Skip to content

Vault DB Injector

Overview

The Vault DB Injector is a Kubernetes-based application designed to dynamically generate database credentials using HashiCorp Vault and provide them as environment variables to Kubernetes Pods. The application leverages a Mutating Webhook to achieve this functionality, ensuring secure and automated management of database credentials.

Diagram

Key Features

1. Dynamic Database Credential Injection

  • Description: Automatically generates and injects database credentials into Kubernetes Pods at runtime using HashiCorp Vault.
  • Benefit: Enhances security by avoiding static credentials and ensuring credentials are rotated and managed dynamically.

2. Mutating Webhook

  • Description: Uses Kubernetes Mutating Admission Webhook to modify pod specifications on-the-fly and inject the necessary environment variables.
  • Benefit: Seamlessly integrates with Kubernetes, providing a transparent and automated way to manage secrets.

3. Configuration Management

  • Description: Supports configuration through YAML files and environment variables.
  • Benefit: Offers flexibility and ease of configuration for different deployment environments.

4. Error Monitoring with Sentry

  • Description: Integrates with Sentry to capture and report errors.
  • Benefit: Provides robust error tracking and monitoring, helping maintain application reliability and performance.

5. Logging

  • Description: Utilizes logrus for structured logging, supporting various log levels and JSON formatting.
  • Benefit: Ensures clear and consistent logging, aiding in debugging and monitoring.

6. Kubernetes Integration

  • Description: Provides utilities for interacting with the Kubernetes API, including service account token retrieval and client initialization.
  • Benefit: Facilitates seamless integration with Kubernetes clusters, enhancing the application's capabilities and ease of use.

7. Leader Election

  • Description: Implements leader election using Kubernetes resource locks to ensure high availability and fault tolerance.
  • Benefit: Ensures that critical tasks are performed by a single instance in a distributed system, enhancing reliability.

8. Health Checks

  • Description: Implements health check endpoints to monitor the application's status and readiness.
  • Benefit: Ensures the application is running correctly and is ready to handle requests, improving overall system stability.

9. Prometheus Metrics

  • Description: Integrates with Prometheus to expose metrics for monitoring.
  • Benefit: Provides insights into application performance and resource usage, aiding in proactive management and optimization.

Getting Started

To get started with Vault DB Injector, refer to the Installation Guide and Configuration Guide for detailed instructions on setting up and configuring the application.

For a deeper understanding of how the application works, visit the How It Works section.

Contributing

We welcome contributions from the community! Please see our Contribution Guidelines for more information on how to get involved.

License

This project is licensed under the terms of the Apache-2.0 license. See the LICENSE file for details.

Contact

For any questions or support, please reach out to our team at directly by creating an issue on the project.