Applications running on Kubernetes require access to sensitive information (passwords, SSH keys and authentication tokens). But how do you configure your applications when the source of truth for these secrets is an external secret store? What if you need to store, retrieve and perform zero touch rotation of these secrets securely? Meet the Secrets Store CSI Driver, a sig-auth subproject providing a simple way to retrieve secrets from enterprise-grade external stores such as Azure Key Vault, Google Secret Manager, HashiCorp Vault and AWS Secrets Manager.
In this session, Anish will demonstrate how to use the Secrets Store CSI Driver to mount and rotate sensitive information from external secrets stores in the Kubernetes application. He will also discuss trade-offs of the CSI driver versus other solutions to accessing external secret stores and how CRDs are used to make pod portability across Kubernetes environments possible.
Microsoft
Software Engineer
Anish Ramasekar is a software engineer at Microsoft. He is on the Azure Cloud Native Compute team building features for Kubernetes upstream and for Azure Kubernetes Service.
Cloud Native Computing Foundation
Organizer
CNCF
Organizer
Linux Foundation (CNCF)
Organizer
CNCF
Organizer