kube-lego icon indicating copy to clipboard operation
kube-lego copied to clipboard

Published 20 hours ago verified publisher icon jetstack

Support for Vault as Storage backend?

Open InAnimaTe opened this issue 8 years ago • 6 comments

Wondering this is something anyone cares about or a future roadmap item already semi-planned?

InAnimaTe avatar Feb 22 '17 23:02 InAnimaTe

What exactly are you talking about?

I can see many ways of integration with vault. Primary kube-lego use case is requesting certificates from a CA. As long as Vault is not implementing a ACME protocol, we can't support it.

simonswine avatar Feb 23 '17 15:02 simonswine

Sorry should have been clearer. I meant utilizing vault as a storage backend for obtained certificates (and keys) and ACME user keys etc.. Basically, instead of utilizing k8s secrets, it'd be nice to utilize Vault instead (and even others down the road)

InAnimaTe avatar Feb 23 '17 19:02 InAnimaTe

+1. Kubernetes secrets are misnamed. They are not secret; they are available to anything in the cluster and they are stored in Base64. Support for HashiCorp Vault would be much better, especially for private key storage.

llpaul avatar Mar 22 '17 14:03 llpaul

+1

dodizzle avatar Oct 23 '17 16:10 dodizzle

+1 Kubernetes secrets are not secure enough for some production workloads.

madmod avatar Jan 25 '18 21:01 madmod

Looks like the request behavior works as requested using a bash shell script to wrap, someone likely could add similar support into this agent. https://github.com/ketchoop/letsencrypt-to-vault

Following up as I came across for an unrelated Vault + ACME protocol search.

masteinhauser avatar Mar 14 '18 14:03 masteinhauser