OCI Secrets Store CSI Driver Provider enables Kubernetes clusters to access secrets in Vault
- Services: Kubernetes Engine
- Release Date: February 02, 2023
When you create Kubernetes clusters using Container Engine for Kubernetes, you can now choose to store application secrets in an external secrets store, accessed using the Kubernetes Secrets Store CSI driver (secrets-store.csi.k8s.io).
The Secrets Store CSI driver integrates secrets stores with Kubernetes clusters as Container Storage Interface (CSI) volumes. The Secrets Store CSI driver enables Kubernetes clusters to mount multiple secrets, keys, and certificates stored in external secrets stores into pods as a volume. Once the volume is attached, the data in the volume is mounted into the application container’s file system. OCI Vault is one such external secrets store, and Oracle provides the open source OCI Secrets Store CSI Driver Provider to enable Kubernetes clusters to access secrets in Vault. For more information, see the OCI Secrets Store CSI Driver Provider documentation on GitHub.
Alternatively, you can continue to use the current method of storing application secrets in etcd, which is still supported.
For more information, see Managing Secrets for Kubernetes Clusters.