Manage DB Users Privileges

KubeVault works seamlessly with KubeDB managed DBs, CRDs like SecretAccessRequest, SecretRoleBinding etc. to grant, revoke, audit user privileges convenient.

$ helm repo add appscode https://charts.appscode.com/stable/
$ helm repo update
$ helm install kubevault appscode/kubevault \
--version v2022.09.22 \
--namespace kubevault --create-namespace \
--set-file global.license=/path/to/the/license.txt
Manage DB Users Privileges using SecretAccessRequest

Manage DB Users Privileges using SecretAccessRequest

A SecretAccessRequest is a Kubernetes CustomResourceDefinition (CRD) which allows a user to request a Vault server for credentials in a Kubernetes native way. A SecretAccessRequest can be created under various roles that can be enabled in a SecretEngine like AWSRole, GCPRole, ElasticsearchRole, MongoDBRole, etc. This is a more human friendly way to manage DB privileges. KubeVault operator lets you manage your DB user privileges with dynamic secrets rather than hard-coded credentials using SecretAccessRequest. This means that services that need to access a database no longer need to hardcode credentials. They can simply request them from Vault. Thus granting, revoking and monitoring user privileges is extremely easy with KubeVault.

Manage DB Users Privileges using SecretRoleBinding

A SecretRoleBinding is a Kubernetes CustomResourceDefinition (CRD) which allows a user to bind a set of roles to a set of users. Using the SecretRoleBinding it’s possible to bind various roles like AWSRole, GCPRole, ElasticsearchRole, MongoDBRole, etc. to Kubernetes ServiceAccounts. This way is more machine friendly and convenient for running your application with specific permissions. Injecting Vault Secrets into Kubernetes resources requires specific permissions & using SecretRoleBinding it’s very easy to bind a set of policies to a set of Kubernetes Service Accounts.

Manage DB Users Privileges using SecretRoleBinding

What They Are Talking About us

Trusted by top engineers at the most ambitious companies

Run Production-Grade Vault on Kubernetes FREE !

KubeVault community edition is FREE to use on any supported Kubernetes engines. There is no up-front investment required. We offer a 30 days license FREE of cost to try KubeVault Enterprise edition.