 21b11b47d6
			
		
	
	21b11b47d6
	
	
	
		
			
			Completed review comments Minor abbreviation fix Moved topics into its own VNF Integration section Fixed abbreviations Re-organized Kubernetes topics Change-Id: I8940d3572b789990d3b5f2d201f8ec8a46ce2943 Signed-off-by: Keane Lim <keane.lim@windriver.com>
		
			
				
	
	
		
			32 lines
		
	
	
		
			1.2 KiB
		
	
	
	
		
			ReStructuredText
		
	
	
	
	
	
			
		
		
	
	
			32 lines
		
	
	
		
			1.2 KiB
		
	
	
	
		
			ReStructuredText
		
	
	
	
	
	
| 
 | |
| .. myx1596548399062
 | |
| .. _kubernetes-user-tutorials-vault-overview:
 | |
| 
 | |
| ==============
 | |
| Vault Overview
 | |
| ==============
 | |
| 
 | |
| You can optionally integrate open source Vault secret management into the
 | |
| |prod| solution. The Vault integration requires :abbr:`PVC (Persistent Volume
 | |
| Claims)` as a storage backend to be enabled.
 | |
| 
 | |
| There are two methods for using Vault secrets with hosted applications:
 | |
| 
 | |
| .. _kubernetes-user-tutorials-vault-overview-ul-ekx-y4m-4mb:
 | |
| 
 | |
| #.  Have the application be Vault Aware and retrieve secrets using the Vault
 | |
|     REST API. This method is used to allow an application write secrets to
 | |
|     Vault, provided the applicable policy gives write permission at the
 | |
|     specified Vault path. For more information, see
 | |
|     :ref:`Vault Aware <vault-aware>`.
 | |
| 
 | |
| #.  Have the application be Vault Unaware and use the Vault Agent Injector to
 | |
|     make secrets available on the container filesystem. For more information,
 | |
|     see, :ref:`Vault Unaware <vault-unaware>`.
 | |
| 
 | |
| Both methods require appropriate roles, policies and auth methods to be
 | |
| configured in Vault.
 | |
| 
 | |
| .. xreflink For more information, see |sec-doc|: :ref:`Vault Secret
 | |
|    and Data Management <security-vault-overview>`.
 |