finds.dev← search

// the find

Boostport/kubernetes-vault

★ 937 · Go · Apache-2.0 · updated Mar 2021

Use Vault to store secrets for Kubernetes!

A controller + init-container pair that pushed Vault AppRole secret_ids into Kubernetes pods at startup, back when Vault's native Kubernetes support was immature. The README itself says it's abandoned and you should use Vault's Kubernetes Auth Method and Vault Agent sidecar instead. This is a dead project.

HA clustering via Raft with gossip-based peer discovery was a real engineering lift for 2017-era tooling. Prometheus metrics with optional mTLS on the scrape endpoint shows operational seriousness. The three-mode flexibility (full token retrieval vs raw secret_id vs wrapped secret_id) let teams tune how much trust to delegate to the init container.

Unmaintained since 2021, targets Vault 0.6.3 and Kubernetes 1.6 — both are ancient. The problem it solved no longer exists: Vault Agent sidecar + Kubernetes Auth Method does the same thing better and is actively maintained by HashiCorp. Adopting this today would mean owning a dead codebase against a fast-moving Kubernetes API surface. Don't use this.

View on GitHub →

// want more like this?

We dig through GitHub every week and send a few repos picked for what you actually care about — each with an honest take like this one.

Get finds in your inbox → Search again →