Azure Kubernetes (k8) and keyvault

Option1:

Application code will access keyvault through keyvault API’s. KeyValut config values are created as secrets in k8 and getting exposed

var clientId = stageOneConfig.GetValue<string>("clientid");
        var clientSecret = stageOneConfig.GetValue<string>("clientsecret");
        var keyVaultIdentifier = stageOneConfig.GetValue<string>("keyvaultidentifier");
        var keyVaultUri = $"https://{keyVaultIdentifier}.vault.azure.net/";

Ref:https://thorsten-hans.com/integrating-azure-keyvault-with-azure-container-services

Option2: ( In Preview)

Azure AD Pod Identity

AAD Pod Identity allows you to execute Pods in the security context of an Azure Identity. That identity will be dynamically assigned to any pod that is matching certain requirements.

apiVersion: "aadpodidentity.k8s.io/v1"
kind: AzureIdentityBinding
metadata:
  name: demo_aad_identity_binding
spec:
  AzureIdentity: demo_aks_pod_id
  Selector: demo_app

Ref: https://thorsten-hans.com/azuread-pod-identity-aks-integrate-azure-keyvault

Option3: ( In Preview)

Azure Key Vault FlexVolume for Kubernetes

Azure Key Vault FlexVolume for Kubernetes is a driver that allows you to consume typed data from Azure Key Vault (like secrets, keys or certificates) and attach that data directly to Pods.

Ref:https://thorsten-hans.com/azure-key-vault-flexvolume-for-kubernetes

Option4 ( GoDaddy custom k8 config)

https://github.com/godaddy/kubernetes-external-secrets