Applications running on Kubernetes require access to sensitive information like passwords, SSH keys, and authentication tokens. But how do you configure your applications when the source of truth for these secrets is an external secret store? What if you need to securely store, retrieve and perform zero-touch rotation of these secrets? Meet the Secrets Store CSI Driver, a Kubernetes sig-auth sub-project providing a simple way to retrieve secrets from enterprise-grade external stores such as Azure Key Vault, AWS Secrets Manager, Google Secret Manager, and HashiCorp Vault.
In this session, we will demonstrate how to use the Secrets Store CSI Driver to mount and rotate sensitive information from external secrets stores into Kubernetes applications. We will also the discuss trade-offs of Secrets Store CSI Driver versus other solutions for accessing external secret stores, and how Secrets Store CSI Driver Custom Resource Definitions (CRDs) are used enable pod portability across Kubernetes environments.
