BanzaiCloud Bank-Vaults

In this article I will show usage of Bank-Vaults prepared with BANZAICLOUD (now part of Cisco)team. Bank-Vaults have three components vault-operator , vault-secrets-webhook, and Hashicorp Vault itself.

Vault Operator — after deployment of this operator we can install and configure Hashicorp vault in HA or single mode with CRD of operator.

Vault Secret Webhook — With help of this webhook vault-env init container brings secrets to in memory of POD and with it microservice app can get secret key value from Hashicorp Vault.

Hashicorp Vault — Wonderful application which gives us possibility store our secrets with multiple ways (Very clear API).

With Bank-Vaults we don’t need vault-agent sidecar container and we cannot get secret real value inside of the microservice container.

To see real illustration how it works just look at the following gif which I got from their official page

The code files which I have used located in this GitHub repository. I have used GC bucket as backend with auto unseal in HA mode. For authentication I have used GitHub and Google OIDC.

We can see the real simulation in the following video. I hope it will be useful to all of us.