5 HashiCorp Vault and Kubernetes

 

This chapter covers

  • Enabling HashiCorp Vault for use by end user applications deployed to Kubernetes
  • Integrating Kubernetes authentication to simplify access to Vault resources
  • Accessing secrets stored in HashiCorp Vault by applications deployed to Kubernetes

Chapter 4 introduced HashiCorp Vault as a KMS that could be used to provide encryption for secrets and other resources stored in etcd—the key/value datastore for Kubernetes—so these values could not be readily accessed because they were stored at rest.

This chapter focuses on the importance of using a secrets management tool, like HashiCorp Vault, to securely store and manage sensitive assets for applications deployed to Kubernetes as well as demonstrating how both applications and Vault can be configured to provide seamless integration with one another. By using a tool like Vault, application teams can offload some of the responsibilities involved in managing sensitive resources to a purpose-built tool, while still being able to integrate with their applications.

5.1 Managing application secrets using HashiCorp Vault

 
 
 
 

5.1.1 Deploying Vault to Kubernetes

 
 
 

5.1.2 Deploying an application to access Vault

 
 

5.2 Kubernetes auth method

 
 

5.2.1 Configuring Kubernetes auth

 
 

5.2.2 Testing and validating Kubernetes auth

 
 
 

5.3 The Vault Agent Injector

 

5.3.1 Configurations to support Kubernetes Vault Agent injection

 

Summary

 
 
sitemap

Unable to load book!

The book could not be loaded.

(try again in a couple of minutes)

manning.com homepage
test yourself with a liveTest