Add write support for vaulktkv secrets

[MatteoVoges]

Proposed Changes

• Support writing vaultkv secrets with kapitan.

Examples

• ref-tag-pattern: ?{vaultkv:path/to/ref:mount_in_vault:path/in/vault:key||random:str}
• If some of the fields are not specified then following defaults get chosen:
  • e.g. tag ?{vaultkv:path/to/ref:::key||random:str} would create / lookup a secret with
    • mount=secret and
    • path/in/vault=path/to/ref

I could check that always the last entry is the key, so that the ::: isn't neccessary. (will be put in a future issue)

CLI

Use kapitan refs --write vaultkv:test/secret -f test/secret/file -- refs-path refs/path --vault-mount testmount --vault-path test/path -- vault-key testkey to write your secret stored in test/secret/file to kapitan ref engine.

Known issues

• Some of the appended functions do not work, e.g. |base64 (testing needed)
• mount can't be specified per ref tag (only in vault-params (inside whole target) or secret as default)
• Future Issue (not relevant for base functionality): Only one key per path is allowed and will be overwritten (versioned). We could fix that with checking if a key already exists and ask the user if he wants to continue. Alternatively we could just throw an error.

TODO

• Add documentation
• Refactor code (some parts are no longer needed)
• Add tests
• Add CLI (kapitan refs) support
• Fix current tests

[MatteoVoges]

Hey @ramaro and @ademariag ,
the base functionality is finished now. The other appended functions like |base64 or sha256 are compatible with it as well. I would mark the PR as ready for review, so that you can have a look at it.

As already written in the description, I will move some features into another issue for the future.

The errors are fixed now :)

[MatteoVoges]

replaced by #958