#vault (2020-09)

vault Discussions related to Hashicorp Vault

2020-09-09

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Haven’t tried it yet, and while it’s an arguably more secure implementation using the sidecars, the kubernetes-external-secrets manager appeals more to me since it’s just populating kubernetes secrets originating from vault.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
godaddy/kubernetes-external-secrets

Integrate external secret management systems with Kubernetes - godaddy/kubernetes-external-secrets

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

it gets pretty annoying when you have one sidecar for your mesh, one for your secrets management, one for your forensics (twistlock), one for your logging, etc…

2020-09-07

Ed avatar

Has anyone tried using vault-k8s? It seems like an interesting Kubernetes-native way to inject secrets into pods, and access via the file system

Ed avatar
hashicorp/vault-k8s

First-class support for Vault and Kubernetes. Contribute to hashicorp/vault-k8s development by creating an account on GitHub.

Ed avatar

Good demo:

Ed avatar
Injecting Vault Secrets Into Kubernetes Pods via a Sidecar

Watch this from-the-ground-up demo illustrating how to use HashiCorp Vault’s newest method for managing secrets in a Kubernetes environment.

Ed avatar

The one thing that seems somewhat strange is the sidecar that injects secrets gets grouped in with the total number of running pods, which could be confusing - how many actual pods do I have running and how many are sidecars?

Ed avatar

I’d be interested to hear if anybody has experience running vault-k8s in production?

    keyboard_arrow_up