By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to use AWS Secret Manager correctly in EKS

0

Need Some help!

I want to integrate AWS secrets manager in EKS.

One way I tried is Secrets Store CSI Driver (SSCSID). It mounts the secrets directly into Pod. If I want to set an environment variable using secret then we need to enable the secretSync option of SSCSID, because of which the SSCSID creates a kubernetes secret for our secret data. This is similar to using the k8s secrets which is base64 encoded.

What I want to have is, the k8s secret should not contain the actual data, it should contain the place-holder, and then the driver/k8s should replace the place-holder with data from aws secrets manager at time of mounting/using the secret inside the pod.

Can anyone please suggest the right way or tool for it?

Thanks

Topics
Security, Identity, & ComplianceContainersAWS Well-Architected Framework
Tags
Security, Identity, & ComplianceAmazon Elastic Kubernetes ServiceAWS Secrets ManagerSecurity
Language
English
akshayw
asked a year ago705 views
1 Answer
0

You could either use one approach or the other. We have a new EKS v2 workshop that goes into Sealed Secrets.
_---------- I saw this online which is a 3rd party blog, but have not tested it. It is not official though (https://www.arthurkoziel.com/sync-aws-secrets-manager-to-k8s-secrets/).

profile pictureAWS
Roly
answered a year ago
  • akshayw
    a year ago

    Thanks Roly for your reply. Actually what you suggested is implemented in my current setup. SSCSID creates the k8s secret in this way and that is easily readable. I want to know if we can have secret which will not contain the actual data in k8s secret - It should contain the the place holder for the data.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content