Using Vault to replace k8s secrets and environment variables in Helm charts


I’ve been busy reading the vault documentation and i can see that the

  • sidecar injector is useful for making secrets available on a storage path
  • the new CSI secret store is able to make secrets available as environment variables

What is the solution for replacing kubernetes secrets in our application Helm charts?
Is everybody editing their application helm charts so that the secrets are pulled from the file location instead?

This would be a shame as these workarounds would need to be done every time we upgrade the application helm chart.

1 Like