/

Quick Start

Quickly get started using Azure Key Vault to Kubernetes


  • 1

    Installation

    See installation.

  • 2

    Ensure Kubernetes can access objects in Azure Key Vault

    By default akv2k8s use the AKS cluster credentials to authenticate with Azure Key Vault (if you run outside Azure, see using custom credentials). Run the following command to authorize akv2k8s to access secret-objects in Azure Key Vault.

    az keyvault set-policy \
      -n <azure key vault name> \
      --secret-permissions get \
      --spn <service principal id> \ 
      --subscription <azure subscription>

    For more details and options, check out authentication and authorization.

  • 3

    Sync Azure Key Vault object to Kubernetes Secret

    Create a AzureKeyVaultSecret resource in the namespace you want the Kubernetes Secret to be synced. In this example we are using the namespace akv-test.

    # secret-sync.yaml
    
    apiVersion: spv.no/v1alpha1
    kind: AzureKeyVaultSecret
    metadata:
      name: secret-sync 
      namespace: akv-test
    spec:
      vault:
        name: akv2k8s-test # 1. name of key vault
        object:
          name: my-secret # 2. name of the akv object
          type: secret # 3. akv object type
      output: 
        secret: 
          name: my-secret-from-akv # 4. kubernetes secret name
          dataKey: secret-value # 5. key to store object value in kubernetes secret

    Apply to Kubernetes:

    $ kubectl apply -f secret-sync.yaml
    azurekeyvaultsecret.spv.no/secret-sync created
  • Done

    Shortly you should have a Kubernetes Secret resource in the namespace akv-test, containing the value from Azure Key Vault!

    To see how to use the Env-Injector to bypass using Kubernetes Secrets entirely and other options, check out the tutorials.

Edit on GitHub