This chapter covers
- Enabling HashiCorp Vault for use by end user applications deployed to Kubernetes
- Integrating Kubernetes authentication to simplify access to Vault resources
- Exploring approaches for accessing secrets stored in HashiCorp Vault by applications deployed to Kubernetes
Chapter 4 introduced HashiCorp Vault as a KMS that could be used to provide encryption for secrets and other resources stored in etcd, the key/value datastore for Kubernetes, so that these values could not be readily accessed as they are stored at rest.
This chapter focuses on the importance of using a secrets management tool, like HashiCorp Vault, to securely store and manage sensitive assets for applications deployed to Kubernetes as well as demonstrating how both applications and Vault can be configured to provide seamless integration with one another. By using a tool like Vault, application teams can offload some of the responsibilities involved when managing sensitive resources to a purpose built tool, while still being able to integrate with their applications.