Description
Is your feature request related to a problem? Please describe.
I'm looking at migrating from a setup where I use consul-template to fetch and then template Vault secrets (via the Vault Agent sidecar) into my application pods before launching the actual application process.
My apps generally consume JSON formatted config files with deeply nested structures.
The solution we've got now is to create fields in the Vault secret with / separated names and use the consul template explodeMap function to expand these out to a nested map, which can then be converted to JSON
e.g.
Vault secret
> vault kv get secret/foobar
...snip
============== Data ==============
Key Value
--- -----
foo/bar/baz qux
foo/a/b c
template
{{- with secret "secret/foobar" -}}
{{- range $k, $v := .Data.data -}}
{{- scratch.MapSet "vars" $k $v -}}
{{- end -}}
{{- end -}}
{{ scratch.Get "vars" | explodeMap | toJSONPretty }}
json result
{
"foo": {
"bar": {
"baz": "qux"
},
"a": {
"b": "c"
}
}
}Describe the solution you'd like
An equivalent function in VSO so that I can do something like
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
name: foobar
namespace: default
spec:
destination:
create: true
name: foobar
transformation:
excludes:
- .*
templates:
vault.json:
text: |
{{ .Secrets | explodeMap | toPrettyJson }}
mount: /secret
path: foobar
type: kv-v2
vaultAuthRef: foobarDescribe alternatives you've considered
If there's a way to do this with the available functions that'd be great too, especially if i can abstract it out into a shared SecretTransformation.
I haven't been able to figure out a way though, splitn maybe?