Run HashiCorp Vault on Kubernetes the easy way — auto-unseal, config as code, and transparent secret injection — with Bank-Vaults.

Welcome to Bank-Vaults: HashiCorp Vault on Kubernetes.

A practical, in-depth guide to Bank-Vaults, the toolkit and Kubernetes operator that makes HashiCorp Vault practical on Kubernetes. Learn how Bank-Vaults automates the operational complexity of Vault: the Vault-on-Kubernetes problem, the operator/webhook/CLI/SDK architecture, running Vault declaratively, automatic unsealing with cloud KMS, configuration as code (auth, policies, secret engines), transparent secret injection via the mutating webhook, the security model and least privilege, and operating Vault as critical secrets infrastructure.

This title is part of the ShriIra library and is free to read in full, right here — our small contribution to making world-class knowledge easy to reach.

A note on reading it: open the Contents menu at the top of the reader to jump between chapters, use the Aa menu to set a comfortable text size, theme (light, sepia, or night), and single- or two-page layout. Your place is saved automatically, so you can always pick up where you left off.

We hope it serves you well.

— Shriira Press

Contents

1. Chapter 1 — What Bank-Vaults Is
2. Chapter 2 — The Vault-on-Kubernetes Problem
3. Chapter 3 — Architecture
4. Chapter 4 — The Vault Operator
5. Chapter 5 — Automatic Unsealing
6. Chapter 6 — Configuration as Code
7. Chapter 7 — Secret Injection
8. Chapter 8 — Security Model and Best Practices
9. Chapter 9 — Operations and Observability
10. Chapter 10 — Bank-Vaults in Practice