Introducing KubeVault v2022.12.28

KubeVault is a Kubernetes operator for HashiCorp Vault . The Vault is a tool for secrets management, encryption as a service, and privileged access management. The KubeVault operator makes it easy to deploy, maintain and manage Vault servers in Kubernetes. It also supports various secret engines management, policy management in the Kubernetes native way.

We are very excited to announce the release of KubeVault v2022.12.28 Edition. In this release, the SecretEngine for Redis has been added, KubeVault CLI has been updated for generating SecretProviderClass for Redis.

In this post, we are going to highlight the major changes. You can find the complete commit by commit changelog here .

Redis SecretEngine

Redis Secret can be used to generate dynamic credentials for Redis Standalone database using Vault. First, we need to enable a SecretEngine for Redis and then we can create different roles with different set of permissions using RedisRole. Then Vault will generate credentials for the role when user request for credentials. We can also mount the secret in a pod using SecretProviderClass

Now, Redis SecretEngine can be enabled, configured & RedisRole can also be created with KubeVault. Here’s a sample yaml for Redis SecretEngine & RedisRole:

kind: SecretEngine
  name: redis-secret-engine
  namespace: demo
    name: vault
    namespace: demo
      name: redis
      namespace: db
    pluginName: "redis-database-plugin"
kind: RedisRole
  name: write-read-role
  namespace: demo
    name: redis-secret-engine
    - '["~*", "+@read","+@write"]'
  defaultTTL: 1h
  maxTTL: 24h

We can bind the role with a service account and mount the generated credentials using SecretProviderClass. After creating a SecretRoleBinding the following commands generates SecretProviderClass YAML for RedisRole

$ kubectl vault generate secretproviderclass vault-db-provider -n demo \
       --secretrolebinding=demo/secret-role-binding \
       --vaultrole=RedisRole/write-read-role \
       --keys username=redis-user --keys password=redis-pass -o yaml

To learn more about how to mount Redis credentials in pod, head over here

What’s Next?

Please try the latest release and give us your valuable feedback.

  • If you want to install KubeVault, please follow the installation instruction from here .


To speak with us, please leave a message on our website .

To receive product announcements, follow us on Twitter .

If you have found a bug with KubeVault or want to request new features, please file an issue .


Get Up and Running Quickly

Deploy, manage, upgrade Kubernetes on any cloud and automate deployment, scaling, and management of containerized applications.