AppsCode
  • KubeDB

    Run Production-Grade Databases on Kubernetes

    KubeStash New

    Backup and Recovery Solution for Kubernetes

    Stash

    Backup and Recovery Solution for Kubernetes

    KubeVault

    Run Production-Grade Vault on Kubernetes

    Voyager

    Secure Ingress Controller for Kubernetes

    ConfigSyncer

    Kubernetes Configuration Syncer

    Guard

    Kubernetes Authentication WebHook Server

    KubeDB

    KubeDB simplifies Provisioning, Upgrading, Scaling, Volume Expansion, Monitor, Backup, Restore for various Databases in Kubernetes on any Public & Private Cloud

    • check-boxLower administrative burden
    • check-boxNative Kubernetes Support
    • check-boxPerformance
    • check-boxAvailability and durability
    • check-boxManageability
    • check-boxCost-effectiveness
    • check-boxSecurity
    kubestash

    A complete Kubernetes native disaster recovery solution for backup and restore your volumes and databases in Kubernetes on any public and private clouds.

    • check-boxDeclarative API
    • check-boxBackup Kubernetes Volumes
    • check-boxBackup Database
    • check-boxMultiple Storage Support
    • check-boxDeduplication
    • check-boxData Encryption
    • check-boxVolume Snapshot
    • check-boxPolicy Based Backup
    Stash

    A complete Kubernetes native disaster recovery solution for backup and restore your volumes and databases in Kubernetes on any public and private clouds.

    • check-boxDeclarative API
    • check-boxBackup Kubernetes Volumes
    • check-boxBackup Database
    • check-boxMultiple Storage Support
    • check-boxDeduplication
    • check-boxData Encryption
    • check-boxVolume Snapshot
    • check-boxPolicy Based Backup
    KubeVault

    KubeVault is a Git-Ops ready, production-grade solution for deploying and configuring Hashicorp's Vault on Kubernetes.

    • check-boxVault Kubernetes Deployment
    • check-boxAuto Initialization & Unsealing
    • check-boxVault Backup & Restore
    • check-boxConsume KubeVault Secrets with CSI
    • check-boxManage DB Users Privileges
    • check-boxStorage Backend
    • check-boxAuthentication Method
    • check-boxDatabase Secret Engine
    Voyager

    Secure Ingress Controller for Kubernetes

    • check-boxHTTP & TCP
    • check-boxSSL
    • check-boxPlatform support
    • check-boxHAProxy
    • check-boxPrometheus
    • check-boxLet's Encrypt
    configsyncer

    Kubernetes Configuration Syncer

    • check-boxConfiguration Syncer
    Guard

    Kubernetes Authentication WebHook Server

    • check-boxIdentity Providers
    • check-boxCLI
    • check-boxRBAC
  • RESOURCES
  • Webinar New
CONTACT SALES
KubeVault
github-icon twitterx-icon
TRY NOW FREE
  • Welcome
  • Concepts
  • Setup
  • Guides
  • Vault Operator
    KubeVault CLI
    Vault Unsealer
You are looking at the documentation of a prior release. To read the documentation of the latest release, please visit here.

New to KubeVault? Please start here.

mode.azureKeyVault

To use azureKeyVault mode specify mode.azureKeyVault. In this mode, unseal keys and root token will be stored in Azure Key Vault as secret.

spec:
  unsealer:
    mode:
      azureKeyVault:
        vaultBaseURL: <vault_base_url>
        tenantID: <tenant_id>
        clientCertSecret: <secret_name>
        aadClientSecret: <secret_name
        useManagedIdentity: <true/false>
        cloud: <cloud_environment_identifier>

mode.azureKeyVault has the following fields:

azureKeyVault.vaultBaseURL

azureKeyVault.vaultBaseURL is a required field that specifies the Azure key vault URL.

spec:
  unsealer:
    mode:
      azureKeyVault:
        vaultBaseURL: "https://myvault.vault.azure.net"

azureKeyVault.tenantID

azureKeyVault.tenantID is a required field that specifies Azure Active Directory tenant ID.

spec:
  unsealer:
    mode:
      azureKeyVault:
        tenantID: "aaa-ddd-ffff-343455"

azureKeyVault.clientCertSecret

azureKeyVault.clientCertSecret is an optional field that specifies the name of the secret containing client cert and client cert password. The secret contains the following fields:

  • client-cert
  • client-cert-password
spec:
  unsealer:
    mode:
      azureKeyVault:
        clientCertSecret: "azure-client-cert-cred"

azureKeyVault.aadClientSecret

azureKeyVault.aadClientSecret is an optional field that specifies the name of the secret containing client id and client secret of AAD application. The secret contains the following fields:

  • client-id
  • client-secret
spec:
  unsealer:
    mode:
      azureKeyVault:
        aadClientSecret: "azure-aad-client-cred"

azureKeyVault.useManageIdentity

azureKeyVault.useManageIdentity is an optional field that specifies to use managed service identity for the virtual machine.

spec:
  unsealer:
    mode:
      azureKeyVault:
        useManageIdentity: true

Note: One of azureKeyVault.clientCertSecret or azureKeyVault.aadClientSecret or azureKeyVault.useManageIdentity has to be specified.

azureKeyVault.cloud

azureKeyVault.cloud is an optional field that specifies the cloud environment identifier. If it is not specified, then AZUREPUBLICCLOUD will be used as default.

spec:
  unsealer:
    mode:
      azureKeyVault:
        cloud: "AZUREGERMANCLOUD"

What's on this Page

Search
Improve This Page