I don't know much about Vault aside from it being used for secrets management. What is the use case, outside of already using Hashicorp stuff, of Vault where it makes sense to use?
Also, is there a benefit of using a sidecar here over building a controller that reads from Vault and creates Secrets in the k8s api?
I ask myself the same question. I guess with this tool now is just easier. From their docs :
> “ We are excited to announce a new Kubernetes integration that enables applications with no native HashiCorp Vault logic built-in to leverage static and dynamic secrets sourced from Vault.
Applications need only concern themselves with finding a secret at a filesystem path, rather than managing tokens, connecting to an external API, or other mechanisms for direct interaction with Vault.”
Vault can be a centralized source of truth for secrets. It has become the defacto standard for serious secrets management imo.
For example, you can have a vault with secrets and you can setup policies to unlock the vault. You could issue 10 keys, one to each person in your executive team then require a minimum of 3 of those keys to unlock the vault.
You can also create things like one time use keys, or keys that expire. Or rotating keys to access secrets.
Yeah, but my point is that secrets coming from "Vault" specifically are nice to have integrated into that functionality. Dunno how that was done before.
Also, is there a benefit of using a sidecar here over building a controller that reads from Vault and creates Secrets in the k8s api?