Vault - psu-libraries/scholarsphere GitHub Wiki

ScholarSphere uses hashicorp's vault tool to store sensitive information, on app startup, the deployment picks up values from the vault, and injects them into the containers environment.

Related: Vault client setup ( https://sites.psu.edu/dltdocs/?p=5380 )

Getting environments secrets

vault kv get secret/app/scholarsphere/prod 

Getting a field from a secret. this is useful for pipe lining

vault kv get -field=DATACITE_ENDPOINT secret/app/scholarsphere/prod

vault kv get -field=DATACITE_ENDPOINT secret/app/scholarsphere/prod | pbcopy 

Adding a new secret

vault kv patch secret/app/scholarsphere/prod FOO=bar

after adding a secret, you'll need to rollout any deployments that need it

kubectl rollout restart deployment/scholarsphere
kubectl rollout restart deployment/scholarsphere-sidekiq