英文:
How to make available secrets manager secrets as environmental variables in aws eks
问题
I'm following this guide.
https://docs.aws.amazon.com/secretsmanager/latest/userguide/integrating_csi_driver.html
Using this we can only mount AWS Secret Manager secrets in AWS EKS.
Now applications like Django etc need those secrets as ENVIRONMENTAL VARIABLES. So how do I make AWS Secrets Manager secrets available in AWS EKS as pod environmental variables very securely?
Also, for applications that depend on secrets in environmental variables, is making sensitive secrets available in ENVIRONMENTAL VARIABLES the only secure/advisable option?
Thanks
英文:
I'm following this guide.
https://docs.aws.amazon.com/secretsmanager/latest/userguide/integrating_csi_driver.html
Using this we can only mount aws secret manager secrets in aws eks
Now applications like Django etc need those secrets as ENVIRONMENTAL VARIABLES. So how do I make available AWS secrets manager secrets in aws eks as pod environmental variables very Securely?
Also for applications which depend on secrets in environmental variables, Is making available sensitive secrets in ENVIRONMENTAL VARIABLES the only secure/advisable option?
Thanks
答案1
得分: 1
你可以使用Secret Store CSI驱动程序来将Secrets Manager中的秘密与Kubernetes Secrets同步。一旦将秘密存储为Kubernetes Secrets,你可以将它们用作环境变量或挂载卷。最好将它们用作挂载卷,因为环境变量可能会在日志、配置等中泄漏。有关如何配置该驱动程序的其他信息,请参阅https://secrets-store-csi-driver.sigs.k8s.io/topics/sync-as-kubernetes-secret.html和https://aws.amazon.com/blogs/security/how-to-use-aws-secrets-configuration-provider-with-kubernetes-secrets-store-csi-driver/。如果你不想使用CSI驱动程序,你可以使用https://external-secrets.io/v0.8.1/。
英文:
You can use the Secret Store CSI Driver for Secrets Manager to synchronize secrets in Secrets Manager with Kubernetes Secrets. Once the secrets are stored as Kubernetes secrets you can consume them as environment variables or mounts. It's "safer" to consume them as mounts because environment variables can leak in logs, configuration, etc. See https://secrets-store-csi-driver.sigs.k8s.io/topics/sync-as-kubernetes-secret.html and https://aws.amazon.com/blogs/security/how-to-use-aws-secrets-configuration-provider-with-kubernetes-secrets-store-csi-driver/ for additional information on how to configure the driver. If you don't want to use the CSI driver, you can use https://external-secrets.io/v0.8.1/.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论