Demo

Integrating HashiCorp Vault and K8s Apps - No Code Changes Needed

Published 8:00 AM UTC Mar 05, 2019

HUG community member, Andrey Devyatkin gives a talk on method for integrating HashiCorp Vault and Kubernetes apps that requires *zero* code changes.

HashiCorp Vault helps shift the way you work with secrets from a static to a dynamic paradigm. The lifecycle of the secret in those two paradigms is different, which brings some new challenges:

  • How do you authenticate apps in Vault?
  • How do you get an initial token?
  • How do you read secrets from Vault?
  • How do you keep tokens and secrets renewed?
  • How and when do you revoke tokens and secrets?

That seems to be very different from typical a 12-factor apps setup when an app would simply read configuration and secrets from environment variables, isn't it? Should you write a library to encapsulate this logic? Or is there an SDK available? There is a way to address all questions above with little to no code changes at all!

I'm going to demo it and then go into the nitty-gritty details of its implementation so you can repeat the same steps at home or work.

This talk was part of the first HashiTalks online event - A 24-hour continuous series of presentations from the HashiCorp User Group (HUG) community and from HashiCorp engineers as well. The event took place from February 21-22, 2019.

Check out your local chapter or start a new one here.

More resources like this one

  • 4/11/2024
  • FAQ

Introduction to HashiCorp Vault

Vault identity diagram
  • 12/28/2023
  • FAQ

Why should we use identity-based or "identity-first" security as we adopt cloud infrastructure?

  • 3/14/2023
  • Article

5 best practices for secrets management

  • 2/3/2023
  • Case Study

Automating Multi-Cloud, Multi-Region Vault for Teams and Landing Zones

View all resources