Kubernetes is growing day by day - and even though it has generally a good focus on security, it's default credential management with secrets can not be called safe nor easy.
Hashicorps Vault supports Kubernetes and improves the "safety" part - but the management gets even more difficult. Fortunately Kubernetes has webhooks, and with the correct set-up, which you can get from an open-source project of banzaicloud, you can make the vault configuration nearly disappear.
We will see how you can get it up and running, what's going on behind the curtains and why the vault is a really safe alternative to secrets.
|