search

TJM / vault-gcp-secrets

Create a Kubernetes secret with the service account key from a vault gcp roleset. This handles generic (Opaque) secrets or docker-registry (dockerconfigjson) secrets.
Apache License 2.0
4 stars 1 forks source link
gcp kubernetes secrets vault

readme

Vault GCP Secrets

Use vault agent to keep a vault_gcp_secrets_roleset service account key updated as a Kubernetes secret, either for docker-registry or generic (Opaque). This can be used for various other pods needing access to Google Services without having a vault agent for each one. It can also be used as imagePullSecrets (for docker type) to retrieve images from a private GCR repository.

NOTE: We are using this code in the production environment. You may use it at your own risk.

See helm chart readme: charts/vault-gcp-secrets/README.md

Prerequisites

Installation

NOTE: You will most likely need to set some values, like authentication method, path, etc.

This chart was roughly based on the vault-secrets-operator, which at the time was unable to support GCP secrets engine.