We are excited to announce the HashiCorp Vault Helm chart has been updated with RedHat OpenShift 4.X support. We have extended the existing Helm chart to support installing and running Vault Enterprise on OpenShift. Using the Helm chart, you will be able to use annotations to inject secrets, via sidecar injection, into applications with no native HashiCorp Vault logic built-in to leverage static and dynamic secrets sourced from Vault.
The recommended OpenShift installation method is through the latest Vault Helm chart. We will cover the high level details here, but for more information on running Vault on OpenShift, please see our detailed documentation, and a hands on Learn Guide.
To use the Helm chart, add the Hashicorp helm repository and check that you have access to the chart:
$ helm repo add hashicorp https://helm.releases.hashicorp.com "hashicorp" has been added to your repositories $ helm search repo hashicorp/vault NAME CHART VERSION APP VERSION DESCRIPTION hashicorp/vault 0.6.0 1.4.2 Official HashiCorp Vault Chart
helm install to install the latest release of the Vault Helm chart. The helm install command accepts parameters to override default configuration values inline or defined in a file. For all OpenShift deployments,
global.openshift should be set to true.
$ helm install vault hashicorp/vault \ --set "global.openshift=true" \ --set "server.dev.enabled=true"
Or, you can use a YAML file to override specific parts of the configuration, such as in the following example:
$ cat override-values.yml global: openshift: true server: ha: enabled: true replicas: 5
helm install again referencing your override file.
$ helm install vault hashicorp/vault \ --values override-values.yml
The Helm chart supports running on OpenShift in Dev mode, Highly Available Raft Mode, and External mode. In External mode, no Vault server exists on your OpenShift cluster, and your applications rely on a network addressable Vault server to exist (secret injection only use-case).
We have made significant progress in supporting Kubernetes this past year. If you are just getting started with Vault and OpenShift, we wanted to give a quick summary of existing resources to help you get started quickly.
To see a video demo of Vault secrets being injected into Kubernetes pods using init and sidecar containers please watch the video below.
With each release of HashiCorp Vault we are continuing to add new features and make improvements. We’re not done yet.
Also, if you enjoy playing around with this type of stuff, maybe you’d be interested in working at HashiCorp too since we’re hiring!
Learn about a Vault SlackBot made by DigitalOnUs.
When multiple teams use Consul, it becomes difficult to correlate manually managed policies with the identity accessing it. In this blog, we'll show you an automated method to ensure least-privilege access to Consul using Terraform and Vault.
We are happy to announce that we have an officially supported HashiCorp Vault GitHub Action. GitHub Actions allow you to easily automate your CI/CD developer workflows to run actions against repositories based on triggers within GitHub. The Vault GitHub Action allows you to take advantage of secrets sourced from your HashiCorp Vault infrastructure for things like static and dynamic secrets and inject these secrets into your GitHub workflows.