[keycloak-dev] File-based Vault implementation

Pedro Igor Silva psilva at redhat.com
Tue Aug 13 08:41:35 EDT 2019


On Mon, Aug 12, 2019 at 11:43 PM Sebastian Laskawiec <slaskawi at redhat.com>
wrote:

> Writing anything by a running Pod is very tricky. In theory you could use a
> Persistent Volume but this doesn't work with Secrets very well. So at least
> in Kubernetes/OpenShift scenario, having a read-only vault and delegating
> manipulating vault's secrets to the environment is the most natural way to
> tackle this.
>

It seems that a lot of people is using the Vault by HashiCorp to manage
k8s/app sensitive data such as credentials. How useful a file-based vault
would be if you are already using HashiCorp ?

I think there is an ongoing work in Quarkus to support HashiCorp's Vault.
Maybe it is worthy to consider it or maybe wait for KC.Next :)


More information about the keycloak-dev mailing list