k8s-cluster/manifest/external-secrets/cluster-secret-store/secret-store.yaml at 9419f7d4a3e8b485cde27d0677385a2d3bc852b2

Files

duynguyen 9419f7d4a3 security: switch ESO→Vault auth from token to k8s SA

Remove static Vault token from Git (was exposed in vault-token-secret.yaml).
ESO now authenticates via Kubernetes service account JWT → short-lived tokens.
Add sync-hook Job to configure Vault k8s auth idempotently on ArgoCD sync.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-22 13:08:21 +07:00

408 B

Raw Blame History

View Raw

408 B Raw Blame History

408 B

Raw Blame History