concourse-chart icon indicating copy to clipboard operation
concourse-chart copied to clipboard
verified publisher icon concourse

Best practices for vaultAuthParam?

Open mikebell opened this issue 5 years ago • 1 comments

Apologies if this is a stupid question but we have concourse and vault setup working really well but whenever we do an upgrade of the chart this secret is being removed because we don't store it anywhere. Is there a way of setting it and then having it ignored by any future upgrades or do we need another secrets manager for this? It's a bit of a chicken vs egg situation I think.

Any guidance would be really appreciated.

mikebell avatar May 20 '20 10:05 mikebell

Following the approle auth backend https://concourse-ci.org/vault-credential-manager.html#vault-approle-auth And we store the role_id and secret_id in the concourse-web secret and we do not need to worry about it unless we delete the cluster.

vault-client-auth-param: role_id:xxx,secret_id:xxx

      ## if the Vault authentication backend requires params from secrets, set this to true,
      ## and provide a value in secrets (field `vault-client-auth-param`).
      ##
      useAuthParam:

CosminBriscaru avatar Jul 27 '21 15:07 CosminBriscaru