[Kubernetes] Refactor cluster secret storage
Issue
Currently we're using Vault, deployed within the cluster, for secret generation and storage. This is fine, but it's complicated to run, and is an unnecessary workload for the cluster. We'd also like to move away from any Hashicorp products, as they are no longer operating under the philosophy of open source.
Proposal
OpenStack Barbican seems like a good solution to replace Vault. It's open source and runs on the cloud platform layer, meaning it can be used to manage secrets for other applications as well. The only problem, currently, is that external-secrets doesn't seem to offer a Barbican integration.
Edit: Currently can't find any integration for K8s Secrets + Barbican. This might be a non-starter.
Edited by Ryan Algar