AppsCode held a webinar on “Secure Secrets: A Cloud-Native Approach made simple with KubeVault”. This took place on 12th Jan 2022. The contents of what took place at the webinar are shown below:
- Deploy TLS Secured VaultServer
- Enable SecretEngine
- Create Database Roles
- Manage User Privileges
- KubeVault CLI in Action
- Q & A Session
Description of the Webinar
It is required to install the followings to get started:
- KubeDB Enterprise Operator
- KubeVault Enterprise Operator
- Secrets Store CSI Driver
- Vault Specific CSI Provider
The speaker starts by deploying TLS secured
VaultServer (TLS managed by
MySQL Database by
KubeDB. Speaker shows how easy it is to get the decrypted
vault-root-token from GCS bucket using KubeVault CLI. Followed by, enabling
SecretEngine & creating some Database
After that, it’s shown how to manage user privileges using two different ways. Firstly, using the
SecretAccessRequest, which is more human interaction friendly, that can be
Denied using the KubeVault CLI. Secondly, using the
SecretRoleBinding which is a more machine friendly way, that binds some roles to a
Then, it’s demonstrated how microservices can communicate with databases in a more secure way using the
Dynamic Secrets generated by Vault, where a microservice is deployed that reads mounted credentials, logs into the DB and makes queries. DB secrets are mounted on directories with the help of Secrets store CSI Driver & Vault CSI Provider.
Lastly, it’s shown how
KubeVault CLI can be used to
Revoke a user privileges by using a simple command.
Take a deep dive into the full webinar below:
Please try the latest release and give us your valuable feedback.
- If you want to install KubeVault, please follow the installation instruction from here .
To speak with us, please leave a message on our website .
To receive product announcements, follow us on Twitter .
If you have found a bug with KubeVault or want to request new features, please file an issue .