bank-vaults
DISCONTINUED
secrets-store-csi-driver-provider-azure
Our great sponsors
bank-vaults | secrets-store-csi-driver-provider-azure | |
---|---|---|
10 | 5 | |
0 | 422 | |
- | 1.4% | |
0.0 | 7.5 | |
7 months ago | 4 days ago | |
Go | Go | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
bank-vaults
-
Self-hosted Secrets Manager (or something alike)
there's https://github.com/banzaicloud/bank-vaults wich is a wrapper for hashivault, so not exactly what you're looking for but worth looking into.
-
Secrets Management on Kubernetes: How do you handle it?
https://github.com/banzaicloud/bank-vaults. Mind you after Cisco bought Banzai work on this project seems to have stopped. It works very well for us though.
-
Run a pod in a namespace without having access to it's secrets?
Use vault-env (we use https://github.com/banzaicloud/bank-vaults) to inject the secret as an ENV var to the pod at runtime, based on Vault's Kubernetes auth
-
Secrets storage best practices
We use bank vault to inject secrets as environment variables. This does not require changes to the app. A sidecar is automatically added to the pod to retrieve the secrets and inject them in the app runtime. Here’s the link https://github.com/banzaicloud/bank-vaults
- How to manage passwords in Helm
- Homelab: Cluster Architecture
-
Secrets Managers for Kubernetes (Vault (Hashi), Conjur (CyberArk), Platform Specific, etc)
Encrypted secrets can't be more than a temporary solution. That's why I'm not a fan of SOPS/Sealed Secrets/etc. I think the future for both security and usability is dynamic injection. Vault is the dopeness but I'm not a fan of the upstream Vault Injector -- shared volumes are a step backwards. It's all about the BanzaiCloud Vault Webhook -- secrets **only ever available to the running process**, rotation means: update the value in vault and bounce the pod, done. This is the way.
secrets-store-csi-driver-provider-azure
- One main source of vulnerabilities in DevOps pipelines is how secrets like keys, certificates, and credentials are managed. Many product engineering teams, for the sake of expediency, hard-code their secrets. This is extremely dangerous.
-
Shhhh... Kubernetes Secrets Are Not Really Secret!
The driver can also sync changes to secrets. The driver currently supports Vault, AWS, Azure, and GCP providers. Secrets Store CSI Driver can also sync provider secrets as Kubernetes secrets; if required, this behavior needs to be explicitly enabled during installation.
-
A better way to manage secrets: reference an external secret defined in the cloud provider environment (please support the idea or give your feedback)
Azure SS-CSI driver
-
Kubernetes with Asp.NET and React and Azure DevOps
Azure Key Vault Provider for Secrets Store CSI Driver allows you to get secret contents stored in an Azure Key Vault instance and use the Secrets Store CSI driver interface to mount them into Kubernetes pods.
What are some alternatives?
kubernetes-external-secrets - Integrate external secret management systems with Kubernetes
postgres-operator - Postgres operator creates and manages PostgreSQL clusters running in Kubernetes
vault-csi-provider - HashiCorp Vault Provider for Secret Store CSI Driver
vault-secrets-operator - Create Kubernetes secrets from Vault for a secure GitOps based workflow.
postgres-operator - Production PostgreSQL for Kubernetes, from high availability Postgres clusters to full-scale database-as-a-service.
helm-charts - A curated set of Helm charts brought to you by codecentric
ingress-nginx - Ingress-NGINX Controller for Kubernetes
k3s-home-cluster - Sets up a Kubernetes cluster using Ansible
secrets-manager - A daemon to sync Vault secrets to Kubernetes secrets
sealed-secrets - A Kubernetes controller and tool for one-way encrypted Secrets
truenas-csp - TrueNAS Container Storage Provider for HPE CSI Driver for Kubernetes
oauth2-proxy - A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.