Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

How to use AWS Secret Manager correctly in EKS

0

Need Some help!

I want to integrate AWS secrets manager in EKS.

One way I tried is Secrets Store CSI Driver (SSCSID). It mounts the secrets directly into Pod. If I want to set an environment variable using secret then we need to enable the secretSync option of SSCSID, because of which the SSCSID creates a kubernetes secret for our secret data. This is similar to using the k8s secrets which is base64 encoded.

What I want to have is, the k8s secret should not contain the actual data, it should contain the place-holder, and then the driver/k8s should replace the place-holder with data from aws secrets manager at time of mounting/using the secret inside the pod.

Can anyone please suggest the right way or tool for it?

Thanks

Themen
Sicherheit, Identität & KonformitätBehälterAWS Framework mit guter Struktur
Tags
Sicherheit, Identität & KonformitätAmazon Elastic Kubernetes DienstAWS GeheimnismanagerSicherheit
Sprache
English
akshayw
gefragt vor einem Jahr734 Aufrufe
1 Antwort
0

You could either use one approach or the other. We have a new EKS v2 workshop that goes into Sealed Secrets.
_---------- I saw this online which is a 3rd party blog, but have not tested it. It is not official though (https://www.arthurkoziel.com/sync-aws-secrets-manager-to-k8s-secrets/).

profile pictureAWS
Roly
beantwortet vor einem Jahr
  • akshayw
    vor einem Jahr

    Thanks Roly for your reply. Actually what you suggested is implemented in my current setup. SSCSID creates the k8s secret in this way and that is easily readable. I want to know if we can have secret which will not contain the actual data in k8s secret - It should contain the the place holder for the data.

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt