如何将Secrets Manager的秘密作为环境变量在AWS EKS中提供使用。

huangapple go评论54阅读模式
英文:

How to make available secrets manager secrets as environmental variables in aws eks

问题

I'm following this guide.
https://docs.aws.amazon.com/secretsmanager/latest/userguide/integrating_csi_driver.html

Using this we can only mount AWS Secret Manager secrets in AWS EKS.

Now applications like Django etc need those secrets as ENVIRONMENTAL VARIABLES. So how do I make AWS Secrets Manager secrets available in AWS EKS as pod environmental variables very securely?

Also, for applications that depend on secrets in environmental variables, is making sensitive secrets available in ENVIRONMENTAL VARIABLES the only secure/advisable option?

Thanks

英文:

I'm following this guide.
https://docs.aws.amazon.com/secretsmanager/latest/userguide/integrating_csi_driver.html

Using this we can only mount aws secret manager secrets in aws eks

Now applications like Django etc need those secrets as ENVIRONMENTAL VARIABLES. So how do I make available AWS secrets manager secrets in aws eks as pod environmental variables very Securely?

Also for applications which depend on secrets in environmental variables, Is making available sensitive secrets in ENVIRONMENTAL VARIABLES the only secure/advisable option?

Thanks

答案1

得分: 1

你可以使用Secret Store CSI驱动程序来将Secrets Manager中的秘密与Kubernetes Secrets同步。一旦将秘密存储为Kubernetes Secrets,你可以将它们用作环境变量或挂载卷。最好将它们用作挂载卷,因为环境变量可能会在日志、配置等中泄漏。有关如何配置该驱动程序的其他信息,请参阅https://secrets-store-csi-driver.sigs.k8s.io/topics/sync-as-kubernetes-secret.html和https://aws.amazon.com/blogs/security/how-to-use-aws-secrets-configuration-provider-with-kubernetes-secrets-store-csi-driver/。如果你不想使用CSI驱动程序,你可以使用https://external-secrets.io/v0.8.1/。

英文:

You can use the Secret Store CSI Driver for Secrets Manager to synchronize secrets in Secrets Manager with Kubernetes Secrets. Once the secrets are stored as Kubernetes secrets you can consume them as environment variables or mounts. It's "safer" to consume them as mounts because environment variables can leak in logs, configuration, etc. See https://secrets-store-csi-driver.sigs.k8s.io/topics/sync-as-kubernetes-secret.html and https://aws.amazon.com/blogs/security/how-to-use-aws-secrets-configuration-provider-with-kubernetes-secrets-store-csi-driver/ for additional information on how to configure the driver. If you don't want to use the CSI driver, you can use https://external-secrets.io/v0.8.1/.

huangapple
  • 本文由 发表于 2023年5月14日 19:19:53
  • 转载请务必保留本文链接:https://go.coder-hub.com/76247203.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定