Skip to content
/ vault-gcp-secrets Public

Create a Kubernetes secret with the service account key from a vault gcp roleset. This handles generic (Opaque) secrets or docker-registry (dockerconfigjson) secrets.

License

Apache-2.0 license
4 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

TJM/vault-gcp-secrets

BranchesTags

Repository files navigation

Vault GCP Secrets

Use vault agent to keep a vault_gcp_secrets_roleset service account key updated as a Kubernetes secret, either for docker-registry or generic (Opaque). This can be used for various other pods needing access to Google Services without having a vault agent for each one. It can also be used as imagePullSecrets (for docker type) to retrieve images from a private GCR repository.

NOTE: We are using this code in the production environment. You may use it at your own risk.

See helm chart readme: charts/vault-gcp-secrets/README.md

Prerequisites

  • Google Cloud Platform (GCP) Account setup with Vault
  • AppRole or Kubernetes authentication to Vault

Installation

  • helm repo add vault-gcp-secrets https://tjm.github.io/vault-gcp-secrets/
  • helm repo update
  • helm install vault-gcp-secrets vault-gcp-secrets/vault-gcp-secrets

NOTE: You will most likely need to set some values, like authentication method, path, etc.

This chart was roughly based on the vault-secrets-operator, which at the time was unable to support GCP secrets engine.

About

Create a Kubernetes secret with the service account key from a vault gcp roleset. This handles generic (Opaque) secrets or docker-registry (dockerconfigjson) secrets.

Topics

kubernetes vault gcp secrets

Resources

Readme

License

Apache-2.0 license
Activity

Stars

4 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases 54

vault-gcp-secrets-1.15.0 Latest
Oct 4, 2023
+ 53 releases

Packages

 
 
 

Contributors 3

  •  
  •  
  •  

Languages