Can we use Azure secret in IFS installation scripts

​@NuwanK Do you mean that during the IFS installation, it is possible to reference passwords stored in the Azure Key Vault?

Yes. rather than hard coding in the yaml file. 

​@NuwanK So far, such an option is not available for remote deployment. However, cloud deployment via an AKS Cluster should have this possibility.

The way to use a Vault for secrets is to write a wrapper script to the installer that passes all sensitive parameters individually to the installer.

This is a wrapper script from a PoC i made with a local Hashicorp Vault.

 

my_installer_wrapper.cmd
-----------------------
 

set VAULT_ADDR = "http://127.0.0.1:8200"

set VAULT_TOKEN = "s.2wKMpndo5MH2b9Qomma56qV2"

.\installer.cmd --values .\ifscloud-values.yaml `

--values .\solutionset.yaml `

--set action=mtinstaller `

--set ifscore.secrets.jdbcUrl.data=$(c:\temp\H-vault\vault kv get -field=ifs-jdbc-url ifscloud/values) `

--set ifscore.passwords.ifssysPassword.data=$(c:\temp\H-vault\vault kv get -field=ifssys-password ifscloud/values)

​@hhanse Great, thanks for sharing this info.

​@hhanse Thank you , I will try this.