Azure KeyVault Secret Operator for Kubernetes

Easy to use operator which is able to sync all of the Azure KeyVault secrets into your Kubernetes cluster with only one manifest.

Operator can run on non Azure environments without any kind of other prerequisites like CSI driver, ARC enabling, etc. All you need to have a Service Principal which is used to access Azure KeyVault.

Example AzureKeyVault custom object and created kubernetes secrets by operator

No need to use CSI driver

Azure KeyVault Secret Operator doesn’t need any kind of Container Storage Interface.

Only one object for all secrets

Once operator is installed, only one AzureKeyVault custom object is sufficient to sync all of the secrets from an Azure KeyVault to multiple namespaces

Regex support

AzureKeyVault object supports regex on namespaces. Therefore you can create a kubernetes secret accross multiple namespaces.

...
  - name: catalog-api-credentials
      namespaces:
        - "hard-coded-ns"
        - "^((?!kube).)*$"
      data: ...

Jsonpath support

You can put more than one Azure KeyVault secret value into single value of a kubernetes secret.

...
  - name: catalog-api-credentials
      namespaces: ...
      data:
        mssql: "$['nameOfAzureKeyVaultSecret']"
        amqp: "$['amqp-host'];port=$['amqp-port'];TLS=enabled" #multiple KeyVault secret into one field
        hardcodedfield: "hard coded value"