How can I represent authorization bearer token in YAML

11/25/2021

I have generated the access token and placed in below mentioned mount path and this token need to be included in the Authorization header when making a request against the retrieve secret endpoint.

How can we achieve it in yaml scripting

volumeMounts:
  - mountPath: /run/test
    name: conjur-access-token
    readOnly: true
-- GPK327
aws-secrets-manager
cyber-ark
hashicorp-vault
kubernetes
yaml

2 Answers

11/25/2021

If the file containing your token in the mount path is called token, then you can simply do (assuming that you use curl):

curl -H "Authorization: Bearer $(cat /run/test/token)" ...
-- weibeld
Source: StackOverflow

1/5/2022

This question is referencing CyberArk's Conjur Secrets Manager's Kubernetes authenticator. It uses a sidecar authenticator client to keep an authenticated session token for Conjur's API refreshed in a shared volume mount with an application container running within a Kubernetes pod. This allows the application container to request secret values Just-in-Time (JiT) from the Conjur API with a single API call.

There is a file located at /run/test/conjur-access-token (according to the manifest snippet you provided) that contains the authenticated session token to use to connect to the Conjur API. Your application container needs to read /run/test/conjur-access-token and use it in the Authorization header as a Token-based authorization. To use curl, this would look like:

curl -H "Authorization: Token token='$(cat /run/test/conjur-access-token)'" https://conjur.example.com/secrets/myorg/variable/prod%2Fdb%2Fpassword

Where:

  • /run/test/conjur-access-token is the path to the shared volume mount of the application container and sidecar Kubernetes authenticator client.
  • conjur.example.com is the Base URL for your Conjur Follower in the Kubernetes cluster (or outside, if that's the deployment method).
  • myorg is the organzation account configured at the time of Conjur deployment and configuration.
  • prod%2Fdb%2Fpassword is the URLified secret variable path in Conjur. This would be referenced otherwise as prod/db/password but since forward-slashes are part of URL/URI, we need this URLified to %2F.
-- InfamousJoeG
Source: StackOverflow