Bootstrapping vault-secrets-operator

Vault Secrets Operator is the only component of the Science Platform whose secret has to be manually created, so that it can create the secrets for all other applications. This will be done automatically by the install script.

When using the newer, recommended secrets management system, the secret created by the installer will look like this:

apiVersion: v1
kind: Secret
metadata:
  name: vault-credentials
  namespace: vault-secrets-operator
stringData:
  VAULT_ROLE_ID: <role-id>
  VAULT_SECRET_ID: <secret-id>
type: Opaque

This secret will normally be created by either the installer or phalanx vault create-read-approle.

Using a regular Vault token is still supported, in which case the secret will look like this:

apiVersion: v1
kind: Secret
metadata:
  name: vault-secrets-operator
  namespace: vault-secrets-operator
stringData:
  VAULT_TOKEN: <token>
type: Opaque

This secret will be created by the installer when given a VAULT_TOKEN parameter.

In either case, the Vault token or AppRole must have read access to the Vault path configured in environments/values-environment.yaml for your environment.