Hello @Baharul Islam
Best practice guidance - Don't define credentials in your application code. Use managed identities for Azure resources to let your pod request access to other resources.
Use Use pod managed identities together with Azure Key Vault with Secrets Store CSI Driver.
However there are few ways how you can integrate Azure AKS with KeyVault.
- Using SDK https://learn.microsoft.com/en-us/azure/azure-app-configuration/use-key-vault-references-dotnet-core?tabs=cmd%2Ccore2x
You should specify SecretID and SecretValue or use Managed Identity. - You have already mentioned https://learn.microsoft.com/en-us/azure/key-vault/general/key-vault-integrate-kubernetes
This is best practice as it is used managed identities together with KeyVault. - Kubernetes also has its own secrets and they can be used in one of three ways, according to the official Kubernetes documentation:
Mounted as files in a volume on containers inside a Pod or Deployment.
Referenced as an environment variable in the Pod or Deployment specification.
Used by the Kubelet when pulling images from private registries via the imagePullSecret key in the Pod specification.
https://learn.microsoft.com/en-us/azure/aks/developer-best-practices-pod-security