I am just few miles away to bring HashiCorp Vault into my organization but the question I need to answer was,
How can HashiCorp Vault do more better way than sealed secrets in Kubernetes?
Unfortunately, I have no idea how sealed secrets really work but got some understanding from the article here,
Bitnami Engineering: Sealed Secrets: Protecting your passwords before they reach Kubernetes.
Note: I made a presentation to my team touching the main areas of vault with the demo sessions.
Please show few pointers.
These tutorials for integrating Vault with Kube might help:
in short: sealed secrets are stored in repos, thus sprawled, danger of exposure by accidentally committing to the repo before applying sealed-secrets.
Vault: secrets are centralised, identity based authentication, audited on checkout, using dynamic secrets ensure secrets are short-lived, no secrets live in repos.