Learn how to use Vault's newest method for managing secrets in a Kubernetes environment.
The way the new sidecar feature works is inside of your spec file you add an annotation that basically connects you to the Vault sidecar to give you access to your secrets. You do this by associating it with your app inside of those annotations. Then you define where those secrets are going to be placed on the file system.
Once the Pod is initialized, your application containers can then access the secrets via that file system—either via a net container or an ongoing sidecar container where the secrets get refreshed automatically every so often.
The main benefit here is that you don't necessarily need to make your applications Vault-aware. They're essentially pulling the secrets from a place locally and don't need to be concerned about how to deal with the Vault API.
For more information on this feature, please visit our blog or view the demonstration after this video.
Why You Need a Faster Secrets Rotation Strategy
Nomad, Consul & Vault at the Edge in eFishery
Managing Secrets the Kubernetes-Native Way with HashiCorp Vault and Trousseau
Intelligence Community Guide Article Series