Kubernetes-native data platform provider Ondat has joined hands with SUSE to deliver management of digital authentication credentials (secrets management) in Kubernetes to protect access to sensitive data for SunnyVision, a data center infrastructure service provider. This comes just after the release of Ondat’s Trousseau open source project in February.
With SUSE Rancher and built-in Trousseau, SunnyVision can now leverage the native Kubernetes way to store and access secrets in a safe way by plugging into Hashicorp Vault using the Kubernetes KMS provider framework. No additional changes or new skills are required.
Trousseau uses Kubernetes etcd to store API object definitions and states.
The Kubernetes secrets are shipped into the etcd key-value store database using an in-flight envelope encryption scheme with a remote transit key saved in a KMS. Secrets protected and encrypted with Trousseau and its native Kubernetes integration can connect with a key management system to secure database credentials, a configuration file or TLS (Transport Layer Security) certificate that contains critical information and is easily accessible by an application using the standard Kubernetes API primitives.