Integrating Kubernetes with DevOps Secrets Vault

Kubernetes Integration with DevOps Secrets Vault

Delinea offers two primary integration methods for securing secrets within Kubernetes environments:

• Kubernetes Sidecar Architecture: This approach utilizes a sidecar container alongside each application pod within the cluster. The sidecar fetches secrets from a central Delinea DevOps Secrets Vault (DSV) broker pod and injects them into the application container as needed. This method offers a high degree of isolation and security but can introduce additional resource overhead due to the extra sidecar containers.

• Mutating Webhook Injection: This integration leverages Kubernetes' built-in mutating admission webhooks. When a pod is created or updated, the webhook intercepts the request and injects secrets from the DSV into the pod specification before it's deployed. This eliminates the need for sidecar containers, reducing resource consumption, but requires configuration of the webhook within the Kubernetes cluster.

To learn more about this integration, click here.