add secrets list expansion and variable name dot notation
We can fetch one secret whose name is derived from an environment variable, but we miss a mechanism to get at runtime a list of secrets.
To use a variable value (containing ,
separated values) we could introduce a $[OIDC]
syntax that would be
expanded during deserialization.
{
"vault:js:/kv/data/$[OIDCS]": "oidcs"
}
with OIDCS=foo,bar,baz
, it would be equivalent to write
{
"vault:js:/kv/data/foo": "oidcs.foo"
"vault:js:/kv/data/bar": "oidcs.bar"
"vault:js:/kv/data/baz": "oidcs.baz"
}
and would result in the following secret extVar
"secrets": {
"oidcs": {
"foo": {},
"bar": {},
"baz": {}
}
}
In the jsonnet template we would just have to loop over oidcs keys to generate the template accordingly.
We need to introduce
- a new expression in path
$[]
that would generate a list of paths, and - a dot notation in variable name, to insert a key at given path that could be used even without list expansion to compose a structure made of different secrets
Edited by Éric BURGHARD