New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to add multiple secrets #22
Comments
is this possible? I'd also like to know. |
Hi! Unfortunately, it isn't possible today. Can we just extend the spec to accept two or more Also I'm curious - what's the expected use-case of this? |
Avoid polluting ASM with too many key/value pairs, and be able to atomic updates to a set of secrets that are related and should be versioned together. See an example here: https://docs.aws.amazon.com/secretsmanager/latest/userguide/tutorials_basic.html They provide an example like this one which has a
So I think a similar expectation where we could serialize perhaps the secret as JSON when we write it to ASM. Then when the operator writes the secret, it becomes something like this (basing it off the example here):
maybe we would define the
|
Actually, I think in your example, you already show how this is possible:
So maybe it already works? =) @Nuru can you try? e.g.
(I think this is different from what @dnarwani is asking, but this works for our use-case) |
Just started investigating secretsmanager to move away from a sops-based workflow. Agree with @osterman that the above should just work. I am building secrets with Pulumi but I add this an example value:
This results in being able to do the following which aligns with how our applications currently use secrets. Right now they are encrypted in the repo (appsettings.json). Upon deploy, sops decrypts the secrets in place - that folder is then mounted as a Secrets volume in the pod.
Glad I stumbled across this because my first thought was to:
End result is same file mounted as a secret in Kubernetes - however with the risks/caveats outlined in the readme about the CI/CD system having decrypted secrets etc. I'll still probably work on step 1 to do initial secret population. |
Hey, can any one suggest to use secrets from parameter store using this method. I have used this https://github.com/toVersus/aws-ssm-operator which points as a ref to this repo. But here i am not able to get secrets more than 10, |
@sh240293 This is what it does and there's no hard limit of 10. aws-secret-operator/controllers/awssecret_controller.go Lines 57 to 115 in 564875e
Also, this issue was about trying to create a single K8s secret from multiple secretsmanager secrets using the key hierarchy, which isn't relevant with your goal as I think, |
Hey @mumoshu thanks for the reply, I have configured an operator that works with parameter store on basis of path and it will sync all variables defined at that common path, however i gone through deep into troubleshoot i got this error message "E0414 06:29:07.599684 1 reflector.go:134] sigs.k8s.io/controller-runtime/pkg/cache/internal/informers_map.go:126: Failed to list *v1alpha1.ParameterStore: v1alpha1.ParameterStoreList.Items: []v1alpha1.ParameterStore: v1alpha1.ParameterStore.Spec: v1alpha1.ParameterStoreSpec.ValueFrom: v1alpha1.ValueFrom.ParameterStoreRef: v1alpha1.ParameterStoreRef.Path: ReadString: expects " or n, but found [, error found in #10 byte of ...|:{"path":["/farmstoc|..., bigger context ...|"spec":{"valueFrom":{"parameterStoreRef":{"path":["/farmstock-backend/dev/"]}}}}],"kind":"ParameterS|..." I have no idea on the coding part, but if you can suggest how i can fix that would be really helpful to me. That https://github.com/toVersus/aws-ssm-operator unfortunately this github owner is not responding. |
@sh240293 Hey. Your error seems to be coming from https://github.com/toVersus/aws-ssm-operator, not aws-secret-operator. |
I have a secret called
apiVersion: mumoshu.github.io/v1alpha1
kind: AWSSecret
metadata:
name: db-secrets
namespace: authentication
spec:
stringDataFrom:
secretsManagerSecretRef:
secretId: mysecret
versionId: ee113603-3254-478a-bb27-40027ae4ff60
I want to be to add multiple entries in 1 secret, is this possible?
The text was updated successfully, but these errors were encountered: