Skip to content

Vault CSI Driver

The Vault CSI driver allows pods to access secrets stored in HashiCorp Vault. The driver supports reading secrets from Vault.

Prerequisites

  • Kubernetes cluster
  • Vault installed and running (This guide assumes external installation)

Installation

Installation process is very straightforward, CSI Driver can be installed using Helm chart provided by HashiCorp. Additionally, the Kubernetes requires installing CSI driver installation, both of which, for simplicity, have been included in a single Chart.yaml file on our github repo.

You can build and install the cart simply by running the following:

helm dependency build
helm install <release> . -n <namespace> --create-namespace

Additionally the Vault chart will install injector, so we can use both the CSI and sidecar injector.

Usage

Mounting secrets inside Kubernetes is explained in a separate document, please refer to the Mounting Secrets.

Troubleshooting

Enable log_level and log_request_level to debug in vault.hcl, as default log level doesn't provide any information about breaking integrations. You will need to restart (and unseal) the Vault to apply the changes.

log_level = "debug"
log_request_level = "debug"