Documentation
Bank-Vaults is a Vault swiss-army knife: a K8s operator, Go client with automatic token renewal, automatic configuration, multiple unseal options and more. A CLI tool to init, unseal and configure Vault (auth methods, secret engines). Direct secret injection into Pods.
We provide the following tools for Hashicorp Vault to make its usage easier and more automated:
- bank-vaults CLI makes working with Hashicorp Vault easier. For example, it can automatically initialize, unseal, and configure Vault.
- Vault operator is a Kubernetes operator that helps you operate Hashicorp Vault in a Kubernetes environment.
- Vault secrets webhook is a mutating webhook for injecting secrets directly into Kubernetes pods, config maps and custom resources.
- Vault SDK is a Go client wrapper for the official Vault client with automatic token renewal, built-in Kubernetes support, and a dynamic database credential provider. It makes it easier to work with Vault when developing your own Go applications.
In addition, we also provide Helm charts for installing various components, as well as a collection of scripts to support advanced features (for example, dynamic SSH).
Version compatibility matrix
Operator | Bank-Vaults CLI | Vault1 |
---|---|---|
1.21.x | >= 1.20.3 | 1.11.x 1.12.x 1.13.x 1.14.x |
1.20.x | >= 1.19.0 | 1.10.x 1.11.x 1.12.x 1.13.x |
We provide patches and security fixes for the last two minor versions.
First step
- If you are new to Bank-Vaults, begin with the getting started guide.
- If you need help using Bank-Vaults, see the Support page for ways to contact us.
Support
If you encounter problems while using Bank-Vaults that the documentation does not address, you can open an issue or write to us on Slack.
-
The versions listed here are those with which the operator was tested. Newer versions may also be compatible. ↩︎