I am building a simple nodeJS applicaton that I intend to place in a linkerd2 mesh. This service will need to lookup secrets in real time (AWS Secrets, Hashicorp Vault etc) and then use those secrets to fulfill request. I am wondering how Linkerd2 can support this? I dont want to make a call to Vault everytime. Second part of this question is does Linkerd2 have a vault for secrets? Or do I need to use a third part for this like Hashicorp vault? Either way what about the subsequent lookups? Is there anywhere that Linkerd3 supports for placing this secrets so I dont need to do a call to the vault every time?
This isn’t really a thing that Linkerd does.
I would probably look into something like Introduction - External Secrets Operator for this – let it pull secrets out of Vault and put them into a Kubernetes Secret for you. Or look into https://secrets-store-csi-driver.sigs.k8s.io/ for an alternative approach.
1 Like