Vault Aware

The Vault Aware method involves writing an application to connect directly to a Vault server using Vault REST APIs. The Vault REST APIs requires an existing Auth method and policy to be created; the specific method depends on the client libraries used.

The Vault REST API is used to allow an application to read and/or write secrets to Vault, provided the applicable policy gives read and/or write permission at the specified Vault path. The Vault REST API can be accessed from application containers using the Vault endpoint sva-vault. Run the following command to view Vault endpoints:

$ kubectl get svc -n vault

See also

• Vault REST API:

  • https://learn.hashicorp.com/vault/getting-started/apis

  • https://www.vaultproject.io/api-docs

• Client libraries: https://www.vaultproject.io/api/libraries.html

• Connect Vault with Python using the HVAC library: https://github.com/hvac/hvac