Why does vault-configurer use root token? #152

Closed Answered by Ais8Ooz8

Ais8Ooz8 asked this question in Q&A

Ais8Ooz8
Aug 6, 2023

If you try to revoke your root token and remove it from vault-unseal-keys, the following errors appear:

"error configuring vault: unable to get key vault-root: key vault-root is not present in secret: vault-unseal-keys"

Answered by Ais8Ooz8

There is an option storeRootToken to disable root token storage

https://github.com/bank-vaults/vault-operator/blob/main/pkg/apis/vault/v1alpha1/vault_types.go

https://github.com/bank-vaults/vault-operator/blob/main/deploy/examples/cr-disabled-root-token-storage.yaml

View full answer

Replies: 2 comments

johnny990
Sep 25, 2023

it uses root token to configure vault. I have similar security concerns about it, but didn't find proper solution

0 replies

Ais8Ooz8
Sep 30, 2023
Author

There is an option storeRootToken to disable root token storage

https://github.com/bank-vaults/vault-operator/blob/main/pkg/apis/vault/v1alpha1/vault_types.go

https://github.com/bank-vaults/vault-operator/blob/main/deploy/examples/cr-disabled-root-token-storage.yaml

0 replies

Answer selected by csatib02

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment