WARNING : This repository is now archived and no more maintained. You can find a similar implementation maintained by hashicorp here.

Vault Sidecar Injector

Vault Sidecar Injector allows to dynamically inject HashiCorp Vault Agent as either an init or a sidecar container, along with configuration and volumes, in any matching pod manifest to seamlessly fetch secrets from Vault. Pods willing to benefit from this feature just have to add some custom annotations to ask for the injection at deployment time.

Announcements

• 2020-06: Inject secrets in your pod as environment variables
• 2020-03: Vault Sidecar Injector vs HashiCorp Vault Agent Injector - Features Comparison
• 2020-03: Static vs Dynamic secrets
• 2019-12: Discovering Vault Sidecar Injector's Proxy feature
• 2019-11: Vault Sidecar Injector now leverages Vault Agent Template feature
• 2019-10: Open-sourcing Vault Sidecar Injector

Kubernetes compatibility

Vault Sidecar Injector can be deployed on Kubernetes 1.12 and higher. Deployment on earlier versions may work but has not been tested.

Usage

• How to invoke Vault Sidecar Injector
• Examples

Installation

• How to deploy Vault Sidecar Injector
• Configuration

Observability

• Metrics

List of changes

Look at changes for Vault Sidecar Injector releases in CHANGELOG file.

Contributing

Feel free to create issues or submit pull requests.

License

This project is licensed under the terms of the Apache 2.0 license.