Skip to content

Sam Gabrail – Platform Engineer

Unify Secrets Without Migration Hassle

You wanna centralize secrets management, but your development teams are tied to a specific option like AWS secrets manager or maybe Google due to cloud native requirements or some corner case. Sound familiar? In this video, I’ll show you how Akeyless Universal Secrets Connector unites all your secrets managers solving the chaos with a single access point without forcing migration. Let’s dive in.

In Akeyless here, I have a few already created universal secrets, connectors. The first one is AWS. And if you click here, you can see the little bit of the configuration, but if you want to view the secrets, this will show you what secrets we have in AWS. And we have a couple here, USC AWS test and another USC secret.

And click in here and view. You can see foo baz for the AWS test. And if you jump into AWS, you see the two secrets as well.

And, of course, we’ll go into here and you reveal the secret value and it’s foo baz as well. And, of course, we can add a new secret if we wish.

Let’s call this new key and give a value and click next and let’s call it my new secret, for example.

Keep going. Click next.

Next, and finally store and refresh. We’ll see our my new secret and retrieve secret value, new key, new value. Going over to Akeyless and refreshing this, you’ll see my new secret just popped up. And if you open that and view it, you can see new key, new value. So we see how we are now synced between AWS and Akeyless.

Great. Let’s take another example and look at USC vault. So here we have a connector into HashiCorp Vault. I can view all my secrets inside of vault. So I got a couple here, KV, vault init, and test USC. So if I look at test USC, I can see that I have a key of ABC, a value of X, Y, Z. And if I go into my vault and go back to KV here.

So in HashCorp vault, I see my two secrets as well. Test USC, you can see ABC is the key and value is XYZ.

And we can generate the secret from here or from Akeyless if we wanna create a new secret. Since we created one from AWS, this time we’ll create it from within Akeyless. Let’s say new vault secret and give it a value here. It’s in the form of JSON.

Let’s call this foo bar.

So key value foo bar. Now it shows up here so we can quickly view it. foo bar and jump into vault and going back to KV and that’s refreshed that. We’ve got our new vault secret. Going in, we see foo bar.

Excellent. Let’s take on our final example and this time we’re going to use a Kubernetes connector.

So looking here, I’ve connected into my bare metal Kubernetes cluster that lives in my home lab. So not in the cloud. Also vault was running in my Kubernetes cluster, which is this cluster here. So also in my home lab.

So view all secrets. I’ve got a bunch of secrets in the default namespace and you can see test USC for example, if I open that one, you can see foo bar. And if I jump into my cursor window here, I can look up secrets.

I’m in the default namespace as you see here in my bare metal K3S cluster, And I’ve got my three secrets here and I can look up any one of these secrets.

I’m decoding it. For the foo key, I get my bar value.

I can generate a new secret from here like this and let’s call this my newest credentials, for example, and Sam and password is secret. Enter.

Clear.

Let’s get the secrets again to see the new one. My newest credentials is right here. Going back into Akeyless and refreshing. I see my newest credentials pop up. There we go. Password secret username is Sam.

This is how it all works and you can add more connectors here. So if you look up new universal secrets connector, I showed you AWS. I showed you Kubernetes. I showed you HashCorp vault, but of course, similarly, you can do this for Azure and GCPs secret manager managers.

The universal secret connector in Akeyless kind of becomes the manager of managers for all your secrets managers that are out there.

Real quick, showing you how you configure this. It’s very, pretty simple. You go universal secrets connector. Let’s pick on one of these, vault for example, next, has asked you to give it a name where you want to store it, what location, and then it’s going to ask for a target.

So you need to have a target. So vault HashiCorp vault. This is a target. So I’ll show you how to connect targets in just a second.

You need your gateway of course, and that is pretty much it. Similar to that is also the AWS connector and Azure GCP Kubernetes. But each one of these needs a target. First you need to define the target and configure it, and then you can configure the universal secrets connector.

So let’s jump into targets and from here, picking on vault once again, you can see we have a vault target. If you look at the connection details, it requires a token and it requires a URL. Since this is living inside my Kubernetes cluster, this vault cluster, basically, I’m just using the vault service name with the namespace vault and of course the domain suffix here with port eight thousand two hundred. And that way, since I’m running through the gateway, the keyless gateway, which also lives on the same Kubernetes cluster, I can access vault within the cluster.

If you want to see how to configure it, if you go to new and start from scratch, basically, you can click hash core vault and you can just follow the prompts here, which is exactly what you saw in the configuration earlier. In the same way I configured my Kubernetes target using a gateway service account. This works because again, the gateway itself lives inside the Kubernetes cluster. You can use a bearer token.

You can use a client certificate to get all this working, but once you’ve defined and created all your targets, you can do a whole lot of things like adding dynamic secrets, the universal secrets connector, and a few other, operations as well. So as you can see here’s my AWS different AWS targets as you see here, and each one has its own connection details that allows you to connect to those clouds. I’ve got Azure, I’ve got GCP as well. But this is it really.

I wanted to show you briefly how you can use Akeyless’ universal secrets connector as a manager of managers. Because as I mentioned in the beginning of this video, there are instances where you might have to work with other secrets managers because some teams might also need to, support that. And for some reason their application requires to use the native secrets manager and that’s okay. So Akeyless gives us this ability to support any kind of organization with any kind of demands from the teams.

Thanks for watching and I’ll see you in another video.

  • EncryptionKeyManagement_HighPerformer_Enterprise_HighPerformer
  • PrivilegedAccessManagement(PAM)_BestSupport_Enterprise_QualityOfSupport
  • PrivilegedAccessManagement(PAM)_EasiestAdmin_Enterprise_EaseOfAdmin
  • PrivilegedAccessManagement(PAM)_UsersMostLikelyToRecommend_Enterprise_Nps

© 2025 AKEYLESS. All rights reserved