diff --git a/docs/userguide/openbao.md b/docs/userguide/openbao.md index 9a738e0..6ef9220 100644 --- a/docs/userguide/openbao.md +++ b/docs/userguide/openbao.md @@ -1,4 +1,4 @@ -[OpenBao](https://openbao.org/) is a fork of [HashiCorp Vault](https://developer.hashicorp.com/vault) which is a centralized solution for managing and securing sensitive data like authentication credentials, usernames, API tokens, and database credentials - basically a digital safe for your secrets. +[OpenBao](https://openbao.org/) is a fork of [HashiCorp Vault](https://developer.hashicorp.com/vault) which is a centralized solution for managing and securing sensitive data like authentication credentials, usernames, API tokens, and database credentials. Beyond static secrets, OpenBao supports dynamic secrets, allowing applications to generate ephemeral credentials for enhanced security. OpenBao's _Encrypt as a Service_ feature makes it simple to implement data encryption across your systems. @@ -12,7 +12,9 @@ OpenBao's Secret Engines include: 6. **Kubernetes Secrets** for seamless integration with containerized applications ## 🔨 How to get it to run -The External Secrets Operator needs a kubernetes secret containing the **OpenBao's initial token** to access its secrets. You can create it with: +*Hint: To be able to use OpenBao it has to be unsealed first. This happens automatically. While unsealing an initial token is being created. To access this token just run the **./getpassword.sh** script.* + +The External Secrets Operator needs a kubernetes secret containing the **OpenBao's initial token** (see above) to access its secrets. You can create it with: `kubectl create secret generic vault-token --from-literal=token= -n openbao`