How To Use Red Hat Openshift GitOps With The Argo CD Vault Plugin As A Sidecar
Red Hat News, Tuesday, August 15,2023
Sensitive data must not be stored in Git. This presents a conundrum for GitOps, because you need secrets in Git, but you don't want to expose this sensitive data! To address this problem, you can store secrets in a tool such as HashiCorp Vault, and then retrieve and inject that data into Red Hat OpenShift.
This article is a guide for deploying OpenShift GitOps with the Argo CD Vault Plugin to retrieve secrets from a Hashicorp Vault instance and inject them into Kubernetes resources. This guide builds on work like this previous Red Hat blog from 2021 and is updated to use the more modern custom plugin sidecar approach.
Prerequisites
For this article, I assume you're running OpenShift 4.10, or greater, with administrative privileges on that cluster. I'm running a Red Hat OpenShift on AWS 4.13 cluster provisioned through the Red Hat demo system.