Hasty Briefsbeta

OpenBao on Kubernetes

17 hours ago
https://nanibot.net/posts/vault/
Copy Link
  • #OpenBao
  • #Secrets Management
  • #Kubernetes
  • OpenBao is an open-source fork of HashiCorp’s Vault, designed for community-driven secrets management.
  • The blog post outlines a production deployment setup for OpenBao on Kubernetes, including TLS encryption, high availability via Raft, and auto-unseal.
  • A nightly build of OpenBao (2.4.0-nightly1752150785) is used for static auto-unseal, which is planned for official release in version 2.4.0.
  • Pre-requisites include the OpenBao Helm chart, cert-manager for certificates, and ingress-nginx for UI exposure.
  • Configuration details include enabling TLS, setting up HA with Raft storage, and configuring static auto-unseal with a Kubernetes secret.
  • The setup involves initializing the OpenBao cluster, storing unseal keys securely, and joining nodes to the cluster.
  • The OpenBao Web UI is accessible via a configured hostname, such as https://vault.nanibot.net.
AboutLogin