSION
    value: "2"
  ContainerEnv:
  - name: CASC_VAULT_TOKEN
    value: "my-vault-root-token"
  - name: CASC_VAULT_URL
    value: "http://localhost:8200"
  - name: CASC_VAULT_PATHS
    value: "cubbyhole/jenkins"
  - name: CASC_VAULT_ENGINE_VERSION
    value: "2"

  JCasC:
    configScripts:
      here-is-the-user-security: |
        jenkins:
          securityRealm:
            local:
              allowsSignup: false
              enableCaptcha: false
              users:
                - id: "${JENKINS_ADMIN_ID}"
                  password: "${JENKINS_ADMIN_PASSWORD}"

And in my local vault I can see/reach values:

>vault kv get cubbyhole/jenkins
============= Data =============
Key                       Value
---                       -----
JENKINS_ADMIN_ID          alan
JENKINS_ADMIN_PASSWORD    acosta

Any of you have an idea what I could be doing wrong?

Read more comments on GitHub >

github_iconTop Results From Across the Web

Vault Definition & Meaning - Merriam-Webster
1 of 3 noun. ˈvȯlt. 1. a. : an arched structure of stone or concrete forming a ceiling or roof. b. : an...
Read more >
What Is Vault? | Definition - Akeyless
A centralized vault helps you monitor and track secrets across your company. These secrets include tokens, SSH keys, and certificates.
Read more >
Introduction | Vault - HashiCorp Developer
HashiCorp Vault is an identity-based secrets and encryption management system. A secret is anything that you want to tightly control access to, such...
Read more >
Vault definition and meaning | Collins English Dictionary
A vault is a secure room where money and other valuable things can be kept safely. Most of the money was in storage...
Read more >
VAULT | definition in the Cambridge English Dictionary
vault noun [C] (ROOM) ... a room, esp. in or under the ground floor of a large building, that is used to store...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Parameters from jobs are stripped

Next page

Load configuration from object in S3