Add support for claiming binary secrets using base64 encoding

Question

Add support for claiming binary secrets using base64 encoding

Crazybus opened this issue 6 years ago · 1 comments

Right now it isn't possible to consume binary secrets via kube-vault-controller. This is because the vault API expects data to be in JSON. If a secret contains binary data then it needs to be base64 encoded (or similar) by the client and then decoded again by the consumer of the secret.

Proposal: Adding a new optional Format field to the secret spec.

type SecretSpec struct {
	Type   v1.SecretType          `json:"type"`
	Path   string                 `json:"path"`
	Data   map[string]interface{} `json:"data"`
	Renew  int64                  `json:"renew"`
	Format string                 `json:"format"`
}

The default format and behavior would be format: "plain". My proposal is to add a new type format: "base64" which would allow a user to write a base64 encoded secret to vault, and have it appear properly decoded again as a Kubernetes secret.

Answer 1 · 2019-07-02T09:00:45.000Z

Love it!

U planning to work on this next? Or do you want me to take it on and help you out?