I want to declare Vault secrets as environment variables while using Kubernetes with following configuration:
[...]
apiVersion: apps/v1
kind: Deployment
metadata:
name: consumer-xyz
spec:
replicas: 1
selector:
matchLabels:
app: consumer-xyz
template:
metadata:
annotations:
vault.hashicorp.com/agent-init-first: "true"
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-inject-secret-env: app-xyz-www/xyz/app
vault.hashicorp.com/agent-inject-status: update
vault.hashicorp.com/agent-inject-template-env: |
{{- with secret "app-xyz-www/xyz/app" -}}
{{- range $k, $v := .Data.data -}}
export {{ $k }}='{{ $v }}'
{{ end -}}
{{- end -}}
vault.hashicorp.com/agent-pre-populate-only: "true"
vault.hashicorp.com/ca-cert: /vault/tls/ca-chain.crt
vault.hashicorp.com/role: app-xyz-www
vault.hashicorp.com/tls-secret: hashicorp-vault-ca-certificates
vault.hashicorp.com/agent-run-as-user: "33"
vault.hashicorp.com/agent-run-as-group: "33"
[...]
What happens is that if a value in Vault contains a =
the line is cut at that point, so instead of say:
export ENV_1='https://www.example.com/endpoint?type=xml'
I get:
export ENV_1='https://www.example.com/endpoint?type
In fact the same happens if I write it directly:
vault.hashicorp.com/agent-inject-template-env: |
export ENV_1='https://www.example.com/endpoint?type=xml'
How can I export environment variables with =
correctly?