Note
We no longer recommend or support using an external vault with Pipelines.
To use vault securely you must set the disablemlock
setting in the values.yaml
to false as per the Hashicorp Vault recommendation.
For non-production environments it is acceptable to leave this value set to true. However, this does enable a potential security issue where encrypted credentials could potentially be swapped onto an unencrypted disk. For this reason we recommend you always set this value to false to ensure mlock is enabled.
Non-Production Environments
vault: disablemlock: true
Production Environments
vault: disablemlock: false