1 Answer
- Newest
- Most votes
- Most comments
0
Consider switching from a pull model, to a push model. Create an automated workflow such that:
- Create an entirely new secret with the new data, leaving the old secret intact.
- Update the PodSpec of the Deployment to point to the new secret.
- Recycle your pods at a controlled rate. I recommend using a PodDisruptionBudget to prevent downtime here.
- Validate all pods have been updated and are using the new secret successfully. If this fails, switch back to the old secret as an error handled.
- Delete the old secret after such time that you feel comfortable.
If we automate this process with something like AWS Step Functions, then you never need to set up a polling API call.
answered 2 years ago
Isn’t it costlier though?
Relevant content
- Accepted Answer
- asked 2 years ago
- asked a month ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 8 days ago
Did you have a look at this? https://catalog.workshops.aws/eks-immersionday/en-US/secrets-manager/aws-secrets-manager
@alatech Yes, I had tried the approaches I have listed. What I need to know is the best method to use to obtain secrets and how to set rotation sync poll interval minimizing cost, zero downtime. Also if there are any other better approaches!