Kuberetes Secret vs. Vault
General Recommendations Use kubernetes Secret if Secrets does not change often and are used exclusively within kubernetes Use secrets for things which are actually secret like API keys, credentials, etc Use config map for not-secret configuration data Use Vault with K8S Authentication method if: secrets need to be used outside of kubernetes containers Solution comparison chart K8S Secret Vault with K8S Vault with K8S Auth method Do we need to provision secret zero to our app/cluster in order to bootstrap trust? Yes, database encryption key and tls certs need to be provisioned to setup the K8S cluster via other means K8S Vault Controller need to be authenticated with Vault. Authentication need to be setup between Vault and K8S. Is it cloud provider agnostic? Yes, but limited to app running in containers managed by K8S Yes, but relies on Hashicorp Vault Relies on Hashicorp Vault Amount of effort to integrate into application