GCP Secret Engine

KubeVault lets you enable and configure GCP Secret Engine. You can create Secret containing the GCP credentials and also create RBAC Role and RoleBinding.

helm install kubedb oci://ghcr.io/appscode-charts/kubedb \
  --version v2024.9.30 \
  --namespace kubedb --create-namespace \
  --set-file global.license=/path/to/the/license.txt \
  --wait --burst-limit=10000 --debug
Enable and Configure Secret Engine

Enable and Configure Secret Engine

Secrets Engines are components which store, generate, or encrypt data. Secrets Engines are incredibly flexible, so it is easiest to think about them in terms of their function. Secrets Engines are provided with some set of data, they take some action on that data, and they return a result. KubeVault lets you enable & configure GCP Secret Engine in a Kubernetes native way.

Role

In a Secret Engine, a role describes an identity with a set of permissions, groups, or policies you want to attach to a user of the Secret Engine. KubeVault operator lets you create GCPRole in a Secret Engine.

Role
Secret Access Request

Secret Access Request

A SecretAccessRequest is a Kubernetes CustomResourceDefinition (CRD) which allows a user to request a Vault server for credentials in a Kubernetes native way. A SecretAccessRequest can be created under GCPRole that can be enabled in a SecretEngine. KubeVault operator lets you manage your DB user privileges with dynamic secrets rather than hard-coded credentials using SecretAccessRequest. This means that services that need to access a database no longer need to hardcode credentials.

Secret Role Binding

A SecretRoleBinding is a Kubernetes CustomResourceDefinition (CRD) which allows a user to bind a set of roles to a set of users. Using the SecretRoleBinding it’s possible to bind GCPRole to Kubernetes ServiceAccounts. This way is more machine friendly and convenient for running your application with specific permissions.

Secret Role Binding

What They Are Talking About us

Trusted by top engineers at the most ambitious companies

Run and Manage your Database on Kubernetes FREE !

KubeVault is FREE to use on any supported Kubernetes engines. You can deploy and manage your database in Kubernetes using KubeVault. There is no up-front investment required. We offer a 30 days license FREE of cost to try KubeVault.