How to use AWS Secret Manager correctly in EKS


Need Some help!

I want to integrate AWS secrets manager in EKS.

One way I tried is Secrets Store CSI Driver (SSCSID). It mounts the secrets directly into Pod. If I want to set an environment variable using secret then we need to enable the secretSync option of SSCSID, because of which the SSCSID creates a kubernetes secret for our secret data. This is similar to using the k8s secrets which is base64 encoded.

What I want to have is, the k8s secret should not contain the actual data, it should contain the place-holder, and then the driver/k8s should replace the place-holder with data from aws secrets manager at time of mounting/using the secret inside the pod.

Can anyone please suggest the right way or tool for it?


1 Answer

You could either use one approach or the other. We have a new EKS v2 workshop that goes into Sealed Secrets.
_---------- I saw this online which is a 3rd party blog, but have not tested it. It is not official though (

profile pictureAWS
answered a year ago
  • Thanks Roly for your reply. Actually what you suggested is implemented in my current setup. SSCSID creates the k8s secret in this way and that is easily readable. I want to know if we can have secret which will not contain the actual data in k8s secret - It should contain the the place holder for the data.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions