Configure Vault for Redis Database Credentials

Check if redis-crt is present in vault namespace

kubectl get secrets -n vault

If it’s not present, run the following command to copy it from ef-external namespace

kubectl get secret redis-crt -n ef-external  -o yaml | sed 's/namespace: ef-external/namespace: vault/' | kubectl create -f -

Exec into the vault pod

kubectl -n vault exec -it vault-0 -- sh

Enable kv engine

vault secrets enable -path=kv kv-v2

Store Redis Credentials

vault kv put kv/redis \
    redis.username=superuser \
    redis.password=Expertflow464

Verify

vault kv get kv/redis

Write policy for the role

vault policy write ef-policy - <<EOF
path "/transit/export/*" {
  capabilities = ["read"]
}
path "database/creds/*" {
 capabilities = ["read"]
}
path "kv/data/activemq/broker" {
  capabilities = ["read"]
}
path "kv/data/redis" {
  capabilities = ["read"]
}
EOF

Attach policy to the role

vault write auth/approle/role/expertflow policies="ef-policy"

Exit pod

exit