By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

external operator secret error - AWS secret name may not contain "/"

0

am planning to use an external secret operator to integrate AWS secret manager secrets to Kubernetes.

External operator installation is successful, but I am having an error with the name containing /

error - "invalid resource name \"/test/dev/\": may not contain '/]"
Here's my yaml files for external secret

kind: ExternalSecret 
metadata:
    name: dev-secrets
spec:
 refreshinterval: 1m
 secretStoreRef:
  name: global-secret-store
  kind: ClusterSecretStore 
 target:
  name: "/test/dev/"
  creation Policy: Owner 
 dataFrom:
 - extract:
     key: "/test/dev/"

How can I make this work with this naming convention?

Also, my secrets in AWS secrets manager have two keys, and I saw posts that it gets attached as a one secret in Kubernetes secrets.

I want all the keys in it attached as a separate Kubernetes secret. How can I achieve this using an external operator? If not an external operator, what other ways exist for this?

Topics
ContainersSecurity, Identity, & Compliance
Tags
Amazon Elastic Kubernetes ServiceAWS Secrets Manager
Language
English
annie
asked 10 months ago319 views
1 Answer
0

You can create secrets without a /

Or those with a / you can reference a secrect using it’s unique name(arn)

apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
  name: aws-secrets
spec:
  provider: aws
  parameters:
    objects: |
        - objectName: "arn:aws:secretsmanager:us-east-2:111122223333:secret:MySecret2-d4e5f6"
        - objectName: "MySecret3"
          objectType: "secretsmanager"
        - objectName: "MySecret4"
          objectType: "secretsmanager"
          objectVersionLabel: "AWSCURRENT"

This page may help you find the answer your looking for coming at it from a different angle https://docs.aws.amazon.com/secretsmanager/latest/userguide/integrating_csi_driver.html

profile picture
EXPERT
Gary Mclean
answered 10 months ago
  • annie
    10 months ago

    Thanks for the reply. It’s csi driver you mentioned, I am using external operator. Is there way to achieve this using external secret operator?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content