#vault (2020-09)
Discussions related to Hashicorp Vault
2020-09-07
![Ed avatar](https://secure.gravatar.com/avatar/932b83947fc16e692d35119372010adf.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0001-72.png)
Has anyone tried using vault-k8s? It seems like an interesting Kubernetes-native way to inject secrets into pods, and access via the file system
![Ed avatar](https://secure.gravatar.com/avatar/932b83947fc16e692d35119372010adf.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0001-72.png)
First-class support for Vault and Kubernetes. Contribute to hashicorp/vault-k8s development by creating an account on GitHub.
![Ed avatar](https://secure.gravatar.com/avatar/932b83947fc16e692d35119372010adf.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0001-72.png)
Good demo:
![Ed avatar](https://secure.gravatar.com/avatar/932b83947fc16e692d35119372010adf.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0001-72.png)
Watch this from-the-ground-up demo illustrating how to use HashiCorp Vault’s newest method for managing secrets in a Kubernetes environment.
![Ed avatar](https://secure.gravatar.com/avatar/932b83947fc16e692d35119372010adf.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0001-72.png)
The one thing that seems somewhat strange is the sidecar that injects secrets gets grouped in with the total number of running pods, which could be confusing - how many actual pods do I have running and how many are sidecars?
![Ed avatar](https://secure.gravatar.com/avatar/932b83947fc16e692d35119372010adf.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0001-72.png)
I’d be interested to hear if anybody has experience running vault-k8s in production?
2020-09-09
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Haven’t tried it yet, and while it’s an arguably more secure implementation using the sidecars, the kubernetes-external-secrets
manager appeals more to me since it’s just populating kubernetes secrets originating from vault.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Integrate external secret management systems with Kubernetes - godaddy/kubernetes-external-secrets
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
it gets pretty annoying when you have one sidecar for your mesh, one for your secrets management, one for your forensics (twistlock), one for your logging, etc…
2020-09-29
![Zachary Loeber avatar](https://avatars.slack-edge.com/2020-05-13/1115475485942_e68ae4d6556df390de70_72.jpg)
Gang, anyone here providing vault as a platform in a larger organization?
![Zachary Loeber avatar](https://avatars.slack-edge.com/2020-05-13/1115475485942_e68ae4d6556df390de70_72.jpg)
Firstly, they released some cool tf modules for deploying Vault (along with Consul and others) into AWS using their best practices (https://www.hashicorp.com/blog/announcing-new-hashicorp-terraform-modules-for-consul-nomad-and-vault). That’s pretty cool
![attachment image](https://www.datocms-assets.com/2885/1601065824-share-announcing-new-hashicorp-terraform-modules-for-consul-nomad-and-vault.png)
New starter modules are available for Nomad, Consul, and Vault in AWS.