The Vault Secrets Operator creates a Kubernetes secret from a Vault. The idea behind the Vault Secrets Operator is to manage secrets in Kubernetes using a secure GitOps based workflow. The Vault Secrets Operator reads a Vault secret from the defined path in a CR and creates a Kubernetes secret from it.
- The Operator uses Token Auth Method for the authentication against Vault
- The Operator supports the KV Secrets Engine - Version 1
- To create a Kubernetes secret from Vault you can use a CR like the following:
apiVersion: ricoberger.de/v1alpha1
kind: VaultSecret
metadata:
# Name of the CR and the name of the Kubernetes secret to create
name: example-vaultsecret
spec:
# Optional: A list of keys which should be included in the Kubernetes Secret. If omitted the Kubernetes Secret will contain all keys from the Vault secret
keys:
- foo
# Path of the Vault secret
path: secrets/example-vaultsecret
# Type of the Kubernetes secret to create
type: Opaque- Automatic build of a new Docker image and Helm chart on releases