Add note to config about sensitive configs (#323)
* Add note to config about sensitive configs * Update README.md Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
This commit is contained in:
Jason O'Donnell
GitHub
parent
e7736defa1
commit
62380cc24a
2 changed files with 20 additions and 0 deletions
|
|
@ -1,5 +1,9 @@
|
|||
# Vault Helm Chart
|
||||
|
||||
> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If
|
||||
you believe you have found a security issue in Vault Helm, _please responsibly disclose_
|
||||
by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
|
||||
|
||||
This repository contains the official HashiCorp Helm chart for installing
|
||||
and configuring Vault on Kubernetes. This chart supports multiple use
|
||||
cases of Vault on Kubernetes depending on the values provided.
|
||||
|
|
|
|||
16
values.yaml
16
values.yaml
|
|
@ -341,6 +341,11 @@ server:
|
|||
# deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
|
||||
# and store data there. This is only used when using a Replica count of 1, and
|
||||
# using a stateful set. This should be HCL.
|
||||
|
||||
# Note: Configuration files are stored in ConfigMaps so sensitive data
|
||||
# such as passwords should be either mounted through extraSecretEnvironmentVars
|
||||
# or through a Kube secret. For more information see:
|
||||
# https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
|
||||
config: |
|
||||
ui = true
|
||||
|
||||
|
|
@ -382,6 +387,11 @@ server:
|
|||
enabled: false
|
||||
# Set the Node Raft ID to the name of the pod
|
||||
setNodeId: false
|
||||
|
||||
# Note: Configuration files are stored in ConfigMaps so sensitive data
|
||||
# such as passwords should be either mounted through extraSecretEnvironmentVars
|
||||
# or through a Kube secret. For more information see:
|
||||
# https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
|
||||
config: |
|
||||
ui = true
|
||||
|
||||
|
|
@ -396,9 +406,15 @@ server:
|
|||
}
|
||||
|
||||
service_registration "kubernetes" {}
|
||||
|
||||
# config is a raw string of default configuration when using a Stateful
|
||||
# deployment. Default is to use a Consul for its HA storage backend.
|
||||
# This should be HCL.
|
||||
|
||||
# Note: Configuration files are stored in ConfigMaps so sensitive data
|
||||
# such as passwords should be either mounted through extraSecretEnvironmentVars
|
||||
# or through a Kube secret. For more information see:
|
||||
# https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
|
||||
config: |
|
||||
ui = true
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue