Auto unseal with Azure Key Vault for Kubernetes/Helm

hashicorp / vault

A tool for secrets management, encryption as a service, and privileged access management

https://www.vaultproject.io/

Other

30.98k stars 4.19k forks source link

Auto unseal with Azure Key Vault for Kubernetes/Helm #9870

Open erez-work opened 4 years ago

erez-work commented 4 years ago

Is your feature request related to a problem? Please describe. I want the vault to be auto unsealed when a Kubernetes pod running the vault restarts.

Describe the solution you'd like Best solution would be helm chart values, similar to Google KMS or Amazon EKS as described here: https://www.vaultproject.io/docs/platform/k8s/helm/run#google-kms-auto-unseal

ghost commented 9 months ago

This is already available. You need the following config for the helm chart:

server:
  extraEnvironmentVars:
    AZURE_TENANT_ID: xxx
    VAULT_AZUREKEYVAULT_VAULT_NAME: xxx
    VAULT_AZUREKEYVAULT_KEY_NAME: unseal-key
    VAULT_SEAL_TYPE: azurekeyvault
  extraSecretEnvironmentVars:
    - envName: AZURE_CLIENT_ID
      secretName: my-secret
      secretKey: AZURE_CLIENT_ID
    - envName: AZURE_CLIENT_SECRET
      secretName: my-secret
      secretKey: AZURE_CLIENT_SECRET