AWS Secrets Manager and Config Provider for Secret Store CSI Driver¶
AWS offers two services to manage secrets and parameters conveniently in your code. AWS Secrets Manager allows you to easily rotate, manage, and retrieve database credentials, API keys, certificates, and other secrets throughout their lifecycle. AWS Systems Manager Parameter Store provides hierarchical storage for configuration data. The AWS provider for the Secrets Store CSI Driver allows you to make secrets stored in Secrets Manager and parameters stored in Parameter Store appear as files mounted in Kubernetes pods.
Usage¶
AWS Secrets Store CSI Driver can be deployed by enabling the add-on via the following.
You can optionally customize the Helm chart via the following configuration.
enable_secrets_store_csi_driver = true
enable_secrets_store_csi_driver_provider_aws = true
secrets_store_csi_driver_provider_aws = {
name = "secrets-store-csi-driver"
chart_version = "0.3.2"
repository = "https://aws.github.io/secrets-store-csi-driver-provider-aws"
namespace = "kube-system"
values = [templatefile("${path.module}/values.yaml", {})]
}
Verify metrics-server pods are running.