13-Jan-2022

Secure Secrets - A Cloud-Native Approach made simple with KubeVault

by Sakib Alamin

Summary

AppsCode held a webinar on “Secure Secrets: A Cloud-Native Approach made simple with KubeVault”. This took place on 12th Jan 2022. The contents of what took place at the webinar are shown below:

  • Deploy TLS Secured VaultServer
  • Enable SecretEngine
  • Create Database Roles
  • Manage User Privileges
  • KubeVault CLI in Action
  • Q & A Session

Description of the Webinar

It is required to install the followings to get started:

  • KubeDB Enterprise Operator
  • KubeVault Enterprise Operator
  • Secrets Store CSI Driver
  • Vault Specific CSI Provider

The speaker starts by deploying TLS secured VaultServer (TLS managed by cert-manager) & MySQL Database by KubeDB. Speaker shows how easy it is to get the decrypted vault-root-token from GCS bucket using KubeVault CLI. Followed by, enabling SecretEngine & creating some Database Roles.

After that, it’s shown how to manage user privileges using two different ways. Firstly, using the SecretAccessRequest, which is more human interaction friendly, that can be Approved or Denied using the KubeVault CLI. Secondly, using the SecretRoleBinding which is a more machine friendly way, that binds some roles to a K8s ServiceAccount.

Then, it’s demonstrated how microservices can communicate with databases in a more secure way using the Dynamic Secrets generated by Vault, where a microservice is deployed that reads mounted credentials, logs into the DB and makes queries. DB secrets are mounted on directories with the help of Secrets store CSI Driver & Vault CSI Provider.

Lastly, it’s shown how KubeVault CLI can be used to Revoke a user privileges by using a simple command.

Take a deep dive into the full webinar below:

What Next?

Please try the latest release and give us your valuable feedback.

  • If you want to install KubeVault, please follow the installation instruction from here.

Support

To speak with us, please leave a message on our website.

To receive product announcements, follow us on Twitter.

If you have found a bug with KubeVault or want to request new features, please file an issue.

Get Up and Running Quickly

Deploy, manage, upgrade Kubernetes on any cloud and automate deployment, scaling, and management of containerized applications.