• Table of Contents
• CyberArk Secrets Provider for Kubernetes
  • Supported services
  • Using This Project With Conjur Open Source
• Releases
  • Stable release definition
• Development
• Documentation
• Maintainers
• Community
• License

The CyberArk Secrets Provider for Kubernetes enables Conjur Enterprise (formerly known as DAP) to retrieve secrets stored and managed in the CyberArk Vault. The secrets can be consumed by your Kubernetes or Openshift application containers. To retrieve the secrets from Conjur or Conjur Enterprise, the CyberArk Secrets Provider for Kubernetes runs as an init container or application container and fetches the secrets that the pods require.

To deploy the CyberArk Secrets Provider for Kubernetes as an application container, supporting multiple applications please see the Secrets Provider helm chart.

• Conjur Enterprise 11.1+

• Conjur Open Source v1.4.2+

• GKE

• K8s 1.11+

• Openshift 3.11, 4.5, 4.6, and 4.7 (Conjur Enterprise only)

Are you using this project with Conjur Open Source? Then we strongly recommend choosing the version of this project to use from the latest Conjur OSS suite release. Conjur maintainers perform additional testing on the suite release versions to ensure compatibility. When possible, upgrade your Conjur version to match the latest suite release; when using integrations, choose the latest suite release that matches your Conjur version. For any questions, please contact us on Discourse.

The primary source of CyberArk Secrets Provider for Kubernetes releases is our Dockerhub.

When we release a version, we push the following images to Dockerhub:

1. Latest
2. Major.Minor.Build
3. Major.Minor
4. Major

We also push the Major.Minor.Build image to our Red Hat registry.

We push the following tags to Dockerhub:

Edge - on every successful main build an edge tag is pushed (cyberark/secrets-provider-for-k8s:edge).

Latest - on every release the latest tag will be updated (cyberark/secrets-provider-for-k8s:latest). This tag means the Secrets Provider for Kubernetes meets the stability criteria detailed in the following section.

Semver - on every release a Semver tag will be pushed (cyberark/secrets-provider-for-k8s:1.1.0). This tag means the Secrets Provider for Kubernetes meets the stability criteria detailed in the following section.

The CyberArk Secrets Provider for Kubernetes is considered stable when it meets the core acceptance criteria:

• Documentation exists that clearly explains how to set up and use the provider and includes troubleshooting information to resolve common issues.
• A suite of tests exist that provides excellent code coverage and possible use cases.
• The CyberArk Secrets Provider for Kubernetes has had a security review and all known high and critical issues have been addressed. Any low or medium issues that have not been addressed have been logged in the GitHub issue backlog with a label of the form security/X
• The CyberArk Secrets Provider for Kubernetes is easy to setup.
• The CyberArk Secrets Provider for Kubernetes is clear about known limitations and bugs, if they exist.

We welcome contributions of all kinds to CyberArk Secrets Provider for Kubernetes. For instructions on how to get started and descriptions of our development workflows, see our contributing guide.

You can find official documentation on our site.

Oren Ben Meir

Nessi Lahav

Sigal Sax

Moti Cohen

Dekel Asaf

Elad Kugman

Abraham Kotev Emet

Eran Hadar

Tamir Zheleznyak

Inbal Zilberman

Interested in checking out more of our open source projects? See our open source repository!

The CyberArk Secrets Provider for Kubernetes is licensed under the Apache License 2.0 - see LICENSE for more details.