##DESCRIPTION :
I use to do :
- name: Import secrets from Vault
uses: hashicorp/vault-action@v3
with:
exportToken: true
method: jwt
jwtTtl: 120
path: myClient_github_actions
jwtGithubAudience: https://github.com/myClient
url: ${{ vars.VAULT_URL }}
namespace: parentNamespace/childNamespace
role: ${{ github.event.repository.name }}
secrets: ${{inputs.vault-secrets-inputs}}
wich works fine but then I got the need to get secrets from multiple child namespace.
I've seen in the documentation that its possible by adding in my secret path the namespace like so :
parentNamespace-1/childNamespace-1/secret/data/ci/aws secret1 | secret1 ;
parentNamespace-1/childNamespace-2/secret/data/ci/aws secret2 | secret2 ;
parentNamespace-1/childNamespace-3/secret/data/ci/aws secret3 | secret3 ;
But it seems like its not working because I don't have the right to the parent namespace, I keep getting this error :
failed to retrieve vault token. code: ERR_NON_2XX_3XX_RESPONSE, message: Response code 403 (Forbidden), vaultResponse: {"errors":["permission denied"]}
##MY NEEDS :
I'd like to be able to get secrets from multiple child namespace without needing the right to the parent.
##QUESTION :
Am I missing something here ?
Is it a feature you guys planned to do ? Or should I just send myself a json in my workflow to loop on and call vault for every namespace I recieved ?
##DESCRIPTION :
I use to do :
uses: hashicorp/vault-action@v3
with:
exportToken: true
method: jwt
jwtTtl: 120
path: myClient_github_actions
jwtGithubAudience: https://github.com/myClient
url: ${{ vars.VAULT_URL }}
namespace: parentNamespace/childNamespace
role: ${{ github.event.repository.name }}
secrets: ${{inputs.vault-secrets-inputs}}
wich works fine but then I got the need to get secrets from multiple child namespace.
I've seen in the documentation that its possible by adding in my secret path the namespace like so :
parentNamespace-1/childNamespace-1/secret/data/ci/aws secret1 | secret1 ;
parentNamespace-1/childNamespace-2/secret/data/ci/aws secret2 | secret2 ;
parentNamespace-1/childNamespace-3/secret/data/ci/aws secret3 | secret3 ;
But it seems like its not working because I don't have the right to the parent namespace, I keep getting this error :
failed to retrieve vault token. code: ERR_NON_2XX_3XX_RESPONSE, message: Response code 403 (Forbidden), vaultResponse: {"errors":["permission denied"]}
##MY NEEDS :
I'd like to be able to get secrets from multiple child namespace without needing the right to the parent.
##QUESTION :
Am I missing something here ?
Is it a feature you guys planned to do ? Or should I just send myself a json in my workflow to loop on and call vault for every namespace I recieved ?