The New Sidecar Method for Injecting Vault Secrets Into Kubernetes

Learn how to use Vault's newest method for managing secrets in a Kubernetes environment.


  • Dan McTeer
    Dan McTeerTechnical Specialist, HashiCorp


Hi. I'm Dan McTeer, I'm a Technology Specialist for HashiCorp. Today, I wanted to talk to you about a new integration we've built that allows you to use Vault as a sidecar inside of Kubernetes.

The way the new sidecar feature works is inside of your spec file you add an annotation that basically connects you to the Vault sidecar to give you access to your secrets. You do this by associating it with your app inside of those annotations. Then you define where those secrets are going to be placed on the file system.

Once the Pod is initialized, your application containers can then access the secrets via that file system—either via a net container or an ongoing sidecar container where the secrets get refreshed automatically every so often.

The main benefit here is that you don't necessarily need to make your applications Vault-aware. They're essentially pulling the secrets from a place locally and don't need to be concerned about how to deal with the Vault API.

For more information on this feature, please visit our blog or view the demonstration after this video.

More resources like this one

Vault identity diagram
  • 12/28/2023
  • FAQ

Why should we use identity-based or "identity-first" security as we adopt cloud infrastructure?

  • 3/14/2023
  • Article

5 best practices for secrets management

  • 2/3/2023
  • Case Study

Automating Multi-Cloud, Multi-Region Vault for Teams and Landing Zones

  • 1/20/2023
  • Case Study

Adopting GitOps and the Cloud in a Regulated Industry