Skip to content
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
81 lines (59 sloc) 2.23 KB
title description
Quick Start
Quickly get started using Azure Key Vault to Kubernetes

import { ExpansionPanel, ExpansionPanelList, ExpansionPanelListItem } from 'gatsby-theme-apollo-docs';


See installation.

Ensure Kubernetes can access objects in Azure Key Vault

By default akv2k8s use the AKS cluster credentials to authenticate with Azure Key Vault (if you run outside Azure, see using custom credentials). Run the following command to authorize akv2k8s to access secret-objects in Azure Key Vault.

az keyvault set-policy \
  -n <azure key vault name> \
  --secret-permissions get \
  --spn <service principal id> \ 
  --subscription <azure subscription>

For more details and options, check out authentication and authorization.

Sync Azure Key Vault object to Kubernetes Secret

Create a AzureKeyVaultSecret resource in the namespace you want the Kubernetes Secret to be synced. In this example we are using the namespace akv-test.

# secret-sync.yaml

kind: AzureKeyVaultSecret
  name: secret-sync 
  namespace: akv-test
    name: akv2k8s-test # 1. name of key vault
      name: my-secret # 2. name of the akv object
      type: secret # 3. akv object type
      name: my-secret-from-akv # 4. kubernetes secret name
      dataKey: secret-value # 5. key to store object value in kubernetes secret

Apply to Kubernetes:

$ kubectl apply -f secret-sync.yaml created


Shortly you should have a Kubernetes Secret resource in the namespace akv-test, containing the value from Azure Key Vault!

To see how to use the Env-Injector to bypass using Kubernetes Secrets entirely and other options, check out the tutorials.

You can’t perform that action at this time.