Summary
AppsCode held a webinar on “Manage Redis Secrets using KubeVault”. This took place on 17th Jan 2023. The contents of the webinar are shown below:
- Deploy VaultServer
- Deploy Redis Standalone Database
- Enable Redis SecretEngine
- Create Database Roles
- Manage User Privileges
- KubeVault CLI in Action
- Q&A Session
Description of the Webinar
It is required to install the followings to get started:
- KubeDB Enterprise Operator
- KubeVault Enterprise Operator
- Secrets Store CSI Driver
- Vault Specific CSI Provider
The demo starts with deploying VaultServer & Redis Database by KubeDB. It’s described how easy it is to get the decrypted vault-root-token using KubeVault CLI. Followed by, enabling SecretEngine & creating some Database Roles.
After that, it is shown how to manage user privileges using two different ways. Firstly, using the SecretAccessRequest, which is more human interaction friendly, that can be Approved or Denied using the KubeVault CLI. Secondly, using the SecretRoleBinding which is a more machine friendly way, that binds some roles to a K8s ServiceAccount.
Then, it’s demonstrated how microservices can communicate with databases in a more secure way using the Dynamic Secrets generated by Vault, where a microservice is deployed that can read mounted credentials and do database operation using that credentials. DB secrets are mounted on directories with the help of Secrets store CSI Driver & Vault CSI Provider.
Lastly, it’s shown how KubeVault CLI can be used to Revoke a user privileges by using a simple command.
Take a deep dive into the full webinar below:
What Next?
Please try the latest release and give us your valuable feedback.
- If you want to install KubeVault, please follow the installation instruction from here .
Support
To speak with us, please leave a message on our website .
To receive product announcements, follow us on Twitter .
If you have found a bug with KubeVault or want to request new features, please file an issue .