Michal.Wrobel/openbao-helm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add note to config about sensitive configs (#323)

Browse source 
* Add note to config about sensitive configs

* Update README.md

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
This commit is contained in:
Jason O'Donnell 2020-06-04 13:37:31 -04:00 committed by GitHub
parent e7736defa1
commit 62380cc24a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 20 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
README.md
View file

@ -1,5 +1,9 @@
# Vault Helm Chart # Vault Helm Chart
> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If
you believe you have found a security issue in Vault Helm, _please responsibly disclose_
by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
This repository contains the official HashiCorp Helm chart for installing This repository contains the official HashiCorp Helm chart for installing
and configuring Vault on Kubernetes. This chart supports multiple use and configuring Vault on Kubernetes. This chart supports multiple use
cases of Vault on Kubernetes depending on the values provided. cases of Vault on Kubernetes depending on the values provided.

16
values.yaml
View file

@ -341,6 +341,11 @@ server:
# deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
# and store data there. This is only used when using a Replica count of 1, and # and store data there. This is only used when using a Replica count of 1, and
# using a stateful set. This should be HCL. # using a stateful set. This should be HCL.
# Note: Configuration files are stored in ConfigMaps so sensitive data
# such as passwords should be either mounted through extraSecretEnvironmentVars
# or through a Kube secret. For more information see:
# https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
config: | config: |
ui = true ui = true
@ -382,6 +387,11 @@ server:
enabled: false enabled: false
# Set the Node Raft ID to the name of the pod # Set the Node Raft ID to the name of the pod
setNodeId: false setNodeId: false
# Note: Configuration files are stored in ConfigMaps so sensitive data
# such as passwords should be either mounted through extraSecretEnvironmentVars
# or through a Kube secret. For more information see:
# https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
config: | config: |
ui = true ui = true
@ -396,9 +406,15 @@ server:
} }
service_registration "kubernetes" {} service_registration "kubernetes" {}
# config is a raw string of default configuration when using a Stateful # config is a raw string of default configuration when using a Stateful
# deployment. Default is to use a Consul for its HA storage backend. # deployment. Default is to use a Consul for its HA storage backend.
# This should be HCL. # This should be HCL.
# Note: Configuration files are stored in ConfigMaps so sensitive data
# such as passwords should be either mounted through extraSecretEnvironmentVars
# or through a Kube secret. For more information see:
# https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
config: | config: |
ui = true ui = true