Bank-Vaults is now a CNCF Sandbox project.

Bank Vaults is a thick, tricky, shifty right with a fast and intense tube for experienced surfers only, located on Mentawai. Think heavy steel doors, secret unlocking combinations and burly guards with smack-down attitude. Watch out for clean-up sets.

Bank-Vaults is an umbrella project which provides various tools for Cloud Native secret management, including:

• Bank-Vaults CLI to make configuring Hashicorp Vault easier
• Vault Operator to make operating Hashicorp Vault on top of Kubernetes easier
• Secrets Webhook to inject secrets directly into Kubernetes pods
• Vault SDK to make working with Vault easier in Go
• and others

Some of the usage patterns are highlighted through these blog posts:

• Authentication and authorization of Pipeline users with OAuth2 and Vault
• Dynamic credentials with Vault using Kubernetes Service Accounts
• Dynamic SSH with Vault and Pipeline
• Secure Kubernetes Deployments with Vault and Pipeline
• Vault Operator
• Vault unseal flow with KMS
• Monitoring Vault on Kubernetes using Cloud Native technologies
• Inject secrets directly into pods from Vault
• Backing up Vault with Velero
• Vault replication across multiple datacenters on Kubernetes
• More blog posts about Bank-Vaults
• Bank Vaults Configuration Helm Chart

The official documentation is available at https://bank-vaults.dev.

For an optimal developer experience, it is recommended to install Nix and direnv.

Alternatively, install Go on your computer then run make deps to install the rest of the dependencies.

Make sure Docker is installed with Compose and Buildx.

Fetch required tools:

make deps

Run project dependencies:

make up

Run the test suite:

make test
make test-integration

Run linters:

make lint # pass -j option to run them in parallel

Some linter violations can automatically be fixed:

make fmt

Build artifacts locally:

make artifacts

Once you are done either stop or tear down dependencies:

make stop

# OR

make down

Kudos to HashiCorp for open sourcing Vault and making secret management easier and more secure.

The project is licensed under the Apache 2.0 License.