vault-secrets-operator icon indicating copy to clipboard operation
vault-secrets-operator copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Lazy Load Secrets

Open bradfordwagner opened this issue 1 year ago • 0 comments

Is your feature request related to a problem? Please describe. Vault Secret Operator pulls and refreshes secrets that are not even being used. This is especially a problem with Jobs/CronJobs, as the Kubernetes Secrets do not need to always be present. Additionally it is wasteful as it will continually refresh credentials+secrets we do not need.

Describe the solution you'd like Allow definitions of VaultPKISecret, VaultStaticSecret, VaultDynamicSecret to be lazily loaded. This will match the Vault CSI Provider's implementation which only pulls a Vault Secrets into a Kubernetes Secret on demand, and cleans it up when the volume is no longer mounted.

Describe alternatives you've considered The Vault CSI Provider allows follows this behavior, however I would like to migrate from CSI Provider to VSO. Vault webhook injector does not allow spooling Vault Secrets to Kubernetes Secrets.

bradfordwagner avatar Aug 29 '23 17:08 bradfordwagner