Use Azure Key Vault to store secrets with Azure Kubernetes Service on Azure Stack Hub
Azure Key Vault provider for Secrets Store CSI driver allows you to get secret contents stored in an Azure Key Vault instance and use the Secrets Store CSI driver interface to mount them into Kubernetes pods.
Secrets store CSI driver
You can use the Secrets Store CSI driver to mount your secrets, keys, and certificates on pod start using a CSI volume. You can use the drives can be used to:
- Mount multiple secrets store objects as a single volume.
- Pod identity to restrict access with specific identities.
- Pod portability with the SecretProviderClass CRD.
- Windows containers (Kubernetes version v1.18+).
- Sync with Kubernetes Secrets (Secrets Store CSI Driver v0.0.10+).
- Multiple secrets stores providers in the same cluster.
Get started secrets store CSI driver
- Set up the correct role assignments and access policies.
- Install Azure Key Vault Provider for Secrets Store CSI Driver through Helm or YAML deployment files.
- Learn how to use the Azure Key Vault Provider and supported configurations.
- Get up to speed with the application workflow with the walkthrough.
Support for the driver
Azure Key Vault Provider for Secrets Store CSI Driver is an open source project that is not covered by the Microsoft Azure support policy. Please search open issues here, and if your issue isn't already represented open a new one. The project maintainers will respond to the best of their abilities.
Next steps
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for