Skip to main content
HashiTalks 2025 Learn about unique use cases, homelab setups, and best practices at scale at our 24-hour virtual knowledge sharing event. Register
Demo

How to Use AKS Pod Identity with Vault

Learn one method for providing Kubernetes pods authenticated access to secrets stored in HashiCorp Vault. This is a method that uses Azure Kubernetes Service (AKS).

When running a Kubernetes cluster, you may want to secure secrets outside the cluster. But how do you provide pods authenticated access to secrets stored in something like HashiCorp Vault?

Using AKS Pod Identity

One possible solution comes from the Azure Kubernetes Service, which has the ability to use Azure Active Directory to authenticate running pods.

What You'll Learn

In this talk, you will see how Vault can use Azure Active Directory authentication to allow pods running on AKS to access secrets stored in Vault. First, Ned Bellavance will walk through the setup of AKS with Pod Identity. Then he will deploy a Vault cluster and enable Azure authentication. Finally, he will deploy an application on the AKS cluster and retrieve a secret from the Vault cluster. By the end of the talk, you'll be ready to go out and implement this solution in your environment.

See a demo showing how Vault can use Azure Active Directory authentication to allow pods running on AKS to access secrets stored in Vault.

GitHub Repo

You can find the example used in this talk in this GitHub repo

Slides

More resources like this one

2/3/2023Case Study

Automating Multi-Cloud, Multi-Region Vault for Teams and Landing Zones

zero-trust
12/13/2022White Paper

A Field Guide to Zero Trust Security in the Public Sector

12/5/2022Case Study

Enabling infrastructure as code at LinkedIn

11/30/2022Case Study

How Weyerhaeuser automates secrets with Vault and Terraform