cleanstart/vault-k8s

Verified Publisher

By CleanStart

Updated about 3 hours ago

Secure by Design, Built for Speed, Hardened Container Images on a minimal base CleanStart OS.

Image
Security
0

10K+

cleanstart/vault-k8s repository overview

Container Documentation for Vault-K8S

HashiCorp Vault Kubernetes integration container that enables native Kubernetes authentication and secrets management. Provides secure identity-based access to Vault resources within Kubernetes clusters, supporting dynamic secrets, encryption as a service, and automated certificate management.

📌 Base Foundation: Security-hardened, minimal base OS designed for enterprise containerized environments from Cleanstart Registry.

Key Features Core capabilities and strengths of this container

  • Native Kubernetes authentication and integration
  • Automated secrets injection into Kubernetes pods
  • Dynamic secrets management and rotation
  • Enterprise-grade security and compliance features

Common Use Cases Typical scenarios where this container excels

  • Kubernetes secrets management and distribution
  • Dynamic database credential management
  • SSL/TLS certificate automation
  • Cloud credentials and API key management

Pull Latest Image Download the container image from the registry

docker pull cleanstart/vault-k8s:latest
docker pull cleanstart/vault-k8s:latest-dev

Basic Run Run the container with basic configuration

docker run -it --name vault-k8s \
  -e VAULT_ADDR=http://vault:8200 \
  -e VAULT_SKIP_VERIFY=true \
  cleanstart/vault-k8s:latest

Production Deployment Deploy with production security settings

docker run -d --name vault-k8s-prod \
  --read-only \
  --security-opt=no-new-privileges \
  --user 100:100 \
  -e VAULT_ADDR=https://vault:8200 \
  -e VAULT_CACERT=/vault/tls/ca.crt \
  cleanstart/vault-k8s:latest

Volume Mount Mount local directory for persistent data

docker run -v $(pwd)/config:/vault/config \
  -v $(pwd)/tls:/vault/tls \
  cleanstart/vault-k8s:latest

Port Forwarding Run with custom port mappings

docker run -p 8200:8200 cleanstart/vault-k8s:latest

Environment Variables Configuration options available through environment variables

VariableDefaultDescription
VAULT_ADDRhttp://127.0.0.1:8200Vault server address
VAULT_SKIP_VERIFYfalseSkip TLS certificate verification
VAULT_CACERTPath to CA certificate file
VAULT_TOKENVault authentication token

Security Best Practices Recommended security configurations and practices

  • Always use TLS for production deployments
  • Implement proper role-based access control (RBAC)
  • Regularly rotate Vault tokens and credentials
  • Enable audit logging for all operations
  • Use separate namespaces for different environments
  • Implement network policies to restrict traffic

Kubernetes Security Context Recommended security context for Kubernetes deployments

securityContext:
  runAsNonRoot: true
  runAsUser: 100
  runAsGroup: 100
  readOnlyRootFilesystem: true
  allowPrivilegeEscalation: false
  capabilities:
    drop: ["ALL"]
  seccompProfile:
    type: RuntimeDefault

Multi-Platform Images

docker pull --platform linux/amd64 cleanstart/vault-k8s:latest
docker pull --platform linux/arm64 cleanstart/vault-k8s:latest

Documentation Resources Essential links and resources for further information '


Vulnerability Disclaimer

CleanStart offers Docker images that include third-party open-source libraries and packages maintained by independent contributors. While CleanStart maintains these images and applies industry-standard security practices, it cannot guarantee the security or integrity of upstream components beyond its control.

Users acknowledge and agree that open-source software may contain undiscovered vulnerabilities or introduce new risks through updates. CleanStart shall not be liable for security issues originating from third-party libraries, including but not limited to zero-day exploits, supply chain attacks, or contributor-introduced risks.

Security remains a shared responsibility: CleanStart provides updated images and guidance where possible, while users are responsible for evaluating deployments and implementing appropriate controls.

Tag summary

Content type

Image

Digest

sha256:b394c1a2c

Size

36.6 MB

Last updated

about 3 hours ago

docker pull cleanstart/vault-k8s:1.7.5-amd64