Skip to content

CSI Driver overview

CSI Driver is a Container Storage Interface (CSI) driver that provisions unique X.509 certificate key pairs to pods that use cert-manager.

CSI Driver provides the following key benefits:

  • Matches the certificate and pod lifecycles by creating certificate key pairs when a pod starts and destroying them when it terminates.
  • Keeps private keys on the node by storing them on the node where the pod runs.
  • Provides unique certificates per pod so that each receives its own certificate key pair, enabling mTLS between workloads.
  • Uses ephemeral volumes so you can define certificate requirements in your deployment spec rather than use a persistent volume.
  • Designed for private PKI using a private certificate authority such as Enterprise Issuer rather than a public one like Let's Encrypt, which enforces rate limits.

By using CSI Driver, your pods can authenticate with unique, short-lived certificates without storing private keys in Kubernetes Secrets.

What's next?

To get started, install CSI Driver alongside cert-manager in your cluster. For version history, see the releases page.