From b0fe425e1eb21837d24ec7d3e3226f7110ee0297 Mon Sep 17 00:00:00 2001 From: Jeffrey 'jf' Lim Date: Mon, 2 Sep 2024 12:48:35 +0800 Subject: [PATCH] vault-exec-agent: filter out vault-exec-agent's VAULT_* env vars before exec-ing --- vault-exec-agent/vault-exec-agent.clj | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/vault-exec-agent/vault-exec-agent.clj b/vault-exec-agent/vault-exec-agent.clj index c8ccf6b..9099f8a 100755 --- a/vault-exec-agent/vault-exec-agent.clj +++ b/vault-exec-agent/vault-exec-agent.clj @@ -77,9 +77,16 @@ {} merged-secret-values)) +(def filtered-secret-values + (-> merged-secret-values + (dissoc "VAULT_ADDR" + "VAULT_KV_MOUNT_PATH" + "VAULT_KV_PATH" + "VAULT_TOKEN"))) + ;; exec program with args with supplied; otherwise the practical result is to simply fileify out the *_FILE env vars (if *command-line-args* - (apply exec {:extra-env fileified-secret-values} *command-line-args*) + (apply exec {:extra-env filtered-secret-values} *command-line-args*) "") (comment