Use case

Kubernetes Secrets

Secure Kubernetes clusters with the power of Vault and dynamic secrets.

Challenge

Managing secrets within a Kubernetes deployment can be tricky

Running Vault with Kubernetes can be done differently based on the environments and needs, whether you are running Vault side-by-side or within Kubernetes. The goal is to provide a variety of options around how to leverage Vault with Kubernetes.

Solution

Leverage Vault to securely inject secrets into your application stack

Instead of sharing credentials and tokens across pods and services, Vault allows each service to uniquely authenticate and request their own unique credentials. Vault set out to provide a variety of options around how to leverage Vault and Kubernetes to securely introduce secrets into applications and infrastructure. Vault supports the following Kubernetes integrations: 

Vault Secrets Operator for Kubernetes - Provides a more native method to retrieve and sync Kubernetes Secrets that include post-rotation updates.

vault-k8s - Provides access to Vault secrets by deploying a vault-agent sidecar into a Kubernetes Pod.

vault-csi-provider - Fetches secrets stored in Vault and uses the Secrets Store Container Storage Interface (CSI) driver interface to mount them into Kubernetes Pods.

On account of cloud security
On account of cloud security
Customer case study

On account of cloud security

How a leading financial institution uses HashiCorp Vault to automate secrets management and deliver huge gains for its growing product portfolio.

  • $446+

    billion in managed assets

  • 25

    new platforms implemented

  • 2,600+

    business applications

Get started with HCP Vault and secrets injection into Kubernetes

We’ve built a step-by-step guide on integrating HCP Vault and your Kubernetes cluster.

Vault with Kubernetes Sidecar Injection

This demo explores a new Kubernetes integration that allows applications with no native HashiCorp Vault logic built in to leverage static and dynamic secrets sourced from Vault.