I am wondering about Kubernetes's secret management. I have a process that generates a lot of secrets that only need to live for a short while.
I would like for these secrets to come from Vault or a similar service in the future. However, for right now, I don't have the time to implement this.
If someone could provide me with the documentation or delineate the secret life cycle, it would be super helpful. Does Kubernetes have the means to garbage collect these secrets as it does with containers?
Likewise, I am wondering if there is a way to set cascading deletes when this one resource disappears, so does its secrets?
Kubernetes has no notion of secret lifetime.
you can implement a
CronJobin charge of checking then deleting secret in specific namespace(s) if the secret is older that a specific time.you can create all your secrets in a temporary namespace, destroying the namespace will destroy all the secrets associated with this namespace.
use
Vault