multiple vaults via hierra file

[marcelmitto]

This is not a bug - just a feature request if possible :)
allow to specify multiple vaults via hierra yaml file.

[TraGicCode]

Hey @marcelmitto ,

Would you be able to describe in detail how you would expect this to work along with how you would expect this to look like in the hiera.yaml file?

[powercycleagain]

A small example from my side. Or Puppet server now search in 5 keyvaults but this gives a lot of underlying 404's. As a workarround it is possible to include the name of the keyvault in the search/secret name. But due to our company policy it is not possible to include the keyvault name in the secret name. It would therefore be ideal if the keyvault name is stripped during the search for the secret. Another nice solution is also welcome @TraGicCode .

---
lookup_options:
  corp1:
    lookup_key: azure_key_vault::lookup
    options:
      vault_name: 'CORP1'
      vault_api_version: '2016-10-01'
      metadata_api_version: '2018-04-02'
      key_replacement_token: '-'
      confine_to_keys:
        - '^corp1_.^user_unix_hash$'
  corp2:
    lookup_key: azure_key_vault::lookup
    options:
      vault_name: 'CORP2'
      vault_api_version: '2016-10-01'
      metadata_api_version: '2018-04-02'
      key_replacement_token: '-'
      confine_to_keys:
        - '^corp2_.^user_unix_hash$'

corp1_user1_unix_hash: "%{alias('azure_key_vault::lookup')}"
corp2_user1_unix_hash: "%{alias('azure_key_vault::lookup')}"

Keyvault secrets:
  corp1:
    user1_unix_hash (secret)
  corp2:
    user2_unix_hash (secret)

Search for the users without the keyvault name in the key name.