Using secretclass provider to use key vault from a different resource group to AKS

Sunny 21 Reputation points
2022-05-09T14:45:17.537+00:00

Hello,

I am trying to access Keyvault secrets within my AKS cluster. Currently using helmdeploy task to accomplish this with secretproviderclass. There is no option to declare that the Key Vault is in a different resource group, am assuming just the name of the key vault in the values file should suffice assuming that this is at subscription scope. The helm deploy works with no errors but I still cant see my keyvault name when i use kubectl to get secrets. I am bit of a novice when it comes to integrating services. Any help is much appreciated.

Thanks & Regards
Sunny

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,180 questions
Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,979 questions
0 comments No comments
{count} votes

Accepted answer
  1. shiva patpi 13,166 Reputation points Microsoft Employee
    2022-05-10T00:52:13.003+00:00

    Hello @Sunny ,
    If the keyvault is under the same subscription and as the name of the keyvault is always unique , hence no need to mention the complete path.
    You won't be able to see the keyvault name any where by using kubectl get secrets - Basically that SecretProvideClass is mainly used to mount the secrets by fetching from the keyvault either at the POD creation time as a part of ENV variables or after pod creation if the application wants to retrieve the secrets from keyvault !

    Couple of examples how to retrieve the secrets from keyvault

    https://learn.microsoft.com/en-us/azure/aks/csi-secrets-store-driver

    Mounting Secrets:
    https://learn.microsoft.com/en-us/azure/aks/csi-secrets-store-driver#sync-mounted-content-with-a-kubernetes-secret
    Using Environment variables to access secrets via YAML:
    https://learn.microsoft.com/en-us/azure/aks/csi-secrets-store-driver#sync-mounted-content-with-a-kubernetes-secret

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful