vault-helm: helm template: function "secret" not defined

The recommended annotation for templating a secret, as suggested in your docs, results in helm templating error. It works fine when running kubectl apply but helm tries to interpret the templating language instead of a string literal

      annotations:  
        vault.hashicorp.com/agent-inject-template-account: |
          {{- with secret "path/to/secret" -}}
          {{ .Data.test }}
          {{- end }}

Whats the right approach to be able to run that in helm? I am using helm 3.

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Reactions: 5
  • Comments: 16 (1 by maintainers)

Most upvoted comments

The fix iis to remove the space between }} and `

   annotations:  
        vault.hashicorp.com/agent-inject-template-account: |
          {{`{{- with secret "path/to/secret" -}}
          {{ .Data.test }}
          {{- end }}`}}
+16
mitchellmaler on Apr 9, 2020

am i the only one who thinks this a complex way of injecting secrets? third parties have for a long time already taken advantage of admission webhooks and injecting secrets into a pod. e.g. this

ultimately hashicorp will need to revisit this sticking point

+14
ekhaydarov on Dec 1, 2020

@elnoxgdl try with

        vault.hashicorp.com/agent-inject-template-config: |-
          {{`{{- with secret `}}"{{ .Values.vault.secret_path }}"{{` -}}`}}
          {{`{{- range $k, $v := .Data.data }}`}}
          {{`{{ $k }}={{ $v }}`}}
          {{`{{- end }}`}}
          {{`{{- end }}`}}
+13
bds-congnguyen on Dec 1, 2020

Hey @ekhaydarov, this should work:

   annotations:  
        vault.hashicorp.com/agent-inject-template-account: |
          {{` {{- with secret "path/to/secret" -}}
          {{ .Data.test }}
          {{- end }} `}}
+11
jasonodonnell on Jan 30, 2020

@elnoxgdl try with

        vault.hashicorp.com/agent-inject-template-config: |-
          {{`{{- with secret `}}"{{ .Values.vault.secret_path }}"{{` -}}`}}
          {{`{{- range $k, $v := .Data.data }}`}}
          {{`{{ $k }}={{ $v }}`}}
          {{`{{- end }}`}}
          {{`{{- end }}`}}

Thanks dude. it helped me atleast.

+6
ankur512512 on Mar 2, 2021

lint returns this error

unable to parse YAML: error converting YAML to JSON: yaml: line 34: did not find expected key

+5
toddams on Feb 28, 2020 
    {{- with $deployment.secrets }}
      {{- range $key, $value := . }}
        vault.hashicorp.com/agent-inject-secret-{{ $key }}.yml: {{ $value }}
        vault.hashicorp.com/agent-inject-template-{{ $key }}.yml: |
          {{ printf `{{- with secret "%s" -}}
            {{- range $secretKey, $secretValue := .Data.data }}
              {{ $secretKey }}: {{ $secretValue }}
            {{- end }}
          {{- end }}` $value }}
      {{- end }}
    {{- end }}

in my case, I wanted to iterate over a list of secrets and auto template each of them where secrets list might look like

secrets:
  foo: secret/foo
+2
agates4 on Sep 9, 2021
Read more comments on GitHub
← vault-helm: HA vault init with TLS - cannot validate certificate
vault-helm: prometheus is not enabled%  →