A k8s vault webhook is a Kubernetes webhook that can inject secrets into Kubernetes resources by connecting to multiple secret managers
k8s-vault-webhook is a Kubernetes admission webhook which listen for the events related to Kubernetes resources for injecting secret directly from secret manager to pod, secret, and configmap. The motive of creating this project is to provide a dynamic secret injection to containers/pods running inside Kubernetes from different secret managers for enhanced security.
Documentation is available here:- https://ot-container-kit.github.io/k8s-vault-webhook/
Blog Link:- https://blog.opstree.com/2021/09/14/introducing-kubernetes-vault-web-hook/
The secret managers which are currently supported:-
This project is based on secret-consumer-webhook. Please check out the source code at https://github.com/innovia/secrets-consumer-webhook.
k8s-vault-webhook can easily get installed by using Helm. We just simple need to add the repository of our helm charts.
$ helm repo add ot-helm https://github.com/OT-CONTAINER-KIT/helm-charts
$ helm upgrade k8s-vault-webhook ot-helm/k8s-vault-webhook --namespace <namespace> --install
If you want to pass your custom values file while installing the chart, you can find the values file here
For setting up a quickstart environment for demo, you can start quickstart from here
If you like to contribute to this project, you are more than welcome. Please see our DEVELOPMENT.md for details.
Please see our CHANGELOG.md for details.
If you have any suggestion or query. Contact us at