Effective Secrets with Vault and Kubernetes

Effective Secrets with Vault and Kubernetes

  • May 2, 2019
Table of Contents

Effective Secrets with Vault and Kubernetes

Kubernetes is the de facto standard for container orchestration and Vault by HashiCorp is the de facto standard for secrets management. Now the question is: how do you combine those technologies so that you can use secrets from your central Vault instance in your Kubernetes applications? One solution would be to use the AppRole auth method.

Boostport provides a nice integration of AppRoles in Kubernetes. Another possibility is to use the Kubernetes auth method. This auth method establishes a trust relationship between Vault and your Kubernetes cluster so that you can use a service account to authenticate to Vault.

You can further use the Vault agent with Kubernetes to get and renew authentication tokens. In this walk-through article, I’m going to show how you can achieve the same thing with some Go helper tools that authenticate and renew tokens and even go a step further—synchronize a predefined subset of secrets from Vault to Kubernetes.

Source: itnext.io

Tags :
Share :
comments powered by Disqus

Related Posts

Vault 1.1

Vault 1.1

The release also includes additional new features, secure workflow enhancements, general improvements, and bug fixes. The Vault 1.1 changelog provides a full list of features, enhancements, and bug fixes. Vault agent now supports client-side caching of leased secrets.

Read More
Vault Learning Resources: 1.0, Auto-unseal, Agent, Kubernetes

Vault Learning Resources: 1.0, Auto-unseal, Agent, Kubernetes

Learn from hands-on labs to build proficiency with Vault 1.0, auto-unseal, Kubernetes, and other secrets management features.

Read More