Bank-Vaults is a Vault swiss-army knife: a K8s operator, Go client with automatic token renewal, automatic configuration, multiple unseal options and more. A CLI tool to init, unseal and configure Vault (auth methods, secret engines). Direct secret injection into Pods.

We provide the following tools for Hashicorp Vault to make its usage easier and more automated:

  • bank-vaults CLI makes working with Hashicorp Vault easier. For example, it can automatically initialize, unseal, and configure Vault.
  • Vault operator is a Kubernetes operator that helps you operate Hashicorp Vault in a Kubernetes environment.
  • Vault secrets webhook is a mutating webhook for injecting secrets directly into Kubernetes pods, config maps and custom resources.
  • Vault SDK is a Go client wrapper for the official Vault client with automatic token renewal, built-in Kubernetes support, and a dynamic database credential provider. It makes it easier to work with Vault when developing your own Go applications.

Bank-Vaults overview

In addition, we also provide Helm charts for installing various components, as well as a collection of scripts to support advanced features (for example, dynamic SSH).

Version compatibility matrix

OperatorBank-Vaults CLIVault1

We provide patches and security fixes for the last two minor versions.

First step

  1. The versions listed here are those with which the operator was tested. Newer versions may also be compatible. ↩︎