Vaults secrets injected by vault sidecar container inside the pod are visible to kubernetes cluster users/admin

stuart-c · October 14, 2021, 11:14am

Environment variables are no better. Someone with permissions (e.g. a cluster admin) could easily exec into a pod and view all environment variables and their contents. If anything files are better than env vars.

Topic		Replies	Views
Injecting secrets into k8s pod, but preventing cluster-admin to access those Vault k8s , vault	4	478	May 26, 2024
Security of secrets in container environments Vault	3	187	December 14, 2022
Authenitcation Security Model with Vault and Vault-Agent Vault k8s	2	509	December 11, 2019
Kubernetes Vault and Secrets Vault	7	780	February 24, 2020
Injecting secrets into a pod remotely Vault k8s	2	426	July 25, 2020

Vaults secrets injected by vault sidecar container inside the pod are visible to kubernetes cluster users/admin

Related topics