cert-manager-key-vault-sync

Warning

Due to an oversight when aligning versions, Helm Charts and Docker images were overwriting one another on the latest builds. This is now resolved by moving the Helm Charts to docker.io/rdvansloten/cert-manager-key-vault-sync-chart. Please update your install accordingly.

Kubernetes app that syncs cert-manager Secrets to Azure Key Vault.

Component	Version	Status
Helm Chart	v1.3.0
Application	v1.3.0

Features

• Supports Kubernetes Nodes running linux/amd64 (Intel, AMD), linux/arm64 (Apple M1, ARM)
• Synchronizes Kubernetes Secrets to Azure Key Vault Certificates
• Allows for passwordless authentication using Workload Identity or Service Principal with Client Secret
• Certificate is automatically rotated when cert-manager triggers a renewal
• Supports duplicate certificates in multiple Kubernetes Namespaces (e.g. *.your-domain.com in multiple Namespaces)
• Runs in a lightweight Alpine container, generally using < 128 MiB of memory
• Includes a Helm Chart for easy installation

Documentation

For complete documentation, see the wiki.

Requirements & Limitations

• Running cert-manager ~> v1 in your Azure Kubernetes cluster
• Only syncs Kubernetes Secrets to Key Vault Certificates (not to Key Vault Secrets)
• The included Helm chart only authenticates using Workload Identity or Service Principal.

Helm Installation

Helm v3 or higher is recommended for use with this Helm Chart.

export HELM_EXPERIMENTAL_OCI=1
helm upgrade --install cert-manager-key-vault-sync \
    oci://docker.io/rdvansloten/cert-manager-key-vault-sync-chart \
    --values ./charts/cert-manager-key-vault-sync-chart/values.yaml \
    --version v1.3.0 \
    --namespace cert-manager-key-vault-sync --create-namespace

If you wish to use raw Kubernetes manifests instead, you may render the Helm template to plain YAML using the command below.

helm template cert-manager-key-vault-sync oci://docker.io/rdvansloten/cert-manager-key-vault-sync-chart --version v1.3.0 \
    --values ./charts/cert-manager-key-vault-sync-chart/values.yaml > output.yaml

Contributing

I'd love your input! I want to make contributing to this project as easy and transparent as possible, whether it's:

• Reporting an issue.
• Submitting a fix.
• Proposing new features.
• Becoming a maintainer.
• Supporting my GitHub page through GitHub Sponsors or ko-fi.

All changes happen through Pull Requests

Pull requests are the best way to propose changes. I actively welcome your Pull Requests:

1. Fork this repository and create your branch from main.
2. If you've added code that should be tested, add some test examples.
3. Update the documentation.
4. Submit that Pull Request!