How to deliver secrets from a volt to applications deployed in a cube

Master class plan:

• Consider delivering secrets via Bank-vaults
• Deploy an application with static and dynamic secrets
• Consider how to differentiate access and bypass restrictions
• Let's look at how to deliver secrets via Vault Agent

We will need:

• Workshop repository
• K8S cluster (minikube or any other cluster available to you, where you have admin access)
• kubectl
• helm
• jq
• curl
• GNU sed (by default on Linux, on mac os you need to install it separately, you can use brew)
• GNU make (optional)
• Docker (optional)

What will we do:

• Start an instance of a volta in a cube
• Configure it
• Deploy Banzaicloud Vault Secrets Webhook
• We will deploy the application several times, including several applications with different access in the same namespace, and consider how to transfer static secrets (KeyValue), as well as dynamic (DB Secrets Engine)
• Let's look at how you can transfer secrets to an application using the Vault Agent

introductory presentation