I am working on a blockchain project, we are using the OSS framework Fabric combined with Vault PKI engine.
Configuring an Hyperledger Fabric network requires a certain number of certificates, keys and configuration files.
Once we’ve enabled our certificate authorities and issued all the material we need, we are storing this material in the KV secret engine.
When deploying our solution into k8s, we are using the agent injector to retrieve that suff from our Vault cluster.
Everything works like a charm (as usual with Hashicorp products ).
However, I can see some warning in the vault agent init container about a potential DDoS due to the amount of secrets that we are fetching.
I do understand the intent of this warning, and we have setup the agent injector to only pre-populate those secrets meaning there is no sidecar container running and keeping them in sync.
Instead of recovering our secrets in one go, we tried to split the process as much as possible. Unfortunately we still have this warning and thus, I wonder if the approach is the right one.
My question is the following: What is your recommendation if we have to retrieve a certain amount of secrets (100+) using the vault agent injector ?