You can use the AWS Secrets and Configuration Provider (ASCP) for the Kubernetes Secrets Store CSI Driver .
You will need to install the Kubernetes Secrets Store CSI Driver, and then install the ASCP. The ASCP uses IAM role for service account (IRSA) by associating an IAM role with a Kubernetes service account to create and manage AWS resources on your behalf . The ASCP retrieves the pod identity and exchanges it for the IAM role. ASCP assumes the IAM role of the pod, which gives it access to the secrets you authorized. The IAM role must have an IAM policy that includes
As a prerequisite to enable Kubernetes service accounts to access AWS resources via IRSA, you will need to:
- Create an IAM OIDC provider for your cluster – You only need to do this once for a cluster.
- Create an IAM role and attach an IAM policy to it with the permissions that your service accounts need – We recommend creating separate roles for each unique collection of permissions that pods need.
- Associate an IAM role with a service account – Complete this task for each Kubernetes service account that needs access to AWS resources.
- Configure the AWS Security Token Service endpoint type for a service account
Finally, for a tutorial to create and mount a secret in an Amazon EKS pod, refer to  and more examples .
Lastly, this workshop is a good resource to refer to.
 - https://docs.aws.amazon.com/secretsmanager/latest/userguide/integrating_csi_driver.html#integrating_csi_driver_SecretProviderClass  - https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html  - https://docs.aws.amazon.com/secretsmanager/latest/userguide/integrating_csi_driver_tutorial.html  - https://github.com/aws/secrets-store-csi-driver-provider-aws/tree/main/examples
IAM authentication for RDS secured behind secrets managerasked 10 months ago
AWS Secrets Managerasked 6 months ago
how do we integrate ElastiCache ( redis cluster ) in our back end services built on .netasked 3 months ago
Please share the steps to integrate AWS Secrets Manager with secrets.yaml fileasked 15 days ago
Can we let secrets be overridable in AWS Batch?asked 4 months ago
Access secrets from secrets manager into the code the running EC2 dockerasked 7 months ago
Access to Secrets Manager from pod in EKSasked 10 months ago
AWS Secrets Manager with boto3 in pythonAccepted Answerasked a year ago
Do we need Lambda extensions for accessing AWS Secrets Manager ?asked 7 months ago
What is the best way to integrate AWS Secret Manager with EKS?Accepted Answerasked a year ago