Vault OverviewΒΆ

You can optionally integrate open source Vault secret management into the StarlingX solution. The Vault integration requires PVC as a storage backend to be enabled.

There are two methods for using Vault secrets with hosted applications:

  1. Have the application be Vault Aware and retrieve secrets using the Vault REST API. This method is used to allow an application write secrets to Vault, provided the applicable policy gives write permission at the specified Vault path. For more information, see Vault Aware.

  2. Have the application be Vault Unaware and use the Vault Agent Injector to make secrets available on the container filesystem. For more information, see, Vault Unaware.

Both methods require appropriate roles, policies and auth methods to be configured in Vault.