Secrets Management on Kubernetes: How do you handle it?

This page summarizes the projects mentioned and recommended in the original post on reddit.com/r/kubernetes
#Kubernetes #kubernetes-secrets #Vault #csi #devops-workflow

Our great sponsors
  • InfluxDB - Access the most powerful time series database as a service
  • SonarLint - Clean code begins in your IDE with SonarLint
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • bank-vaults

    A Vault swiss-army knife: a K8s operator, Go client with automatic token renewal, automatic configuration, multiple unseal options and more. A CLI tool to init, unseal and configure Vault (auth methods, secret engines). Direct secret injection into Pods.

    https://github.com/banzaicloud/bank-vaults. Mind you after Cisco bought Banzai work on this project seems to have stopped. It works very well for us though.

  • sealed-secrets

    A Kubernetes controller and tool for one-way encrypted Secrets

  • InfluxDB

    Access the most powerful time series database as a service. Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression.

  • secrets-store-csi-driver

    Secrets Store CSI driver for Kubernetes secrets - Integrates secrets stores with Kubernetes via a CSI volume.

  • secrets-store-csi-driver-provider-aws

    The AWS provider for the Secrets Store CSI Driver allows you to fetch secrets from AWS Secrets Manager and AWS Systems Manager Parameter Store, and mount them into Kubernetes pods.

    Great suggestions below. If you are a AWS shop and use secrets manager you can use https://github.com/aws/secrets-store-csi-driver-provider-aws

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts