I have an app which consist several services working and communicating together (they all run on k8s as pods). At the begin of deployment one of the services (let’s call it Creator …) creates several highly sensitive files (certs/keys) which are stored in jks files on k8s/pvc and then the pvc is being shared with the other services as they require some of those files to function properly. Of course this is far from ideal solution as I cannot split them across namespaces let alone k8s clusters. So my idea was to use Vault to store those jks files and share them with other services without pvc being used and that means it will be decoupled from underlying infrastructure.
I guess after generating those jks files I would need to “upload” them to the Vault and in init containers of the other services I would need to download them.
But … is it possible (and make sense) ?
Any hint if that makes sense ?