Kubernetes Secrets

Secure Kubernetes clusters with the power of Vault and dynamic secrets.

Challenge

Managing secrets within a Kubernetes deployment can be tricky

Running Vault with Kubernetes can be done differently based on the environments and needs, whether you are running Vault side-by-side or within Kubernetes. The goal is to provide a variety of options around how to leverage Vault with Kubernetes.

Solution

Leverage Vault to securely inject secrets into your application stack

Learn more

Instead of sharing credentials and tokens across pods and services, Vault allows each service to uniquely authenticate and request their own unique credentials. Vault set out to provide a variety of options around how to leverage Vault and Kubernetes to securely introduce secrets into applications and infrastructure. Vault supports the following Kubernetes integrations:

Vault Secrets Operator for Kubernetes - Provides a more native method to retrieve and sync Kubernetes Secrets that include post-rotation updates.

vault-k8s - Provides access to Vault secrets by deploying a vault-agent sidecar into a Kubernetes Pod.

vault-csi-provider - Fetches secrets stored in Vault and uses the Secrets Store Container Storage Interface (CSI) driver interface to mount them into Kubernetes Pods.