Vault Sidecar Secret Injection

This repository shows you how to inject secrets in your application from Hashicorp Vault in Kubernetes

⚠️ Never transform encrypted variable from Vault in base64 encoded data for sensitive values. You may prefer inject your sensitive values directly in pod where they are needed.

Medium : https://medium.com/@verove.clement/inject-secret-in-application-from-vault-agent-injector-60a3fe71628e

Prerequisites

How it works

How to

1. Create cluster | Install Vault Helm chart

   make start

2. Build Golang api and push docker image

   make image

3. Create secret, kubernetes authentication, policies and roles in Vault

   make vault

4. Deploy Helm chart

   make api

5. Create port forward with application container

   make forward

6. Now, you can request http://localhost:8080

   {
       "APP_ENV_SECRET":"my_secure_secret",
       "APP_ENV_VALUE":"production",
       "HOME":"/home/nonroot",
       "HOSTNAME":"api-deployment-78c847444f-5wmgl",
       "OS_RELEASE":"NAME=\"Alpine Linux\"\nID=alpine\nVERSION_ID=3.18.2\nPRETTY_NAME=\"Alpine Linux v3.18\"\nHOME_URL=\"https://alpinelinux.org/\"\nBUG_REPORT_URL=\"https://gitlab.alpinelinux.org/alpine/aports/-/issues\"\n"
   }

Cleanup your system

1. delete everything in your system about this project

   make cleanup