How can we improve the Azure Kubernetes Service (AKS)?

← Azure Kubernetes Service (AKS)

Native integration between AKS and Azure Key Vault

It makes sense to have some sort of smart integration between kubernetes secrets and azure key vault.

I.e.
containers:

    env:

    - name: CLIENT_ID

      valueFrom:

        azureSecretKeyRef:

          name: client-details

          key: client-id

189 votes
Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

4 comments

Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Andrew Sears commented  ·   ·  Flag as inappropriate

    It would be great if this was a native option and includes injection of environment variables / same functionality as existing k8s secrets. Many apps are written to use environment variables rather than file-based keys.

    A secrets.yaml file could reference the key vault secret keys k8s needs. The secret or environment could be decrypted as part of the injector process. Could look to other tools such as Databricks for the similar cluster-based patterns.

    Some best practices around storing base64 encoded secrets yaml files in Devops library, and ability to store yaml files in Key Vault or other encrypted-at-rest mechanism would be useful.

  • Doug Fish commented  ·   ·  Flag as inappropriate

    Storing Kubernetes secrets in Azure Key Vault is useful for environments where FIPS 140-2 Level 2 validated HSMs are required for secret storage.

Azure Kubernetes Service (AKS): Support for Kubernetes features

Categories

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice