Docs Home → MongoDB Enterprise Kubernetes Operator
Configure Secret Storage
On this page
You can choose the secret storage tool for Kubernetes Operator. The secret storage tool is a secure place to store sensitive information for the components that Kubernetes Operator manages. This includes secrets for MongoDB databases, Ops Manager, and AppDB.
Once you configure secret storage, Kubernetes Operator accesses the tool, retrieves the secrets, and uses them to establish connections securely.
Supported Secret Storage Tools
Kubernetes Operator supports the following secret storage tools:
Kubernetes: store sensitive information as secrets (the built-in secret storage for Kubernetes). Kubernetes secrets store authentication credentials so that only Kubernetes can access them.
HashiCorp Vault: store sensitive information in Vault, a third party service for secret management.
Secrets You Can Store
You can use any supported secret storage tool for any secret in the MongoDB Enterprise Kubernetes Operator documentation except those listed in the limitations.
Important
After configuration, Kubernetes Operator uses your selected secret storage tool for all secrets except those listed in the limitations. You can't mix and match secret storage tools.
Limitations
The following limitations exist for the supported secret storage tools:
Some registries, such as OpenShift, require imagePullSecrets to pull images from the repository. The Kubernetes Operator can't provide imagePullSecrets from HashiCorp Vault. You can specify a kubelet image credential provider to retrieve credentials for a container image registry using Kubernetes instead.
Set the Secret Storage Tool
To set the secret storage tool, select one of the following options:
Next Steps
After you configure the secret storage tool for the MongoDB Enterprise Kubernetes Operator, you can:
Read the Considerations.
Complete the Prerequisites.