Subscribe to the feed

Today, Red Hat is pleased to announce a new open source project, the Vault Operator. In keeping with earlier projects, including the etcd Operator and the Prometheus Operator, the Vault Operator aims to make it easier to install, manage, and maintain instances of Hashicorp Vault – a tool designed for storing, managing, and controlling access to secrets, such as tokens, passwords, certificates, and API keys – on Kubernetes clusters.

We are supporters of Vault, for important reasons. Authentication is fundamental to modern applications. As application design shifts from monolithic to distributed architectures, the various components of an application must communicate with each other over a network in ways that are designed to be trusted and secure. This typically requires authentication, which in turn requires credentials, or secrets. The problem is that there is no de facto way to centrally locate and manage these secrets.

Public cloud providers offer services to help solve this problem, but these solutions can be less than ideal. Not only are the APIs for these services often proprietary, potentially leading to cloud vendor lock-in and impedances to local testing, but they typically aren’t container-native, being designed with VM-centric architectures in mind.

Vault, an open source project, is a powerful alternative to these cloud-based services. It creates a central repository for secrets and enables secrets management, including rotation, leasing, and revocation of secrets. Our goal with the Vault Operator is to make it easier for Kubernetes users to consume this software.

Vault on demand

The Vault Operator we’re launching today, which we’re releasing under the Apache 2.0 open source license, builds on the operator pattern that CoreOS introduced in 2016. Operators are Kubernetes native applications. We define native as being both managed using the Kubernetes APIs via kubectl and ran on Kubernetes as containers. Operators can take advantage of Kubernetes's extensibility to help deliver the automation advantages of cloud services like provisioning, scaling, and backup/restore while being able to run anywhere that Kubernetes can run.

The Vault Operator is designed to make it easier to consume and operate Vault on Kubernetes by leveraging underlying Kubernetes capabilities to automate the provisioning, scaling, and backup/restore operations of Vault. With it, you can deploy a Vault service as easily as you can deploy a single stateless container on Kubernetes. Behind the scenes, the operator is designed to take care of such housekeeping tasks as TLS, etcd provisioning and setup, upgrades, and other details. In this way, you can consume Vault on your cluster the way you would were it provided as a service offered by a cloud provider, only in an open and cloud-agnostic way.

The Vault Operator powers the Vault Open Cloud Service introduced in the CoreOS Tectonic platform in December 2017. By releasing the Vault Operator as an open source project, Red Hat now aims to enable ISVs and IT organizations to use Vault as a managed service in their own environments, powered by automated operations.

We anticipate seeing more operators in the future, developed both by us and by others from across the Kubernetes ecosystem. In the meantime, if you’d like to get involved with extending and improving the Vault Operator, join us on the Vault Operator GitHub repository.

About the author

Browse by channel

automation icon


The latest on IT automation for tech, teams, and environments

AI icon

Artificial intelligence

Updates on the platforms that free customers to run AI workloads anywhere

open hybrid cloud icon

Open hybrid cloud

Explore how we build a more flexible future with hybrid cloud

security icon


The latest on how we reduce risks across environments and technologies

edge icon

Edge computing

Updates on the platforms that simplify operations at the edge

Infrastructure icon


The latest on the world’s leading enterprise Linux platform

application development icon


Inside our solutions to the toughest application challenges

Original series icon

Original shows

Entertaining stories from the makers and leaders in enterprise tech