This is a Porter plugin to inject credentials to Porter bundle from hashicorp's vault.
Supports porter version greater or equal to v0.23.0-beta.1 and supports only KV Version 2 secret engine. Please raise an issue if you're looking for support for other secret engines
porter plugin install hashicorp --feed-url https://github.com/dev-drprasad/porter-hashicorp-plugins/releases/download/feed/atom.xml
To use vault plugin, add the following config to porter's config file (default location: ~/.porter/config.toml).
Replace vault_addr, vault_token and path_prefix with proper values.
default-secrets = "porter-secrets"
[[secrets]]
name = "porter-secrets"
plugin = "hashicorp.vault"
[secrets.config]
vault_addr = "http://vault.example.com:7500"
path_prefix = "organization/team/project"
vault_token = "token"
Your secret will be injected as json into porter manifest. Currently there is no support for accessing specific key from a secret. If you're looking for that feature, do raise an issue.
path_prefix lets allow you to specify prefix for your secret path. Let' say you have a secret (myawesomeproject) with path organization/team/project/myawesomeproject, then you can configure path_prefix as organization/team/project.