Azure Key Vault to Kubernetes
Azure Key Vault to Kubernetes (akv2k8s) makes Azure Key Vault secrets, certificates and keys available to your applications in Kubernetes, in a simple and secure way.
Documentation available at https://akv2k8s.io. Join our Slack Workspace to ask questions to the akv2k8s community.
Please spare one minute to take our survey: https://www.surveymonkey.com/r/HMFZVYR. Why? We have no ide how many are using Akv2k8s, except through user interaction here on GitHub. More importantly - what can we do to make Akv2k8s even better?
Overview
Azure Key Vault to Kubernetes (akv2k8s) will make Azure Key Vault objects available to Kubernetes in two ways:
- As native Kubernetes
Secrets - As environment variables directly injected into your Container application
The Azure Key Vault Controller (Controller for short) is responsible for synchronizing Secrets, Certificates and Keys from Azure Key Vault to native Secret's in Kubernetes.
The Azure Key Vault Env Injector (Env Injector for short) is responsible for transparently injecting Azure Key Vault secrets as environment variables into Container applications, without touching disk or expose the actual secret to Kubernetes.
Goals
Goals for this project was:
- Avoid a direct program dependency on Azure Key Vault for getting secrets, and adhere to the 12 Factor App principle for configuration (https://12factor.net/config)
- Make it simple, secure and low risk to transfer Azure Key Vault secrets into Kubernetes as native Kubernetes secrets
- Securely and transparently be able to inject Azure Key Vault secrets as environment variables to applications, without having to use native Kubernetes secrets
All of these goals are met.
Installation
For installation instructions, see documentation at https://akv2k8s.io/installation/
Credits
Credit goes to Banzai Cloud for coming up with the original idea of environment injection for their bank-vaults solution, which they use to inject Hashicorp Vault secrets into Pods.
Contributing
Development of Azure Key Vault for Kubernetes happens in the open on GitHub, and encourage users to:
- Send a pull request with
- any security issues found and fixed
- your new features and bug fixes
- updates and improvements to the documentation
- Report issues on security or other issues you have come across
- Help new users with issues they may encounter
- Support the development of this project and star this repo!
Sparebanken Vest has adopted a Code of Conduct that we expect project participants to adhere to. Please read the full text so that you can understand what actions will and will not be tolerated.
Azure Key Vault to Kubernetes is licensed under Apache License 2.0.
Contribute to the Documentation
The documentation is located in a seperate repository at https://github.com/SparebankenVest/akv2k8s-website. We're using Gatsby + MDX (Markdown + JSX) to generate static docs for https://akv2k8s.io.
-
Overview Learn Samples The Spring on Azure project is designed to provide seamless Spring integration with Azure managed services. Developers can adopt a Spring-idiomatic way to take advantage of man
-
aws 和azure 首先是容器 ,然后是Kubernetes 。 整个世界都需要摆脱部署,管理和扩展容器化应用程序的繁琐和复杂性,Kubernetes接听了这一电话。 推动Kubernetes向前发展的因素之一是Kubernetes集群可以在本地或云中运行,甚至可以跨越两者运行,从而使容器应用程序可以跨环境移植。 因此,这三大主要公共云提供商都提供托管的Kubernetes服务也就不足为奇了,您
-
首先是容器 ,然后是Kubernetes 。 整个世界都需要摆脱部署,管理和扩展容器化应用程序的繁琐和复杂性,而Kubernetes接听了这个电话。 推动Kubernetes向前发展的一个因素是Kubernetes集群可以在本地或云中运行,甚至可以跨这两者运行,从而使容器应用程序可以跨环境移植。 因此,所有三大主要公共云提供商都提供托管的Kubernetes服务也就不足为奇了,您所需要的就是携带容
-
计算 Linux 虚拟机:为 Ubuntu、Red Hat 等预配虚拟机 Windows 虚拟机 为 SQL Server、SharePoint 等预配虚拟机 应用服务 快速创建适用于 Web 和移动的强大云应用 函数 使用无服务器代码处理事件 Batch 云规模的作业计划和计算管理 容器实例 使用单个命令轻松运行容器 Service Fabric 在 Windows 或 Linux 上开发微
-
Thales HSM、智能卡和支持软件 我的问题是我真的需要购买一个物理HSM来使用HSM生成密钥吗?
-
我们正在开发一个调用外部API服务的Azure多租户web服务门户。每个被调用的web服务都可能具有oAuth参数,如endpoint、客户端Id、秘密等。目前,我们有两种类型的工作代码: 使用SQL存储这些参数;和 使用json配置文件维护运行时参数。我想提供一个Azure密钥库解决方案,但在同一个密钥库中同时包含客户端ID和客户端机密似乎是不明智的。
-
我只看到密钥库秘密旋转,但没有密钥库密钥旋转在文档中。创建新版本并禁用旧版本是旋转Azure密钥库密钥(加密密钥)的一种方法 在Azure Key Vault Key中有没有其他旋转加密密钥的方法?
-
当我试图从一个无状态服务实现Azure Key Vault Secret时,我得到了以下信息:从一个控制台应用程序实现Azure Key Vault Secret。
-
我想使用quarkus应用程序连接到azure key vault。我已经在azure key vault上存储了一些秘密,需要连接到azure key vault(不公开服务主体秘密),检索在azue key vault中配置的秘密的值并在我的应用程序中使用。我不知道如何做到这一点。有人能帮忙吗。
-
我在尝试在蔚蓝金库的商店秘密。我使用了azure SDKAPI,并且可以使用这些API成功地存储/检索。我想知道是否有可能在相同的标记下对一组秘密进行分类/分组,并将它们存储在某个路径中。 我想将一个服务使用的一些秘密分组,存储在一个存储路径中。其他服务的相同方法是分离存储路径。我找不到办法。在蔚蓝金库有可能吗?