The Stronghold module enables secure storage and lifecycle management of secrets. The secrets storage is implemented as a key-value and is compatible with the Hashicorp Vault API.

Stronghold provides access to data and can be managed through:

Authentication and authorization in the Stronghold can be performed through:

  • Service accounts of Kubernetes cluster applications
  • Tokens
  • Users can authenticate through cluster Dex/OIDC
  • Username/password pair

Access control to secrets within and outside Stronghold is configured using a flexible set of policies.