Kubernetes External Secrets
Notice
The Kubernetes External Secrets project has been deprecated. It is recommended to use the External Secrets Operator instead (see official Git: https://github.com/external-secrets/external-secrets)
Kubernetes External Secrets enable you to use external secret management systems, such as the Akeyless Vault Platform, to securely add secrets in Kubernetes.
External Secrets Operator
Check out Akeyless official Provider of External Secret project
Complete the following steps to allow Akeyless to add secrets in Kubernetes.
- Add the K8s external secrets repository:
helm repo add external-secrets https://external-secrets.github.io/kubernetes-external-secrets/
- Modify the access credential values in the charts/kubernetes-external-secrets/values.yaml file.
#Akeyless rest-v2 endpoint
AKEYLESS_API_ENDPOINT: https://api.akeyless.io
AKEYLESS_ACCESS_ID:
#AKEYLESS_ACCESS_TYPE can be one of the following: k8s/aws_iam/azure_ad/gcp/api_key
AKEYLESS_ACCESS_TYPE:
#AKEYLESS_ACCESS_TYPE_PARAM can be one of the following: gcp-audience/azure-obj-id/access-key
AKEYLESS_ACCESS_TYPE_PARAM:
Note:
Ensure that an Access Role is defined in Akeyless for the credentials you specify, and that the Access Role is associated with an Authentication Method that allows access to the required secret.
If you use a customer fragment, define the value of
AKEYLESS_API_ENDPOINT
as the URL of your Akeyless Gateway in the following format: https:/your.akeyless.gw:8080/v2.If you define the value of
AKEYLESS_ACCESS_TYPE
as api_key, define the
value ofAKEYLESS_ACCESS_TYPE_PARAM
as your access key.
- Deploy the helm chart by running:
helm install <RELEASE NAME> external-secrets/kubernetes-external-secrets -f charts/kubernetes-external-secrets/values.yaml
Note:
Define the value of
data.key
as the path to the required secret in Akeyless.
- Create an ExternalSecret.yaml file using the following format:
apiVersion: 'kubernetes-client.io/v1'
kind: ExternalSecret
metadata:
name: hello-secret
spec:
backendType: akeyless
data:
- key: </Path/To/Your/Secret>
name: creds
- Apply the ExternalSecret.yaml resource by running:
kubectl apply -f ExternalSecret.yaml
- Retrieve your secret value by running:
kubectl get secret hello-secret -o=yaml
Updated 6 months ago