Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/SparebankenVest/azure-key-vault-to-kubernetes

Azure Key Vault to Kubernetes (akv2k8s for short) makes it simple and secure to use Azure Key Vault secrets, keys and certificates in Kubernetes.
https://github.com/SparebankenVest/azure-key-vault-to-kubernetes

azure controller keyvault kubernetes secrets vault

Last synced: about 2 months ago
JSON representation

Azure Key Vault to Kubernetes (akv2k8s for short) makes it simple and secure to use Azure Key Vault secrets, keys and certificates in Kubernetes.

Awesome Lists containing this project

README 

        


Azure Key Vault to Kubernetes





  

    Controller Build Status

    WebHook Build Status

    VaultEnv Build Status

  



  

    Go Report Card

  

 

  

    Release

  



  

    Tag

  



  

    Docker Pulls

  



  

    Docker Pulls

  





  

Azure Key Vault to Kubernetes (akv2k8s) makes Azure Key Vault secrets, certificates and keys available to your applications in Kubernetes, in a simple and secure way.
 



Documentation available at https://akv2k8s.io. Join our Slack Workspace to ask questions to the akv2k8s community.



## Overview



Azure Key Vault to Kubernetes (akv2k8s) will make Azure Key Vault objects available to Kubernetes in two ways:



* As native Kubernetes `Secret`s 

* As environment variables directly injected into your Container application



The **Azure Key Vault Controller** (Controller for short) is responsible for synchronizing Secrets, Certificates and Keys from Azure Key Vault to native `Secret`s in Kubernetes.



The **Azure Key Vault Env Injector** (Env Injector for short) is responsible for transparently injecting Azure Key Vault secrets as environment variables into Container applications, without touching disk or exposing the actual secret to Kubernetes.



## Goals



The goals for this project were:



1. Avoid a direct program dependency on Azure Key Vault for getting secrets, and adhere to the 12 Factor App principle for configuration (https://12factor.net/config)

2. Make it simple, secure and low risk to transfer Azure Key Vault secrets into Kubernetes as native Kubernetes secrets

3. Securely and transparently be able to inject Azure Key Vault secrets as environment variables to applications, without having to use native Kubernetes secrets



All of these goals are met.



## Installation



For installation instructions, see documentation at https://akv2k8s.io/installation/.



## Credits



Credit goes to Banzai Cloud for coming up with the [original idea](https://banzaicloud.com/blog/inject-secrets-into-pods-vault/) of environment injection for their [bank-vaults](https://github.com/banzaicloud/bank-vaults) solution, which they use to inject Hashicorp Vault secrets into Pods.



## Contributing



Development of Azure Key Vault for Kubernetes happens in the open on GitHub, and we encourage users to:



* Send a pull request with 

  * any security issues found and fixed

  * your new features and bug fixes

  * updates and improvements to the documentation

* Report issues on security or other issues you have come across

* Help new users with issues they may encounter

* Support the development of this project and star this repo!



**[Code of Conduct](CODE_OF_CONDUCT.md)**



Sparebanken Vest has adopted a Code of Conduct that we expect project participants to adhere to. Please read the full text so that you can understand what actions will and will not be tolerated.



**[License](LICENSE)**



Azure Key Vault to Kubernetes is licensed under Apache License 2.0.



### Contribute to the Documentation



The documentation is located in a separate repository at https://github.com/SparebankenVest/akv2k8s-website. We're using Gatsby + MDX (Markdown + JSX) to generate static docs for https://akv2k8s.io.