745 B
745 B
🔐 OpenBao
Description
OpenBao is a centralized secrets management system designed to securely store, manage, and distribute sensitive data such as passwords, API keys, and certificates.
It provides dynamic secrets, encryption-as-a-service, and fine-grained access control.
Website
Kubernetes Notes
- Requires persistent storage (data loss = secrets loss)
- Use Kubernetes auth method for pod access (service account tokens)
- Seal/unseal mechanism must be handled (auto-unseal recommended for production)
- Avoid storing root tokens in manifests → use external secret bootstrap
- Typically deployed via Helm chart
- Network policies recommended (restrict access to API)
#improvements: HA