The document discusses Vault, a tool for securely managing secrets and sensitive data. It provides centralization of secrets, encryption of data at rest, and auditing of access to credentials. Vault controls access to secrets by authenticating users and services against identity sources and enforcing policies. The document provides guidance on using Vault for development, including mounting volumes, using dedicated service accounts, and adding configuration parameters to access the Vault server.

1. SECRET MANAGEMENT
1

2. Sensitive data & Secrets problem
2

3. Vault – why ?
● Need of centralization of source of truth (for secret)
● Data encryption (not plain text)
● Tracking of credentials access by audit log
● leases/revoke mechanism for credentials
3

4. 4
• Platform for securely managing
sensitive data with strong encryption
• Controls access to secrets by
authenticating against source of identity
(LDAP, Kubernetes, AWS, GCP,…)
• Policy & token for client accessibly
Vault – what ?

5. 5
Vault – how ?

6. 6
Vault – how ?

7. Vault – survival guide for dev (1/2)
7
1. Volumes (for Vault)
- secret for dedicated ServiceAccount
- mountVolume for credentials get from Vault server
2. Dedicated ServiceAccount
(vault-auth-<svc_name>) – use to authenticate with Vault
server
3. New Parameters at application’s values.yaml:
- vaultServer

8. 8
Vault – survival guide for dev (1/2)

9. Vault – Demo !!!
9
SHOW UP TIME

10. Vault – Demo !!!
10
Questions & Answers