Bank Vaults is a thick, tricky, shifty right with a fast and intense tube for experienced surfers only, located on Mentawai. Think heavy steel doors, secret unlocking combinations and burly guards with smack-down attitude. Watch out for clean-up sets.
Bank-Vaults is an umbrella project which provides various tools for Cloud Native secret management, including:
- Bank-Vaults CLI to make configuring Hashicorp Vault easier
- Vault operator to make operating Hashicorp Vault on top of Kubernetes easier
- Vault secrets webhook to inject secrets directly into Kubernetes pods
- Vault SDK to make working with Vault easier in Go
- and others
Some of the usage patterns are highlighted through these blog posts:
- Authentication and authorization of Pipeline users with OAuth2 and Vault
- Dynamic credentials with Vault using Kubernetes Service Accounts
- Dynamic SSH with Vault and Pipeline
- Secure Kubernetes Deployments with Vault and Pipeline
- Vault Operator
- Vault unseal flow with KMS
- Monitoring Vault on Kubernetes using Cloud Native technologies
- Inject secrets directly into pods from Vault
- Backing up Vault with Velero
- Vault replication across multiple datacenters on Kubernetes
- More blog posts about Bank-Vaults
The official documentation is available at https://bank-vaults.dev.
For an optimal developer experience, it is recommended to install Nix and direnv.
Alternatively, install Go on your computer then run make deps to install the rest of the dependencies.
Make sure Docker is installed with Compose and Buildx.
Fetch required tools:
make depsRun the test suite:
make testRun linters:
make lint # pass -j option to run them in parallelSome linter violations can automatically be fixed:
make fmtBuild artifacts locally:
make artifactsOnce you are done, you can clean project dependencies:
make cleanKudos to HashiCorp for open sourcing Vault and making secret management easier and more secure.
The project is licensed under the Apache 2.0 License.