Add the folder path to the vault helm values

[marctuerke]

WHAT

The folder path for the vault should be added to the vault configuration. The folder path specifies the folder structure after the VAULT_SECRET_DATA_PATH.

In the EDC Dataspace Connector the folder path is added to the the secret URL, when it is not null.

if (folderPath != null) {
    builder.addPathSegments(PathUtil.trimLeadingOrEndingSlash(folderPath));
}

For example with the following specs:

• secretPath: v1/secret
• entryType/VAULT_SECRET_DATA_PATH: data
• folderPath: department-1
• key: token

the secret url should be v1/secret/data/department-1/token.

WHY

Currently, it is not possible to specify the folder path, so all edc secrets must be stored directly in the data path.

I want to specify access policies for specific vault paths and this is not possible with the current configuration. A workaround would be to add a second data path after the mandatory data path and my preferred folder structure, but this is not a good practice.

Example:

I have a sales department, which should only be able to read and update its own secrets. The secrets are stored under the path secret/data/sales, but with the current EDC configuration it is not possible to use this folder structure.

HOW

The folder path is already implemented in the Eclipse EDC with the settings key edc.vault.hashicorp.folder. It needs only to be added to the helm chart for example as the value vault.hashicorp.paths.folder and to the environment variables of the deployments of the control plane and the data plane.