I was considering using Vault via the Kubernetes auhtentication method. This way you create service accounts, and associate them with a vault role. Your app uses the JWT generated inside the container to authenticate against vault, and then you can fine grain the permissions for it using Vault policies. I was wondering if someone else is using this method and has some feedback about how secure/good it is :-)
Yes, we are currently starting using it either with vault-k8s or secrets-store-csi-driver.
I personally love the idea of secrets-store-csi-driver ; it brings an abstraction layer that will allow to use cloud providers' secret store (only Azure Key Vaults for now), or HashCorp's Vault or any implementation that will support this project.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I was considering using Vault via the Kubernetes auhtentication method. This way you create service accounts, and associate them with a vault role. Your app uses the JWT generated inside the container to authenticate against vault, and then you can fine grain the permissions for it using Vault policies. I was wondering if someone else is using this method and has some feedback about how secure/good it is :-)
Yes, we are currently starting using it either with vault-k8s or secrets-store-csi-driver.
I personally love the idea of secrets-store-csi-driver ; it brings an abstraction layer that will allow to use cloud providers' secret store (only Azure Key Vaults for now), or HashCorp's Vault or any implementation that will support this project.