Closed mstrent closed 2 years ago
Support for Hashicorp Vault is something we explored in the past. However, given support for Vault will be added directly to our apps in later releases, we're not currently planning to add it to secret-agent
. In the meantime, I think you can run secret-agent
once to create the secrets, then follow their docs to store + mount secrets from your Vault into pods: https://www.hashicorp.com/products/vault/kubernetes
I'll just echo @jrcast comment that our direction is direct product integration with Vault. Vault integration for secret agent is something we'd like to do but it is not a top priority.
That being said, one of the reasons that we open sourced this project is to allow users to extend the functionality of secret agent. We would be supportive of a Vault contribution, and we would be happy to offer advice / guidance on the integration.
WSECU is a Forgerock customer working on an upgrade to 7.x on Kubernetes. We have in-house K8s experience and talent, and our requirement is to deploy to on-prem K8s clusters. Initial experimentation with ForgeOps is looking good, and we like the new Secret Agent paradigm in 7.1.
While we have access to Azure Key Vault, our preferred standard is Hashicorp Vault, which is a popular/standard choice in the Kubernetes secrets management space.
We would very much like to see Hashicorp Vault support in Secret Agent!