CSI Secret Store Driver

[Sheepux]

User Story

As a cluster administrator I want to offer my users in their namespaced environement the ability to retrieve secrets using -now standardized- CSI secret drivers So that i can easily offer alternative secret provider in case of specific needs and still offer the same syntax to end users

Test Scenarios

Given the CSI driver is deployed on the cluster by an administrator When a user creates their SecretProviderClass and secrets-store-inline Then the user is able to retrieve secrets with inline volume

Given the CSI driver is deployed on the cluster by an administrator When a user creates their SecretProviderClass with secretObjects Then the user is able to retrieve secrets within a synchronized kubernetes secret

Implementation

Notes

CSI driver repository https://github.com/kubernetes-sigs/secrets-store-csi-driver

Syntax example: Sync as inline volume https://secrets-store-csi-driver.sigs.k8s.io/getting-started/usage.html

Sync as secret https://secrets-store-csi-driver.sigs.k8s.io/topics/sync-as-kubernetes-secret.html

Implementation Tasks

The following issues have been created to implement this user story:

[rpothier]

Thanks for submitting this issue @Sheepux ! We are reviewing the request.

[rpothier]

We are aware of the CSI standard and see the value in using it serve secrets. However, at this time, we have no immediate plans to integrate. If you are interested in contributing such an integration, perhaps provide some more details about the implementation you envision. Thanks.

[piomin]

Any updates in this area? It would be nice to have a similar integration as for e.g. HashiCorp Vault (https://github.com/hashicorp/vault-csi-provider)

[mJace]

Any updates in this area? Looks like Secret Store CSI Driver will be a standard way in k8s now.

[szh]

This is implemented in a new project, cyberark/conjur-k8s-csi-provider