Member-only story
Integrate ArgoCD and Hashicorp Vault using ArgoCD Vault Plugin(AVP)
2 min readDec 11, 2024
This guide outlines the steps to integrate ArgoCD with Vault using the ArgoCD Vault Plugin (AVP).
Steps to Integrate ArgoCD with Vault
1. Service Account Token Prerequisites
- Before Kubernetes v1.24: Service account tokens were auto-generated when a service account was created. For example, in ArgoCD, there may already be a secret named
default-token-xxxxxassociated with thedefaultservice account. - From Kubernetes v1.24: Auto-generated legacy service account tokens have been deprecated. If a secret is not present, you will need to create a service account and token manually.
2. Create a Service Account and Token
Use the following commands to create a service account and associated secret:
kubectl create sa <serviceaccount-name>
Apply the following manifest to create a token for the service account:
kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
name: <secretname>
annotations:
kubernetes.io/service-account.name: <serviceaccount-name>
type: kubernetes.io/service-account-token
EOF