You are looking at the documentation of a prior release. To read the documentation of the latest release, please visit here.


Concepts help you learn about the different parts of KubeVault and the abstractions it uses.

  • What is KubeVault?
    • Overview. Provides an introduction to KubeVault operator, including the problems it solves and its use cases.
    • Operator architecture. Provides a high-level illustration of the architecture of the KubeVault operator.


Introduces a way to specify connection information, credential, and parameters that are necessary for communicating with an app or service.

Vault Server Version

Introduces the concept of VaultServerVersion to specify the docker images of HashiCorp Vault, Unsealer, and Exporter.

Vault Server

Introduces the concept of VaultServer for configuring a HashiCorp Vault server in a Kubernetes native way.

Secret Engine

SecretEngine is a Kubernetes Custom Resource Definition(CRD). It provides a way to enable and configure a Vault secret engine.

Vault Policy

Everything in the Vault is path-based, and policies are no exception. Policies provide a declarative way to grant or forbid access to certain operations in Vault. Policies are deny by default, so an empty policy grants no permission in the system.

  • VaultPolicy: is used to create, update or delete Vault policies.
  • VaultPolicyBinding: is used to create Vault auth roles associated with an authentication type/entity and a set of Vault policies.