mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-12 09:37:02 +02:00
Code Issues Projects Releases Wiki Activity
164352e5b4
vault/website/content/docs/platform/k8s/vso/index.mdx
Theron Voran 96b427f5b2
docs/vault-secrets-operator: supported openshift versions and OperatorHub options (#25682) 
Also describes how to customize an operator install from OperatorHub

---------

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
2024-03-06 14:32:43 -08:00

60 lines
2.9 KiB
Plaintext
Raw Blame History

---
layout: docs
page_title: Vault Secrets Operator
description: >-
The Vault Secrets Operator allows Pods to consume HashiCorp secrets natively from Kubernetes Secrets.
---
# Vault Secrets Operator
The Vault Secrets Operator (VSO) allows Pods to consume Vault secrets and HCP Vault Secrets Apps natively from Kubernetes Secrets.
## Overview
The Vault Secrets Operator operates by watching for changes to its supported set of Custom Resource Definitions (CRD).
Each CRD provides the specification required to allow the operator to synchronize from one of the supported sources for secrets to a Kubernetes Secret.
The operator writes the *source* secret data directly to the *destination* Kubernetes Secret, ensuring that any
changes made to the *source* are replicated to the *destination* over its lifetime. In this way, an application only needs
to have access to the *destination* secret in order to make use of the secret data contained within.
## Features
The following features are supported by the Vault Secrets Operator:
- Support for syncing from multiple secret sources.
- Automatic secret drift and remediation.
- Automatic secret rotation for `Deployment`, `ReplicaSet`, `StatefulSet` Kubernetes resource types.
- Prometheus specific instrumentation for [monitoring](/vault/docs/platform/k8s/vso/telemetry) the Operator.
- Support for installing using: `Helm` or `Kustomize`<br />
*see the [installation](/vault/docs/platform/k8s/vso/installation) docs for more details*
- Support for [secret data transformation](/vault/docs/platform/k8s/vso/secret-transformation).
## Supported secret sources
The Vault Secrets Operator supports syncing from multiple secret sources.
Refer to the [secret sources overview](/vault/docs/platform/k8s/vso/sources) for more details.
@include 'kubernetes-supported-versions.mdx'
## Supported Kubernetes distributions
The Vault Secrets Operator has been tested successfully in the following hosted Kubernetes environments:
- Amazon Elastic Kubernetes Service (EKS)
- Google Kubernetes Engine (GKE)
- Microsoft Azure Kubernetes Service (AKS)
- [Red Hat OpenShift](/vault/docs/platform/k8s/vso/openshift)<sup>CERTIFIED</sup>
Basic integration tests are available in the project repository.
Please report any issues [here](https://github.com/hashicorp/vault-secrets-operator/issues).
## Threat model and security considerations
HashiCorp takes security seriously and strives to enable users to configure their systems
with security and safety in mind. Please see the Vault Secrets Operator's
[Threat Model](https://github.com/hashicorp/vault-secrets-operator/blob/main/docs/threat-model/README.md)
for highlights on how using the Vault Secrets Operator affects users' security posture and recommendations for running securely.
## Tutorial
Refer to the [Vault Secrets Operator on Kubernetes](/vault/tutorials/kubernetes/vault-secrets-operator)
tutorial to learn the end-to-end workflow using the Vault Secrets Operator.
Reference in New Issue View Git Blame Copy Permalink