Injecting secrets via sidecar

Hi all,
In This article, it’s mentioned that:

…it will soon sport the option to inject Vault static and dynamic secrets into the pod file system via a sidecar.

Does anyone have any information on this, or suggestions on how it can be done?

Hi @IanMoroney!

There are a few ways to approach this.


Check out the Secrets Store CSI Driver for Vault. This is in alpha but the idea is that it uses a SecretProviderClass resource that allows you to configure and mount the Vault secret. Technically not a sidecar per se but it will make Vault + Kubernetes easier.

Current Option

You can use a combination of Vault and consul-template sidecars to inject the secrets into a volume. Check out this Learn guide on using Vault Agent + Consul Template. There is additional configuration for Vault’s Kubernetes Auth method before you can use it.

Hope this helps!