Skip to content

Version 1.4.4 / 2019-12-09
Compare
Choose a tag to compare
@ricoberger ricoberger released this 09 Dec 20:12
1.4.4
30c9732

Allow custom certificates

It's now possible to use custom certificates for the communication between the Operator and Vault. To use custom certificates you need to set the following environment variables:

  • VAULT_CACERT: CA certificate to verify the Vault server's SSL certificate.
  • VAULT_CLIENT_CERT: CA certificate to use for TLS authentication to the Vault server.
  • VAULT_CLIENT_KEY: Private key matching the client certificate from VAULT_CLIENT_CERT .
  • VAULT_SKIP_VERIFY: Disable verification of TLS certificates.
  • VAULT_TLS_SERVER_NAME: Name to use as the SNI host when connecting via TLS.

The environment variables can be set as follows in the Helm chart:

environmentVars:
  - envName: VAULT_CACERT
    secretName: vault-secrets-operator-tls
    secretKey: VAULT_CACERT
  - envName: VAULT_CLIENT_CERT
    secretName: vault-secrets-operator-tls
    secretKey: VAULT_CLIENT_CERT
  - envName: VAULT_CLIENT_KEY
    secretName: vault-secrets-operator-tls
    secretKey: VAULT_CLIENT_KEY

The corresponding secret vault-secrets-operator-tls looks as follows:

apiVersion: v1
kind: Secret
metadata:
  name: vault-secrets-operator-tls
data:
  VAULT_CACERT: ...
  VAULT_CLIENT_CERT: ...
  VAULT_CLIENT_KEY: ...
type: Opaque
Assets 2
Loading