Bank-Vaults is now a CNCF Sandbox project.

Bank Vaults is a thick, tricky, shifty right with a fast and intense tube for experienced surfers only, located on Mentawai. Think heavy steel doors, secret unlocking combinations and burly guards with smack-down attitude. Watch out for clean-up sets.

Bank-Vaults is an umbrella project which provides various tools for Cloud Native secret management, including:

• Bank-Vaults CLI to make configuring Hashicorp Vault easier
• Vault Operator to make operating Hashicorp Vault on top of Kubernetes easier
• Secrets Webhook to inject secrets directly into Kubernetes pods
• Vault SDK to make working with Vault easier in Go
• and others

Some of the usage patterns are highlighted through these blog posts:

• Authentication and authorization of Pipeline users with OAuth2 and Vault
• Dynamic credentials with Vault using Kubernetes Service Accounts
• Dynamic SSH with Vault and Pipeline
• Secure Kubernetes Deployments with Vault and Pipeline
• Vault Operator
• Vault unseal flow with KMS
• Monitoring Vault on Kubernetes using Cloud Native technologies
• Inject secrets directly into pods from Vault
• Backing up Vault with Velero
• Vault replication across multiple datacenters on Kubernetes
• Bank Vaults Configuration Helm Chart

The official documentation is available at https://bank-vaults.dev.

Install Go on your computer then run make deps to install the rest of the dependencies.

Make sure Docker is installed with Compose and Buildx.

Fetch required tools:

make deps

Run project dependencies:

make up

Run the test suite:

make test
make test-integration

Run linters:

make lint # pass -j option to run them in parallel

Some linter violations can automatically be fixed:

make fmt

Build artifacts locally:

make artifacts

Once you are done either stop or tear down dependencies:

make stop

# OR

make down

Kudos to HashiCorp for open sourcing Vault and making secret management easier and more secure.

The project is licensed under the Apache 2.0 License.