Open OlegGorj opened 2 years ago
@OlegGorj please take a look at https://secrets-store-csi-driver.sigs.k8s.io/ I believe it solves your exact problem.
I would also like to see this with support for Vault, having spent the last day or so trying to get this working in a POC with the Vault CSI driver.
Here's what I want to do:
I tried the following:
Problem:
Community Note
Description
At this time, the only possibility to manage secrets as via K8s secrets and referenced in CRD. We're looking to expand the secrets management capabilities to include reading secrets from Azure KeyVaults.
Potential Terraform Configuration
The proposed change could take a form as part of CRD manifest as the following:
Variable behaviour goes as: 1) if
value
not specified as part of the block - usual route: read secret's value from k8s secret 2) ifvalue
specified as part of the block (i.e.value: azurekeyvault@my-secret
) parse it and pull the secret from specified secrets back-end, in this caseazurekeyvault
. This could be expanded further to support multiple back-ends such as AWS KMS, HC Vault, etc.References
n/a