Hi everyone,
I never really had the opportunity to work with its two products (consul and vault) my mission is to deploy in production in a kubernetes aks a vault cluster with tls as well as a backend storage with consul all this using the official hashicorp helm chart I’ve been breaking my head for several days but nothing concrete I will be happy to have more understandable help.
Hi @HaiOuriel! I’m sorry this workflow is not more well documented.
Are you wanting to use Consul only as a backend store for Vault or are you wanting to use it for service mesh as well?
If you’re using it just as a backend store you could alternatively use Vault’s integrated raft storage (Vault with Integrated Storage Reference Architecture | Vault - HashiCorp Learn).
If you wanted to use Consul for other use cases as well in conjunction with Vault would you be able to elaborate a bit on the use cases so that we can have a better understanding of needs in the community?
Hi @kschoche and thank you for your answer.
currently all our secrets are saved in kubernetes or in azure blob storage.
my use case is very simple i want all my secrets (username password, tls key and certificate, sas storage acount etc …) to be managed with vault knowing that many of my services use these secrets, and must be accessible by developers for look at these secrets etc.
The most important thing is to set up a backup and restore system (preferably automatic or manual). many services are created via helm chart (is it therefore possible to inject these secrets into pods?)
So what’s the best way to use vault for me?
Hi, I’d suggest you use Vault with its built-in storage backend. Then you don’t need the extra complexity of Consul. Vault Installation to Google Kubernetes Engine via Helm | Vault - HashiCorp Learn should be a good guide to follow.