Kubernetes secrets and AWS Secrets Manager - put different ARNs into the same file?

Question

I have multiple secrets in AWS Secrets Manager and I would like them to all end up in the same file when mounted in the Kubernetes container. How do I specify the manifest file to do that?

My manifest file looks like the below. I end up with two secrets files called /mnt/credentials-a.json and /mnt/credentials-b.json. How do I combine them both into one file called /mnt/credentials.json?

apiVersion: secrets-store.csi.x-k8s.io/v1alpha1
kind: SecretProviderClass
metadata:
  name: test-secrets
spec:
  provider: aws
  parameters:
    objects: |
      - objectName: "arn:aws:secretsmanager:us-west-2:111122223333:secret:test1-TYabcD"
        objectAlias: credentials-a.json
      - objectName: "arn:aws:secretsmanager:us-west-2:111122223333:secret:test2-AfabcY"
        objectAlias: credentials-b.json

score 2 · Answer 1 · answered Aug 21 '21 at 00:51

2

The brute force solution is to use the "Plaintext" tab in AWS Secrets Manager and put all the secrets in one secret ARN. I don't have an elegant solution, but I am not looking for form, I am looking for function.

answered Aug 21 '21 at 00:51

Nova

1,234
3
12
25

Kubernetes secrets and AWS Secrets Manager - put different ARNs into the same file?

1 Answers1