Demo

How to Use AKS Pod Identity with Vault

Learn one method for providing Kubernetes pods authenticated access to secrets stored in HashiCorp Vault. This is a method that uses Azure Kubernetes Service (AKS).

When running a Kubernetes cluster, you may want to secure secrets outside the cluster. But how do you provide pods authenticated access to secrets stored in something like HashiCorp Vault?

Using AKS Pod Identity

One possible solution comes from the Azure Kubernetes Service, which has the ability to use Azure Active Directory to authenticate running pods.

What You'll Learn

In this talk, you will see how Vault can use Azure Active Directory authentication to allow pods running on AKS to access secrets stored in Vault. First, Ned Bellavance will walk through the setup of AKS with Pod Identity. Then he will deploy a Vault cluster and enable Azure authentication. Finally, he will deploy an application on the AKS cluster and retrieve a secret from the Vault cluster. By the end of the talk, you'll be ready to go out and implement this solution in your environment.

See a demo showing how Vault can use Azure Active Directory authentication to allow pods running on AKS to access secrets stored in Vault.

GitHub Repo

You can find the example used in this talk in this GitHub repo

Slides

More resources like this one

  • 2/3/2023
  • Case Study

Automating Multi-Cloud, Multi-Region Vault for Teams and Landing Zones

zero-trust
  • 12/13/2022
  • White Paper

A Field Guide to Zero Trust Security in the Public Sector

  • 12/5/2022
  • Case Study

Enabling infrastructure as code at LinkedIn

  • 11/30/2022
  • Case Study

How Weyerhaeuser automates secrets with Vault and Terraform