循环遍历 Vault 密钥

huangapple go评论81阅读模式
英文:

Loop through Vault secret

问题

我正在尝试使用Vault注释的模板来创建一个具有key: value结构的秘密文件。

目前我正在尝试以下内容:

vault.hashicorp.com/agent-inject-template-credentials.txt: |
  {{ with secret (print "secret/data/test/config/") }}{{ range $k, $v := .Data.data }}
  {{ $k }}: {{ $v }}
  {{ end }}

但是这导致了Vault的初始化容器错误。秘密本身的结构如下:

data        map[test1:test1 test2:test2 test3:test3]
metadata    map[created_time:2022-09-04T23:47:42.299009227Z custom_metadata:<nil> deletion_time: destroyed:false version:2]

输出的结构应该是这样的(key: value):

test1: test1
test2: test2
test3: test3

我该如何实现这个目标?

[编辑]

vault.hashicorp.com/agent-inject-template-credentials.txt: |
  {{- with secret (print "secret/data/test/config") }}{{- range $k, $v := .Data.data }}
  {{ $k }}: {{ $v }}
  {{- end }}{{- end }}

这个方法很好用,但是它在文件开头产生了一个空行:

// 文件开头有一个空行
test1: test1
test2: test2
test3: test3
英文:

I'm trying to use Vault annotation's template to create a secret file with key: value structure.

Currently I'm trying with this:

vault.hashicorp.com/agent-inject-template-credentials.txt: |
  {{ with secret (print &quot;secret/data/test/config/&quot;) }}{{ range $k, $v := .Data.data }}
  {{ $k }}: {{ $v }}
  {{ end }}

But this results is Vault's init container error. The secret itself looks like this:

data        map[test1:test1 test2:test2 test3:test3]
metadata    map[created_time:2022-09-04T23:47:42.299009227Z custom_metadata:&lt;nil&gt; deletion_time: destroyed:false version:2]

And the output structure should look like that (key: value):

test1: test1
test2: test2
test3: test3

How can I achieve that?

[EDIT]

vault.hashicorp.com/agent-inject-template-credentials.txt: |
  {{- with secret (print &quot;secret/data/test/config&quot;) }}{{- range $k, $v := .Data.data }}
  {{ $k }}: {{ $v }}
  {{- end }}{{- end }}

This works well but it produces new line at the beginning of the file:

// one empty line at the beginning
test1: test1
test2: test2
test3: test3

答案1

得分: 1

为了消除换行符,你需要直接在 | 后面开始文件。

vault.hashicorp.com/agent-inject-template-credentials.txt: | {{- with secret (print "secret/data/test/config") }}{{- range $k, $v := .Data.data }}
{{ $k }}: {{ $v }}
{{- end }}{{- end }}

我建议使用模板的 sourcedestination。你可以在 这里 找到更多信息。

英文:

To eliminate the line break you have to start the file after the | directly

vault.hashicorp.com/agent-inject-template-credentials.txt: | {{- with secret (print &quot;secret/data/test/config&quot;) }}{{- range $k, $v := .Data.data }}
{{ $k }}: {{ $v }}
{{- end }}{{- end }}

i suggest using template source and destination src

huangapple
  • 本文由 发表于 2022年9月5日 08:16:05
  • 转载请务必保留本文链接:https://go.coder-hub.com/73603590.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定