Gang, anyone here providing vault as a platform in a larger organization?
Firstly, they released some cool tf modules for deploying Vault (along with Consul and others) into AWS using their best practices (https://www.hashicorp.com/blog/announcing-new-hashicorp-terraform-modules-for-consul-nomad-and-vault). That’s pretty cool
New starter modules are available for Nomad, Consul, and Vault in AWS.
Haven’t tried it yet, and while it’s an arguably more secure implementation using the sidecars, the
kubernetes-external-secrets manager appeals more to me since it’s just populating kubernetes secrets originating from vault.
Integrate external secret management systems with Kubernetes - godaddy/kubernetes-external-secrets
it gets pretty annoying when you have one sidecar for your mesh, one for your secrets management, one for your forensics (twistlock), one for your logging, etc…
Has anyone tried using vault-k8s? It seems like an interesting Kubernetes-native way to inject secrets into pods, and access via the file system
Watch this from-the-ground-up demo illustrating how to use HashiCorp Vault’s newest method for managing secrets in a Kubernetes environment.
The one thing that seems somewhat strange is the sidecar that injects secrets gets grouped in with the total number of running pods, which could be confusing - how many actual pods do I have running and how many are sidecars?
I’d be interested to hear if anybody has experience running vault-k8s in production?