Introduction

Azure Key Vault to Kubernetes (akv2k8s) makes Azure Key Vault objects available to Kubernetes in a simple and secure way.

Two options is supported:

  1. Azure Key Vault object as a native Kubernetes Secret
  2. Azure Key Vault object directly injected into your program as an ENV variable

The diagram below illustrate the two options:

Controller and Env-Injector

For more information about the inner workings of Azure Key Vault for Kubernetes, see Components.

The goals

The Azure Key Vault to Kubernetes project was set out with these goals in mind:

  1. Avoid a direct program dependency on Azure Key Vault for getting secrets, and adhere to the 12 Factor App principle for configuration (https://12factor.net/config)
  2. Make it simple, secure and low risk to transfer Azure Key Vault secrets into Kubernetes as native Kubernetes secrets
  3. Securely and transparently be able to inject Azure Key Vault secrets as environment variables to applications, without having to use native Kubernetes secrets

All of these goals are met.