Secrets Store CSI Driver was developed by Microsoft to allow for secure access of Azure KeyVault secrets from an AKS cluster.

It addresses a shortcoming with Kubernets secrets, whereby they are only Base64-encoded, and can therefore be easily read.

Secrets Store CSI Driver provides seamless integration with Azure Keyvault, and allows you to access Kubernetes secrets via environment variables or as volumes (more secure) mounted to your Pod.

Be sure to check out my blog post on Medium for more details on this setup.

1. Set up the environment variables

Fill out the values in scripts/0-env_vars.sh

2. Create the demo Key Vault in Azure

./scripts/1-keyvault_creation.sh

3. Install Secrets Store CSI Driver for Azure v0.0.10 and Azure Pod Identity v1.7.0 in your Kubernetes cluster

./scripts/2-aks_setup.sh

4. Deploy the Kubernetes manifests

Be sure to edit aadpodidentity-and-binding.yml and secret-provider-class.yml before applying the changes to Kubernetes.

• Secrets Store CSI Driver
• Secrets Store CSI Driver - Pod Identity
• AAD Pod Identity
• Cloud IQ - Implementing Azure AD Pod Identity in AKS Cluster
• Medium - Using AAD Pod Identity in an AKS Cluster
• Secrets Store CSI Driver with Pod Identity Tutorial