1

AFAIK administrators can use exec to execute commands in a container running in kubernetes. This means that they can see all the secrets correct?

Now if the secret is used to connect to something externally, which that administrator does not have access to, how can I avoid that the adminstrator gets access to that external system?

Do I need to use something like Hashicorps Vault?

Improve this question

1 Answer 1

Reset to default
1

Do I need to use something like Hashicorps Vault?

Generally, yes: you need an external encrypted source in order to separate secret management (readable by admins with the right RBAC) and secrets.

For instance, something like hashicorp/vault-plugin-auth-kubernetes can help and allows for Kubernetes Service Accounts to authenticate with Vault.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

If admin can get the service account token and then use it to authenticate with vault plugin, how is that preventing admin from seeing secrets in vault?
@bits It won't (a cluster-admin can access anything in his/her cluster). But the reason I was thinking about Vault as an external secret manager is because of mfa (vaultproject.io/docs/auth/mfa.html): multiple factor authentication. That could at least mitigate the admin access.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.