DevOps Engineer at uSwitch·

At uSwitch we use Vault to generate short lived database credentials for our applications running in Kubernetes. We wanted to move from an environment where we had 100 dbs with a variety of static passwords being shared around to a place where each pod would have credentials that only last for its lifetime.

We chose vault because:

  • It had built in Kubernetes support so we could use service accounts to permission which pods could access which database.

  • A terraform provider so that we could configure both our RDS instances and their vault configuration in one place.

  • A variety of database providers including MySQL/PostgreSQL (our most common dbs).

  • A good api/Go -sdk so that we could build tooling around it to simplify development worfklow.

  • It had other features we would utilise such as PKI

READ LESS
Dynamic database credentials with Vault in Kubernetes (medium.com)
8 upvotes·22.1K views
Avatar of Joseph Irving

Joseph Irving

DevOps Engineer at uSwitch