...
Setting up Vault URL
To use secrets from Vault, the Helm chart needs to know where to access the Vault server. We do that by providing the URL like this:
...
Injecting the secret into an environment variable
This section assumes that the Vault URL has been set up.
Assuming the needed secret is available at the app’s Vault path keycloak/client-secret under the entry password and that we want that secret to be available in our app in the CLIENT_SECRET environment variable, use this snippet in the app’s values file:
...
| Code Block |
|---|
vault:
environment:
keycloak/client-secret:
CLIENT_SECRET: password |
Note: the password in these snippets is not supposed to be replaced by an actual password or secret. It refers to the name of the entry in which the secret resides in Vault.