My private git repos are a mess when it comes to secrets. I’ve wanted to implement vault for a while now. It will allow me to start removing the secrets from plain text files in git. Vault allows me to store everything in a central location and in the future even dynamically generate secrets. In this one I’ll go over how I set up Vault Secrets Operator (VSO) to sync Vault secrets to Kubernetes.

I’ve been using StepCA in the GDC for a little while now, you can see how I set it up here. While StepCA was great I’ve decided to step away from it for a couple of reasons. StepCA was falling over way too often and I’d have to restart the container, then re-issue all the expired certs. I wanted to implement HashiCorp Vault for application secrets. Vault has PKI capability so it just made sense to consolidate the two.