Skip to content

Overview

Properly securing application secrets is one of the most neglected methods in the industry today. HashiCorp's Vault is a very popular Secrets Manager solution that can be used to secure, store and tightly control access to tokens, passwords, certificates, encryption keys.

This recipe is geared towards users that would like to deploy a Vault server in Kubernetes for testing purposes. Please follow HashiCorp's best practices to deploy and operate Vault Server for production.

What Will You Do

In this exercise, you will enable and configure the secrets store CSI driver to create a volume that contains a secret that you will mount to an application pod.

The Secrets Store CSI Driver allows Kubernetes to mount multiple secrets, keys, and certs stored in enterprise-grade external secrets stores into their pods as a volume. Once the Volume is attached, the data in it is mounted into the container’s file system.

Important

This recipe describes the steps to create and use a Vault workload using the Web Console. The entire workflow can also be fully automated and embedded into an automation pipeline.

Assumptions

  • You have already provisioned or imported a Kubernetes cluster using the controller