Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Get the pfx from Azure Key Vault mantaining the password #1767

Open
2 tasks done
priscofarina opened this issue Feb 25, 2025 · 0 comments
Open
2 tasks done

Get the pfx from Azure Key Vault mantaining the password #1767

priscofarina opened this issue Feb 25, 2025 · 0 comments
Labels
bug Something isn't working

Comments

@priscofarina
Copy link

priscofarina commented Feb 25, 2025
edited
Loading

Have you

What steps did you take and what happened:
I am importing a pfx file in the Azure Key Vault but when I try to read the pfx file from the KV then the pfx fetched file got mounted in my pod but without a password (I want the same password of my pfx file which I have mounted in the KV):

apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
  name: my-secrets-azure-keyvault-secrets
spec:
  provider: azure
  secretObjects:
    - secretName: my-secrets
      type: Opaque
      data:
------
  parameters:
    usePodIdentity: "false"
    keyvaultName: {{ required "A valid .Values.secrets.keyvaultName entry required!" (index (.Values.secrets) "keyvaultName") }}
    tenantId: {{ required "A valid .Values.secrets.tenantId entry required!" (index (.Values.secrets) "tenantId") }}
    objects: |
      array:
        - |
          objectName: FILEPFX
          objectType: secret
          objectFormat: pfx
          objectEncoding: base64
          objectAlias: FILEPFX.pfx

What did you expect to happen:

I was expecting that the pfx file mounted is getting retrieved maintaining the password.

Anything else you would like to add:
[Miscellaneous information that will assist in solving the issue.]

Which access mode did you use to access the Azure Key Vault instance:
[e.g. Service Principal, Pod Identity, User Assigned Managed Identity, System Assigned Managed Identity]

Environment:

  • Secrets Store CSI Driver version: (use the image tag):
    secrets-store-csi-driver-1.4.6
    image: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.11.1

  • Azure Key Vault provider version: (use the image tag):
    image: mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.6.0

  • Kubernetes version: (use kubectl version and kubectl get nodes -o wide):

   kubectl version
   Client Version: v1.31.2 
   Kustomize Version: v5.4.2
   Server Version: v1.27.10+c79e5e2
  • Cluster type: OpenShift version 4.14.16
@priscofarina priscofarina added the bug Something isn't working label Feb 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@priscofarina