Kubernetes operator that synchronizes secrets from AWS Secrets Manager with kube secrets.
The operator is designed to run under Kubernetes and is deployed using Helm. It regularly fetches all AWS secrets having a specific tag and creates, updates or deletes the corresponding secrets in the Kubernetes cluster.
AWS secrets must have:
- a
K8S-Namespacetag to specify the operator which namespace to create the kube secret into - a tag corresponding to
TAG_KEY:TAG_VALUEused to run the operator (see below)
| Variable name | Optional | Description | Default value |
|---|---|---|---|
AWS_REGION |
false | AWS region of secrets to synchronize | None |
SYNC_INTERVAL |
true | Time to wait between synchronizations | 300 |
SYNC_EMPTY |
true | If false, empty values are ignored in sync process |
true |
AWS_TAG_KEY |
true | Tag key used to filter AWS secrets | SyncedBy |
AWS_TAG_VALUE |
true | Tag value used to filter AWS secrets | aws-secrets-synchronizer |
LOG_LEVEL |
true | Log level | INFO |
virtualenv venv
source venv/bin/activate
pip install -r requirements.txt
# upgrade packages
pip install "<package==version>"
pip freeze > requirements.txt
# exit virtualenv
deactivateSee https://packaging.python.org/en/latest/guides/installing-using-pip-and-virtual-environments/