docs/doc/source/security/kubernetes/security-vault-overview.rst
2023-04-19 20:31:06 +00:00

1.8 KiB

Vault Overview

integrates open source Vault containerized security application (Optional) into the solution, that requires as a storage backend to be enabled.

Vault is a containerized secrets management application that provides encrypted storage with policy-based access control and supports multiple secrets storage engines and auth methods.

includes a Vault-manager container to handle initialization of the Vault servers. Vault-manager also provides the ability to automatically unseal Vault servers in deployments where an external autounseal method cannot be used. For more information, see, https://www.vaultproject.io/.

There are two methods for using Vault secrets with hosted applications:

  • The first method is to have the application be Vault Aware and retrieve secrets using the Vault REST API. This method is used to allow an application to write secrets to Vault, provided the applicable policy gives write permission at the specified Vault path.

For more information, see : Vault Aware <vault-aware>.

  • The second method is to have the application be Vault Unaware and use the Vault Agent Injector to make secrets available on the container filesystem.

For more information, see, : Vault Unaware <vault-unaware>.