Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

[Hashicorp Vault] - Documentation note for vault namespaces (#1291)

Benjamin Issa 3 years ago
parent
0ed419cdba
commit
9fa26a9309
1 changed files with 25 additions and 2 deletions
Split View Show Diff Stats
  1. 25 2
      docs/provider-hashicorp-vault.md

+ 25 - 2
docs/provider-hashicorp-vault.md
View File 

@@ -305,7 +305,9 @@ or `Kind=ClusterSecretStore` resource.
 
 ```
 
 **NOTE:** In case of a `ClusterSecretStore`, Be sure to provide `namespace` in `secretRef` with the namespace where the secret resides.
 
 
-### Vault Enterprise and Eventual Consistency
 
+### Vault Enterprise
 
+
 
+#### Eventual Consistency and Performance Standby Nodes
 
 
 When using Vault Enterprise with [performance standby nodes](https://www.vaultproject.io/docs/enterprise/consistency#performance-standby-nodes),
 
 any follower can handle read requests immediately after the provider has
 
@@ -316,6 +318,27 @@ state.
 
 Below are two different solutions to this scenario. You'll need to review them
 
 and pick the best fit for your environment and Vault configuration.
 
 
+#### Vault Namespaces
 
+
 
+[Vault namespaces](https://www.vaultproject.io/docs/enterprise/namespaces) are an enterprise feature that support multi-tenancy. You can specify a vault namespace using the `namespace` property when you define a SecretStore:
 
+
 
+```yaml
 
+apiVersion: external-secrets.io/v1beta1
 
+kind: SecretStore
 
+metadata:
 
+  name: vault-backend
 
+spec:
 
+  provider:
 
+    vault:
 
+      server: "http://my.vault.server:8200"
 
+      # See https://www.vaultproject.io/docs/enterprise/namespaces
 
+      namespace: "ns1"
 
+      path: "secret"
 
+      version: "v2"
 
+      auth:
 
+        # ...
 
+```
 
+
 
 #### Read Your Writes
 
 
 Vault 1.10.0 and later encodes information in the token to detect the case 
@@ -339,4 +362,4 @@ Vault 1.10.0 and later [support a replication configuration](https://www.vaultpr
 
 
 In Vault 1.7 forwarding can be achieved by setting the `X-Vault-Inconsistent`
 
 header to `forward-active-node`. By default, this behavior is disabled and must
 
-be explicitly enabled in the server's [replication configuration](https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header).
 
+be explicitly enabled in the server's [replication configuration](https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header).