Azure Key Vault to Kubernetes (akv2k8s) makes Azure Key Vault objects available to Kubernetes in a simple and secure way.
Two options is supported:
- Azure Key Vault object as a native Kubernetes
- Azure Key Vault object directly injected into your program as an ENV variable
The diagram below illustrate the two options:
For more information about the inner workings of Azure Key Vault for Kubernetes, see Components.
The Azure Key Vault to Kubernetes project was set out with these goals in mind:
- Avoid a direct program dependency on Azure Key Vault for getting secrets, and adhere to the 12 Factor App principle for configuration (https://12factor.net/config)
- Make it simple, secure and low risk to transfer Azure Key Vault secrets into Kubernetes as native Kubernetes secrets
- Securely and transparently be able to inject Azure Key Vault secrets as environment variables to applications, without having to use native Kubernetes secrets
All of these goals are met.