Forum Discussion

lesliehuang's avatar
lesliehuang
Icon for Microsoft rankMicrosoft
Jun 19, 2024

Persistent volume with Azure Files on AKS

Based on our document, when we need to statically create persistent volume with Azure Files integration, we need to create Kubernetes Secret to store storage account name and access key. And assign t...
azure kubernetes service
balasubramanim's avatar
balasubramanim
Iron Contributor
Jan 21, 2025

lesliehuang 

To secure Azure Files in AKS without exposing storage keys in Kubernetes Secrets:

  1. Use Key Vault with CSI Driver: Store keys in Azure Key Vault and fetch them dynamically using the CSI driver. No keys are stored in Kubernetes.
  2. Enable Managed Identities: Use Azure Managed Identities for authentication, avoiding keys entirely.
  3. Restrict Access: Use Azure RBAC and Private Link for secure access to Azure Files.

These methods enhance security and reduce risks.

Resources