Learn Lab: Dynamic credentials for Kubernetes workloads with Vault and VSO

Vault offers a complete solution for secrets lifecycle management, but developers and operators are required to learn Vault so that the existing system can pull secrets from Vault. To simplify the introduction of Vault into the existing system, this learn lab walks through the Vault Secrets Operator. Through the Vault Secrets Operator, secrets are accessed as native Kubernetes secrets, but with the advantage of being managed by HashiCorp Vault.

Lab Teaching Assistants: Ben Ash, Rosemary Wang, Michael Kosir 

Lab prerequisites:
To follow along the hands-on lab, you would need the following:

• Laptop with shell access (tested on macOS)

• Vault binary installed

• Docker installed

• minikube installed (suggest running minikube start at least once to download the image before arriving at the conference)

• Kubectl (installed with minikube, and expected to be the default context) 

• Helm installed

• Ngrok installed and configured with auth token (free tier should work)

• Jq installed to parse JSON

• Base64

• K9s CLI (for TA troubleshooting)