Secret Store CSI Driver
Definition
The Secret Store CSI Driver is a Kubernetes Container Storage Interface (CSI) driver that allows Kubernetes workloads to securely mount secrets, keys, and certificates stored in external secret management systems into pods. It enables the integration of secret management solutions such as HashiCorp Vault, AWS Secrets Manager, and Azure Key Vault with Kubernetes, ensuring that sensitive data is not hardcoded into application configurations or stored in Kubernetes secrets.
Secure Settings Example
apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
name: vault-secrets
spec:
provider: vault
parameters:
vaultAddress: "https://vault.example.com"
roleName: "k8s-role"
objects: |
- objectName: "db-password"
objectType: "secret"
objectVersion: "1"
secretObjects:
- secretName: "db-credentials"
type: Opaque
data:
- objectName: "db-password"
key: "password"
Insecure Settings Example
apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
name: vault-secrets
spec:
provider: vault
parameters:
vaultAddress: "http://vault.example.com" # Insecure: Using HTTP instead of HTTPS
roleName: "k8s-role"
objects: |
- objectName: "db-password"
objectType: "secret"
objectVersion: "1"
secretObjects:
- secretName: "db-credentials"
type: Opaque
data:
- objectName: "db-password"
key: "password"