Persistent volume with Azure Files on AKS

Microsoft

Based on our document, when we need to statically create persistent volume with Azure Files integration, we need to create Kubernetes Secret to store storage account name and access key. And assign the secret into PV yaml file.

https://learn.microsoft.com/en-us/azure/aks/azure-csi-files-storage-provision#create-a-kubernetes-se...

However, this mechanism will allow other people that has read permission of AKS cluster to easily read the Kubernetes secret and get the storage account key. 

Our customer has concern about this and want to know if there was other mechanism that can prevent this risk (for example , need to fetch account key from key vault first , not directly put storage account key into Kubernetes secret)
  

0 Replies