Enable Auto Rotation of Secrets

Periodically update the pod mount and Kubernetes Secret with the latest content from external secrets store

You can setup the Secrets Store CSI Driver to periodically update the pod volume mount and Kubernetes Secret with the latest content from external secrets-store. Refer to doc for steps on enabling auto rotation.

To enable this feature while installing azure provider helm chart, you can use the following helm --set flags:

helm install csi csi-secrets-store-provider-azure/csi-secrets-store-provider-azure --namespace kube-system --set secrets-store-csi-driver.enableSecretRotation=true --set secrets-store-csi-driver.rotationPollInterval=2m

NOTE

The CSI driver does not restart the application pods. It only handles updating the pod mount and Kubernetes secret similar to how Kubernetes handles updates to Kubernetes secret mounted as volumes.

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.

Last modified March 3, 2022: Secret rotation doc update (#819) (2a80683)