We have some uses cases such as ‘create a namespace, create a new vault, grant access to vault to such-and-such group’. We already have a way to create a namespace, after that it’d be nice to put a CRD into git which argocd applies, which would result in the creation of the vault and grant access to it.
So far I haven’t come across that sort of thing. I could start writing a controller but thought I’d ask, is there already a project doing that sort of thing? We’d like to use vault in a gitops style.
Imagining something like a resource called VaultStore, and in there it’d have an rbac section where I could put an ldap group. And the result would be the vault would be created, and if i decided to change the ldap group I could modify the resource, and a vault controller would see that and update things. If it were deleted then it would delete the vault.
I see https://kubevault.com/ which looks like it has something for managing policy, but at first glance it doesn’t look like Hashicorp.