1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00

[Hashicorp Vault] - Documentation note for vault namespaces (#1291)

This commit is contained in:
Benjamin Issa 2022-06-23 18:39:31 -04:00 committed by GitHub
parent 0ed419cdba
commit 9fa26a9309
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -305,7 +305,9 @@ or `Kind=ClusterSecretStore` resource.
```
**NOTE:** In case of a `ClusterSecretStore`, Be sure to provide `namespace` in `secretRef` with the namespace where the secret resides.
### Vault Enterprise and Eventual Consistency
### Vault Enterprise
#### Eventual Consistency and Performance Standby Nodes
When using Vault Enterprise with [performance standby nodes](https://www.vaultproject.io/docs/enterprise/consistency#performance-standby-nodes),
any follower can handle read requests immediately after the provider has
@ -316,6 +318,27 @@ state.
Below are two different solutions to this scenario. You'll need to review them
and pick the best fit for your environment and Vault configuration.
#### Vault Namespaces
[Vault namespaces](https://www.vaultproject.io/docs/enterprise/namespaces) are an enterprise feature that support multi-tenancy. You can specify a vault namespace using the `namespace` property when you define a SecretStore:
```yaml
apiVersion: external-secrets.io/v1beta1
kind: SecretStore
metadata:
name: vault-backend
spec:
provider:
vault:
server: "http://my.vault.server:8200"
# See https://www.vaultproject.io/docs/enterprise/namespaces
namespace: "ns1"
path: "secret"
version: "v2"
auth:
# ...
```
#### Read Your Writes
Vault 1.10.0 and later encodes information in the token to detect the case