Home / Companies / HashiCorp / Blog / Post Details
Content Deep Dive

Injecting Vault Secrets Into Kubernetes Pods via a Sidecar

Blog post from HashiCorp

Post Details
Company
Date Published
Author
Vault Team
Word Count
1,584
Company Posts That Month
16
Language
English
Hacker News Points
14
Post removed?
No
Summary

HashiCorp has announced a new Kubernetes integration that enables applications with no native HashiCorp Vault logic built-in to leverage static and dynamic secrets sourced from Vault. This is made possible by a new tool called vault-k8s, which leverages the Kubernetes Mutating Admission Webhook to intercept and augment specifically annotated pod configuration for secrets injection using Init and Sidecar containers. With this integration, applications only need to find a secret at a filesystem path, rather than managing tokens or connecting to an external API for direct interaction with Vault. The tool supports various use-cases such as pre-populating secrets before an application starts, keeping secrets fresh by periodically checking in a sidecar container, and using Kubernetes Service Accounts tied to a Vault Policy for fine-grained control of secret injection without compromising security. The integration also includes flexible output formatting options using the Vault Agent template functionality, which can be used to format secret data into desired formats such as database connection strings. To get started with vault-k8s, users can install the latest Vault Helm Chart, which supports the new feature, and apply specific annotations to their pod configuration to enable secrets injection. The integration is designed to expand Kubernetes support for HashiCorp Vault and provide a variety of options for securely introducing secrets into workflows.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
Secrets Management 109 437 72 18 +103%
Kubernetes 32 1,086 169 37 +2%
Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.