Hashicorp VAULT with Kubernetes
2020, Sep 23
If you use Kubernetes and you have multiple pods running it becomes complicated when you must update your credentials (like the credentials of your database). You can use Kubernetes secrets but still the credentials are only encoded in base64 and not encrypted.
The right way is to use a VAULT. The main advantages are :
- Encrypted credentials
- You can rotate secrets with short TTL
- You can access secrets across namespaces (or outside your k2s cluster)
- Vault can use LDAP, OAUTH, IAM, etc as identity provider
Here is a example of running a Hashicorp Vault with Kubernetes : Github Vault Example