Kubernetes external secret with hashicorp vault - Error handling if secret not available

11/26/2020

In our helm based Kubernetes project, we're fetching external secrets from hashicorp vault, as shown in the below example. Deployment is done using Argocd

apiVersion: 'kubernetes-client.io/v1'
kind: ExternalSecret
metadata:
  name: hello-vault-service
spec:
  backendType: vault
  vaultMountPoint: my-kubernetes-vault-mount-point
  vaultRole: my-vault-role
  data:
  - name: password
    key: secret/data/hello-service/credentials

If vault path secret/data/hello-service/credentials is missing, currently we are getting 404 error. We need to handle this error by taking the default dummy secret value from values.yaml if external secret path not found.

Could someone please help

-- Aswin George
argocd
hashicorp-vault
kubernetes
kubernetes-helm

0 Answers