### 1) HashiCorp Vault
Not currently in use (using bitnami sealed-secrets instead); left for reference

##### 1.1) Create `persistentVolume` and `ingressRoute`
*Requires specifying a `uid` & `gid` in the flexvolSMB-`persistentVolume`*
```shell
kubectl create namespace vault
kubectl apply -f services/Vault/persistentVolume-Vault.yml
kubectl apply -f services/Vault/ingressRoute-Vault.yml
```
##### 1.2) Install Helm Chart
*REMOVED; left for reference*
See [HashiCorp Vault](https://www.vaultproject.io/docs/platform/k8s/helm/run):
```shell
helm repo add hashicorp https://helm.releases.hashicorp.com
helm repo update
helm install vault hashicorp/vault --namespace vault --values=services/Vault/chart-values.yml
```
Configure Vault for use;
- ~~Enable Kubernetes authentication (see https://www.vaultproject.io/api-docs/auth/kubernetes)~~- Store basic access policy template
- Enable `kv`-engine
```
# kubectl exec -n vault -it vault-0 -- sh

# It might be necessary to first login with an existing token:
# vault login

cat <<EOF > /home/vault/app-policy.hcl
path "secret*" {
  capabilities = ["read"]
}
EOF

vault secrets enable -path=secret -version=2 kv
```