Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use a file sink for agent-inject-token #250

Merged
merged 1 commit into from
Apr 22, 2021
Merged

Use a file sink for agent-inject-token #250

merged 1 commit into from
Apr 22, 2021

Conversation

tvoran
Copy link
Member

@tvoran tvoran commented Apr 21, 2021
edited
Loading

Since injecting the token from auth/token/lookup-self as a secret doesn't work when persistent caching is enabled, this PR uses a file sink instead to make the auto-auth token available to the app container at /vault/secrets/token. This also means ACLs are no longer required for auth/token/lookup-self. It also gets around the warning noted in #195 and the newline issue in #207.

Fixes #237, #195, #207.

@tvoran
Use a file sink for agent-inject-token
1faf5c0 
Instead of auth/token/lookup-self, which doesn't work when persistent
agent caching is enabled.
tomhjp
tomhjp approved these changes Apr 22, 2021
View reviewed changes
Copy link
Contributor

@tomhjp tomhjp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

jasonodonnell
jasonodonnell approved these changes Apr 22, 2021
View reviewed changes
Copy link
Contributor

@jasonodonnell jasonodonnell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@tvoran tvoran merged commit 87fd9ba into master Apr 22, 2021
@tvoran tvoran deleted the inject-token-with-sink branch April 22, 2021 18:16
This was linked to issues Apr 22, 2021
Error on Token Injection #195
Closed
Newline in TokenTemplate breaks token usability in some cases #207
Closed
This was referenced Apr 22, 2021
Closed
Closed
RemcoBuddelmeijer pushed a commit to RemcoBuddelmeijer/vault-k8s that referenced this pull request Feb 22, 2022
@tvoran
Use a file sink for agent-inject-token (hashicorp#250)
dff7421 
Instead of auth/token/lookup-self, which doesn't work when persistent
agent caching is enabled.
@tvoran tvoran mentioned this pull request Feb 24, 2022
Closed
tvoran added a commit that referenced this pull request Feb 24, 2022
@tvoran
fixing changelog link text for #250
849f8a1
tvoran added a commit that referenced this pull request Feb 24, 2022
@tvoran
fixing changelog link text for #250 (#322)
9cf4d6d
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@calvn calvn calvn approved these changes

@jasonodonnell jasonodonnell jasonodonnell approved these changes

@tomhjp tomhjp tomhjp approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@tvoran @calvn @jasonodonnell @tomhjp