/

Quick Start

Quickly get started using Azure Key Vault to Kubernetes

  • 1

    Installation

    See installation.

  • 2

    Ensure Kubernetes can access objects in Azure Key Vault

    By default akv2k8s use the AKS cluster credentials to authenticate with Azure Key Vault (if you run outside Azure, see using custom credentials). Run the following command to authorize akv2k8s to access secret-objects in Azure Key Vault.

    az keyvault set-policy \
  -n <azure key vault name> \
  --secret-permissions get \
  --spn <service principal id> \ 
  --subscription <azure subscription>

    For more details and options, check out authentication and authorization.

  • 3

    Sync Azure Key Vault object to Kubernetes Secret

    Create a AzureKeyVaultSecret resource in the namespace you want the Kubernetes Secret to be synced. In this example we are using the namespace akv-test.

    # secret-sync.yaml

apiVersion: spv.no/v2beta1
kind: AzureKeyVaultSecret
metadata:
  name: secret-sync 
  namespace: akv-test
spec:
  vault:
    name: akv2k8s-test # 1. name of key vault
    object:
      name: my-secret # 2. name of the akv object
      type: secret # 3. akv object type
  output: 
    secret: 
      name: my-secret-from-akv # 4. kubernetes secret name
      dataKey: secret-value # 5. key to store object value in kubernetes secret

    Apply to Kubernetes:

    $ kubectl apply -f secret-sync.yaml
azurekeyvaultsecret.spv.no/secret-sync created

  • Done

    Shortly you should have a Kubernetes Secret resource in the namespace akv-test, containing the value from Azure Key Vault!

    To see how to use the Env-Injector to bypass using Kubernetes Secrets entirely and other options, check out the tutorials.

Edit on GitHub