CSI Secret Store Driver

Question

CSI Secret Store Driver

Opened this issue 3 years ago · 4 comments

User Story

As a cluster administrator
I want to offer my users in their namespaced environement the ability to retrieve secrets using -now standardized- CSI secret drivers
So that i can easily offer alternative secret provider in case of specific needs and still offer the same syntax to end users

Test Scenarios

Given the CSI driver is deployed on the cluster by an administrator
When a user creates their SecretProviderClass and secrets-store-inline
Then the user is able to retrieve secrets with inline volume

Given the CSI driver is deployed on the cluster by an administrator
When a user creates their SecretProviderClass with secretObjects
Then the user is able to retrieve secrets within a synchronized kubernetes secret

Implementation

Notes

CSI driver repository
https://github.com/kubernetes-sigs/secrets-store-csi-driver

Syntax example: Sync as inline volume
https://secrets-store-csi-driver.sigs.k8s.io/getting-started/usage.html

Sync as secret
https://secrets-store-csi-driver.sigs.k8s.io/topics/sync-as-kubernetes-secret.html

Implementation Tasks

The following issues have been created to implement this user story:

Answer 1 · 2021-11-05T18:05:18.000Z

Thanks for submitting this issue @Sheepux ! We are reviewing the request.

Answer 2 · 2021-11-08T19:14:49.000Z

We are aware of the CSI standard and see the value in using it serve secrets. However, at this time, we have no immediate plans to integrate. If you are interested in contributing such an integration, perhaps provide some more details about the implementation you envision. Thanks.

Answer 3 · 2023-03-15T12:11:41.000Z

Any updates in this area? It would be nice to have a similar integration as for e.g. HashiCorp Vault (https://github.com/hashicorp/vault-csi-provider)

Answer 4 · 2023-12-13T04:26:32.000Z

Any updates in this area? Looks like Secret Store CSI Driver will be a standard way in k8s now.