Injecting secrets via sidecar

IanMoroney · November 18, 2019, 10:28am

Hi all,
In This article, it’s mentioned that:

…it will soon sport the option to inject Vault static and dynamic secrets into the pod file system via a sidecar.

Does anyone have any information on this, or suggestions on how it can be done?

joatmon08 · November 18, 2019, 3:33pm

There are a few ways to approach this.

Experimental

Check out the Secrets Store CSI Driver for Vault. This is in alpha but the idea is that it uses a SecretProviderClass resource that allows you to configure and mount the Vault secret. Technically not a sidecar per se but it will make Vault + Kubernetes easier.

Current Option

You can use a combination of Vault and consul-template sidecars to inject the secrets into a volume. Check out this Learn guide on using Vault Agent + Consul Template. There is additional configuration for Vault’s Kubernetes Auth method before you can use it.

Hope this helps!

Topic		Replies	Views
Write secrets from pod using agent-sidecar? Vault k8s , vault	2	297	July 1, 2022
Kubernetes Vault and Secrets Vault	7	755	February 24, 2020
Using vault injector Vault k8s	1	398	August 24, 2020
Agent Sidecar Injector reads secret with delay Vault k8s	1	753	February 26, 2022
Vault secret injection with Helm charts Vault k8s	0	512	October 15, 2020

Injecting secrets via sidecar

Experimental

Current Option

Related topics