Skip to content

Update vault secret csi guide for 4.20 validation #905

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
drangana3 wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Update vault secret csi guide for 4.20 validation #905

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
aa3e518
Update vault secret csi guide for 4.20 validation
drangana3 Apr 7, 2026
d1fc9c1
Update vault-csi image
drangana3 Apr 9, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 24 additions & 6 deletions content/misc/secrets-store-csi/hashicorp-vault.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,12 @@
date: '2021-08-18'
title: Installing the HashiCorp Vault Secret CSI Driver
aliases: ['/experts/security/secrets-store-csi/hashicorp-vault']
tags: ["ROSA", "ARO", "OSD", "Miscellaneous"]
tags: ["ROSA", "ARO", "OSD"]
authors:
- Connor Wooley
- Kevin Collins
- Deepika Ranganathan
validated_version: "4.20"
---

The HashiCorp Vault Secret CSI Driver allows you to access secrets stored in HashiCorp Vault as Kubernetes Volumes.
Expand Down Expand Up @@ -47,19 +50,31 @@ The HashiCorp Vault Secret CSI Driver allows you to access secrets stored in Has
1. Create a values file for Helm to use

```bash
cat << EOF > values.yaml
export SCRATCH_DIR=~/tmp/vault
mkdir -p $SCRATCH_DIR
cat << EOF > "${SCRATCH_DIR}/values.yaml"
global:
openshift: true

csi:
enabled: true
image:
repository: "docker.io/hashicorp/vault-csi-provider"
tag: "1.7.0"
agent:
image:
repository: "registry.connect.redhat.com/hashicorp/vault"
tag: "1.17.2-ubi"
daemonSet:
providersDir: /var/run/secrets-store-csi-providers

injector:
enabled: false

server:
image:
repository: "registry.connect.redhat.com/hashicorp/vault"
tag: "1.8.0-ubi"
tag: "1.17.2-ubi"
dev:
enabled: true
EOF
Expand All @@ -71,7 +86,7 @@ The HashiCorp Vault Secret CSI Driver allows you to access secrets stored in Has
helm install -n hashicorp-vault vault \
hashicorp/vault --values values.yaml
```

1. Patch the CSI daemonset

> Currently the CSI has a bug in its manifest which we need to patch
Expand Down Expand Up @@ -152,7 +167,7 @@ The HashiCorp Vault Secret CSI Driver allows you to access secrets stored in Has

```bash
cat <<EOF | oc apply -f -
apiVersion: secrets-store.csi.x-k8s.io/v1alpha1
apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
name: vault-database
Expand Down Expand Up @@ -202,7 +217,10 @@ The HashiCorp Vault Secret CSI Driver allows you to access secrets stored in Has
secretProviderClass: "vault-database"
EOF
```

1. Check if Pod is running
```bash
oc get pod webapp -n default
```
1. Check the Pod has the secret

```bash
Expand Down