sync autorenewed certificate in keyvault with AKS secrets

Pratim Das, Partha C 306 Reputation points
2020-11-20T13:27:44.88+00:00

I'm storing TLS certificates of AKS in Azure Keyvault certificates. When these certificates in Key Vault auto renews, how that can be automatically synced with AKS secrets with out devops?

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,159 questions
Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,931 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. shiva patpi 13,156 Reputation points Microsoft Employee
    2020-11-20T19:15:55.437+00:00

    Hello @Pratim Das, Partha C ,
    Right now there is no automatic Sync integration between AKS and Keyvault TLS certificates.
    You can find more details @ https://github.com/MicrosoftDocs/azure-docs/issues/28137

    Couple of alternate options were also discussed there :-

    https://learn.microsoft.com/en-us/azure/aks/faq#is-azure-key-vault-integrated-with-aks

    However, using the above link, you will see that the Azure Key Vault FlexVolume for Kubernetes project enables direct integration from Kubernetes pods to KeyVault secrets.

    https://github.com/Azure/kubernetes-keyvault-flexvol