Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. What this means is that you can safely store all your App secrets in Vault without having to worry anymore how to store, provide, and use those secrets, we will see how to install it on a running kubernetes cluster and save and read a secret by our application, in this page we will be using Vault version 1.1.1, we will be using dynamic secrets, that means that each pod will have a different secret and that secret will expire once the pod is killed.
This is the part one of two
Let’s start minikube and validate that we can reach our cluster with
minikube start and then with
kubectl get nodes, also the dashboard can become handy you can invoke it like this
Vault needs a backend to store data, this backend can be consul, etcd, postgres, and many more, so the first thing that we are going to do is create a certificate so consul and vault can speak to each other securely.
The next steps would be to create an encryption key for the consul cluster and to create all the kubernetes resources associated with it
Once we have Consul running starting vault should be straight forward, we need to create all kubernetes resources associated with it and then initialize and unseal the vault.
As you can see it takes a while to configure a Vault server but I really like the pattern that renders for the apps using it, in the next post we will see how to unlock it automatically with kubernetes and also how to mount the secrets automatically to our pods so our applications can use it :), this post was heavily inspired by this one and this one.
If you spot any error or have any suggestion, please send me a message so it gets fixed.