Referencing KMS encrypted kubernetes secret in spring boot, application.yaml

Asked Aug 22 '22 at 11:32

Active Aug 22 '22 at 11:32

Viewed 124 times

lets say I have a kubernetes secret like:

apiVersion: v1
kind: Secret
metadata:
  name: mysecret
type: Opaque
data:
  USER_NAME: YWRtaW4=
  PASSWORD: MWYyZDFlMmU2N2Rm

When USER_NAME and PASSWORD are within the running Pod. They are KMS encrypted. How would I reference them in a springboot application.yaml?

How can I decrypt them?

Thanks

asked Aug 22 '22 at 11:32

Josh

https://docs.aws.amazon.com/kms/latest/APIReference/API_Decrypt.html – SYN Aug 22 '22 at 11:53
@SYN So I need to send a request to this api in my spring boot app and then pass it to my application.yaml? :S – Josh Aug 22 '22 at 12:07
You could use some script decrypting your secret before starting your app (eg, using AWS CLI: https://docs.aws.amazon.com/cli/latest/reference/kms/decrypt.html#synopsis), or you may call the AWS API from your app. – SYN Aug 22 '22 at 12:38

0 Answers0