Helm/Vault/Kubernetes— How to interpolate a Helm variable within the Secret Path for Vault Sidecar Injector?

2/3/2022

Anyone here know how to properly interpolate a helm root-level value like .Release.Namespace into a secrets path for Vault using the Vault Sidecar injector w/ annotations properly ?

What I have, but this is not interpolating in the first annotation successfully due to Helm notation (in a template file, not values.yaml)—

vault.hashicorp.com/agent-inject-template-app-stuff: |
  {{`{{- with secret “kv/data/apps/MyApp/{{ .Release.Namespace }}” -}}
  export FOO=“{{ .Data.data.FOO }}  {{- end -}}`}}
vault.hashicorp.com/agent-inject-secret-app-stuff: ‘kv/data/apps/MyApp/{{ .Release.Namespace }}

The second annotation resolves properly bc it’s a simple string but getting the secret path to resolve in the first one is the issue as it’s just interpreting the text as static :/ (e.g. kv/data/apps/MyApp/{{ .Release.Namespace }})

Am I overlooking something silly or should I just re-think this piece altogether ?

Idea is that multiple versions of an app (dev/stage/etc.) will look under the same path up until the actual namespace for that app, tho really I think at its core this is a helm/interpolation technical question 😓

-- Shives66
hashicorp-vault
kubernetes
kubernetes-helm

0 Answers