K3S-HOME/security
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FIX(postgresql): vault PostgreSQL connection

Browse Source 
- using environment variable
- Removed hardcoded connection_url from config
- Use VAULT_PG_CONNECTION_URL environment variable instead
- Connection URL stored securely in vault-pg-connection Secret
- Fixes environment variable substitution issue in HCL config
This commit is contained in:
Mayne0213
2025-12-28 00:05:29 +09:00
parent c8f945034e
commit 8e98ea181c
1 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
vault/helm-values/vault.yaml
View File

@@ -25,7 +25,6 @@ server:
} }
storage "postgresql" { storage "postgresql" {
connection_url = "postgres://vault:${VAULT_POSTGRES_PASSWORD}@postgresql-cnpg-rw.postgresql-cnpg.svc.cluster.local:5432/vault?sslmode=disable"
} }
# Optional: Enable Prometheus metrics # Optional: Enable Prometheus metrics
@@ -36,9 +35,9 @@ server:
# Environment variables from secrets # Environment variables from secrets
extraSecretEnvironmentVars: extraSecretEnvironmentVars:
- envName: VAULT_POSTGRES_PASSWORD - envName: VAULT_PG_CONNECTION_URL
secretName: vault-postgres-password secretName: vault-pg-connection
secretKey: password secretKey: connection_url
# 리소스 제한 # 리소스 제한
resources: resources: