You are looking at the documentation of a prior release. To read the documentation of the latest release, please
visit here.
Concepts
Concepts help you learn about the different parts of KubeVault and the abstractions it uses.
- What is KubeVault?
- Overview. Provides an introduction to KubeVault operator, including the problems it solves and its use cases.
- Operator architecture. Provides a high-level illustration of the architecture of the KubeVault operator.
AppBinding
Introduces a way to specify connection information, credential, and parameters that are necessary for communicating with an app or service.
Vault Server Version
Introduces the concept of VaultServerVersion
to specify the docker images of HashiCorp Vault, Unsealer, and Exporter.
Vault Server
Introduces the concept of VaultServer
for configuring a HashiCorp Vault server in a Kubernetes native way.
Vault Unsealer Options
Vault Server Storage
Authentication Methods for Vault Server
Secret Engine
SecretEngine
is a Kubernetes Custom Resource Definition
(CRD). It provides a way to enable and configure a Vault secret engine.
AWS IAM Secret Engine
GCP Secret Engine
Azure Secret Engine
Database Secret Engines
Secret Access Request
Vault Policy
Everything in the Vault is path-based, and policies are no exception. Policies provide a declarative way to grant or forbid access to certain operations in Vault. Policies are deny
by default, so an empty policy grants no permission in the system.
- VaultPolicy: is used to create, update or delete Vault policies.
- VaultPolicyBinding: is used to create Vault auth roles associated with an authentication type/entity and a set of Vault policies.