Vault OverviewΒΆ
StarlingX integrates open source Vault containerized security application (Optional) into the StarlingX solution, that requires PVCs as a storage backend to be enabled.
Vault is a containerized secrets management application that provides encrypted storage with policy-based access control and supports multiple secrets storage engines and auth methods.
StarlingX includes a Vault-manager container to handle initialization of the Vault servers. Vault-manager also provides the ability to automatically unseal Vault servers in deployments where an external autounseal method cannot be used. For more information, see, https://www.vaultproject.io/.
There are two methods for using Vault secrets with hosted applications:
The first method is to have the application be Vault Aware and retrieve secrets using the Vault REST API. This method is used to allow an application to write secrets to Vault, provided the applicable policy gives write permission at the specified Vault path.
The second method is to have the application be Vault Unaware and use the Vault Agent Injector to make secrets available on the container filesystem.