util: allow configuring VAULT_BACKEND for Vault connection

It seems that the version of the key/value engine can not always be detected for Hashicorp Vault. In certain cases, it is required to configure the `VAULT_BACKEND` (or `vaultBackend`) option so that a successful connection to the service can be made. The `kv-v2` is the current default for development deployments of Hashicorp Vault (what we use for automated testing). Production deployments default to version 1 for now. Signed-off-by: Niels de Vos <ndevos@redhat.com>
2025-06-14 10:53:34 +00:00 · 2021-07-20 11:18:58 +02:00
parent 75b9b9fe6d
commit 82557e3f34
7 changed files with 26 additions and 1 deletions
--- a/examples/kms/vault/kms-config.yaml
+++ b/examples/kms/vault/kms-config.yaml
@ -9,6 +9,7 @@ data:
        "vaultAddress": "http://vault.default.svc.cluster.local:8200",
        "vaultAuthPath": "/v1/auth/kubernetes/login",
        "vaultRole": "csi-kubernetes",
+        "vaultBackend": "kv-v2",
        "vaultPassphraseRoot": "/v1/secret",
        "vaultPassphrasePath": "ceph-csi/",
        "vaultCAVerify": "false"
@ -16,6 +17,7 @@ data:
      "vault-tokens-test": {
          "encryptionKMSType": "vaulttokens",
          "vaultAddress": "http://vault.default.svc.cluster.local:8200",
+          "vaultBackend": "kv-v2",
          "vaultBackendPath": "secret/",
          "vaultTLSServerName": "vault.default.svc.cluster.local",
          "vaultCAVerify": "false",
@ -34,6 +36,7 @@ data:
      "vault-tenant-sa-test": {
          "encryptionKMSType": "vaulttenantsa",
          "vaultAddress": "http://vault.default.svc.cluster.local:8200",
+          "vaultBackend": "kv-v2",
          "vaultBackendPath": "shared-secrets",
          "vaultTLSServerName": "vault.default.svc.cluster.local",
          "vaultCAVerify": "false",