Open
Description
Proposal
Fetch vault token directly from kubernetes Secret object, like how AzureKeyVault
does while fetching the clientSecret
Use-Case
In order to use custom credentials for autoscaling purpose, I need to supply custom vault token to the TriggerAuthentication without changing the target Deployment
manifest (eg: including the token as env var).
Afaik, I'm only able to do it via plaintext in the manifest like this:
apiVersion: keda.sh/v1alpha1
kind: TriggerAuthentication
metadata:
name: webserver
spec:
hashiCorpVault:
address: http://vault.default:8200
authentication: token
credential:
token: ====the-token====
secrets:
- key: value
parameter: connection
path: secret/webserver/pgconn
Can we add the feature to HC Vault resolver so it will be able to fetch the auth token from the kubernetes Secret directly?
updated manifest would be like this:
apiVersion: keda.sh/v1alpha1
kind: TriggerAuthentication
metadata:
name: webserver
spec:
hashiCorpVault:
address: http://vault.default:8200
authentication: token
credential:
tokenSecret:
valueFrom:
secretKeyRef:
key: token
name: vault
secrets:
- key: value
parameter: connection
path: secret/webserver/pgconn
I'm not sure if introducing this new field would result in a breaking change. Therefore, for compatibility reasons, the new field is named tokenSecret
instead of token
Is this a feature you are interested in implementing yourself?
Yes
Anything else?
No response
Metadata
Metadata
Assignees
Type
Projects
Status
To Do