Docs Menu

Docs HomeMongoDB Enterprise Kubernetes Operator

Configure Secret Storage

On this page

  • Supported Secret Storage Tools
  • Secrets You Can Store
  • Limitations
  • Set the Secret Storage Tool
  • Next Steps

You can choose the secret storage tool for Kubernetes Operator. The secret storage tool is a secure place to store sensitive information for the components that Kubernetes Operator manages. This includes secrets for MongoDB databases, Ops Manager, and AppDB.

Once you configure secret storage, Kubernetes Operator accesses the tool, retrieves the secrets, and uses them to establish connections securely.

Kubernetes Operator supports the following secret storage tools:

  • Kubernetes: store sensitive information as secrets (the built-in secret storage for Kubernetes). Kubernetes secrets store authentication credentials so that only Kubernetes can access them.

  • HashiCorp Vault: store sensitive information in Vault, a third party service for secret management.

You can use any supported secret storage tool for any secret in the MongoDB Enterprise Kubernetes Operator documentation except those listed in the limitations.

Important

After configuration, Kubernetes Operator uses your selected secret storage tool for all secrets except those listed in the limitations. You can't mix and match secret storage tools.

The following limitations exist for the supported secret storage tools:

To set the secret storage tool, select one of the following options:

After you configure the secret storage tool for the MongoDB Enterprise Kubernetes Operator, you can:

←  Enable AuthenticationCreate Secrets in HashiCorp Vault →