By using AWS re:Post, you agree to the Terms of Use
/What is the best way to integrate AWS Secret Manager with EKS?/

What is the best way to integrate AWS Secret Manager with EKS?


I've seen the following solutions, but they don't seem that great to me:

1 Native integration with CSI driver (Complex to intall and you can inject all values in one environment variable using a local disk, you need parser variables when docker run)

2 Execute an script when docker run, get the variables, parse and export (Easy to use, not elegant)

ENV_VAR=$(aws secretsmanager get-secret-value --secret-id $VARIABLE_ID  --region us-west-2 | jq --raw-output '.SecretString')
# parse ENV_VAR with code in this line
# Export variables 

3 Integrate AWS Secret Manager with the framework for example with Rails (Easy to use, some elegant but it is at the code level )

What do you recommend to carry out this integration and why? Do you know another more elegant and easy way?

1 Answers
Accepted Answer

The ASCP CSI Driver is the secure and supported way to pull secrets into your pod. If you treat your secrets as JSON they can be placed on disk in the container and parsed by your application code at startup. If you're just using Docker run, as you mentioned, locally for development you could volume mount a similar file into place from your local disk. This way the application code works the same way in either case.

If you already have OIDC integrated, then you only need to install the driver and configure it, which may only be a two step process if you're using helm.

Hope that helps! -Ray

answered 5 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions