Get secrets from OCI Vault #72
Assignees
Comments
|
Hi @luddevik and thank you for reporitng this issue. I will set up a reproducer and prepare a fix for you. |
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently trying to run this in container instances in OCI. The container is set up to fetch secret from OCI Vault, by providing the VAULT_ID and VAULT_SECRET_NAME.
The common.ConfigurationProviderEnvironmentVariables("vault","") and secrets.NewSecretsClientWithConfigurationProvider(configProvider) in vault.go can not create client if not vault_tenancy_ocid, vault_user_ocid, vault_fingerprint, vault_region is defined.
This is intended to run as a standalone container in container instances and let the cotnainer be able to read the secret (without any additional users added or config files located on the container).
The dynamic group has been set up with: matching_rule = "All {resource.type='computecontainerfamily'}"
The identity policy has been set up with:
Allow dynamic-group GROUP to read vaults in tenancy
Allow dynamic-group GROUP to read secret-bundles in tenancy.
The text was updated successfully, but these errors were encountered: