we wonder how to strengthen security in kubernetes environments. we Inject Secrets into kubernetes pods via vault agent containers. as you know the secrets are written by the vault agent to the file created under the vault/secrets/ directory. But we don’t want these secrets to be kept in this file because of security concerns. Can you help or guide What solutions can we apply to this problem? How can we fix this vulnerability?
Thanks & Regards
When you say you “don’t want these secrets to be kept in this file” what are you meaning? How are you hoping for secrets to be passed to your application?
sorry i wrote wrong. I don’t want these secrets to be kept in this file clearly. kubernetes admins or anyone with access to this directory can see this secret.
That can be controlled via access permissions.
But yes, generally, if someone can access the pod they would be able to access secrets (from files, env vars or memory) and potentially compromise apps (e.g. by making config changes).