Vault
Functionality
Overview
Hashicorp Vault is used by the Axual Platform to reliably store sensitive data, for example:
-
Super User credentials of all Kafka clusters managed by Self Service
-
Admin credentials of all Schema Registry managed by Self Service
-
Application authentication used to connect to all Kafka clusters
README & Changelog
The Vault charts are taken from Hashicorp and are not changed by Axual.
Installation
Vault is a standalone component that is not dependent on another component. In a production setting, a managed Vault is preferred over installation via these charts.
| Ask for an Enterprise Vault or another Managed Vault solution before considering installing Vault via Helm. |
Helm Charts
As part of the Governance charts, the component can be installed following the guide Axual Streaming & Governance Installation.
Configuration
Vault setup
The configuration of Vault is described in page Hashicorp Vault setup
Helm configuration
Refer to Hashicorp Vault repository.
Vault auto unseal
It is possible to configure Vault with auto unseal, so that when Vault Pods are restarted (for example during Kubernetes upgrade), the Pods will be unsealed without human interaction.
| If no auto unseal is enabled, there will be manual steps during a Kubernetes migration. |
Logging
Vault is not an Axual component nor written in Java, so Vault logs will be formatted differently than the other components.
Log configurations are not described here, because the use of a managed Hashicorp Vault is expected. The log configurations should be done by the responsible team.