AWS Secrets Manager
To add secrets from AWS Secrets Manager, we need to create a generic Kubernetes secret for AWS authentication.
Create a Kubernetes secret in the namespace in which the application is to be deployed using base64 encoded AWS access-key and secret-access-key. You can use a Devtron generic chart for it.
Note: You don't have to create the Kubernetes secret every time you create external secret for the respective namespace.
![](https://docs.devtron.ai/~gitbook/image?url=https%3A%2F%2Fdevtron-public-asset.s3.us-east-2.amazonaws.com%2Fimages%2Fcreating-application%2Fsecrets%2Faws-secret-generic-chart.jpg&width=768&dpr=4&quality=100&sign=9993758ac207de639fdba97de0c2917edbded7244c318d27b4265cf12daa156b)
After creating the generic secret, navigate to Secrets
section of the application and follow the steps mentioned below :
1. Click Add Secret
to add a new secret
![](https://docs.devtron.ai/~gitbook/image?url=https%3A%2F%2Fdevtron-public-asset.s3.us-east-2.amazonaws.com%2Fimages%2Fcreating-application%2Fsecrets%2Fadd-secrets.jpg&width=768&dpr=4&quality=100&sign=839442eb515d7d42b2ca64e172d806df0ce7bf8706c97013a0316ebb5766a03b)
2. Select AWS Secret Manager
under External Secret Operator
(ESO) from the dropdown of Data type
![](https://docs.devtron.ai/~gitbook/image?url=https%3A%2F%2Fdevtron-public-asset.s3.us-east-2.amazonaws.com%2Fimages%2Fcreating-application%2Fsecrets%2Faws-secret-manager-dropdown.jpg&width=768&dpr=4&quality=100&sign=eb68aa4218193691245983296c37d438a6a725fa195c5366ebd78d2b761e5906)
3. Configure the secret
Key | Description |
---|---|
| AWS region in which secret is created |
| Name of secret created that would be used for authentication |
| In generic secret created for AWS authentication, variable name in which base64 encoded AWS access-key is stored |
| Name of secret created that would be used for authentication |
| In generic secret created for AWS authentication, variable name in which base64 encoded secret-access-key is stored |
| Key name to store secret |
| AWS Secrets Manager secret name |
| AWS Secrets Manager secret key |
![](https://docs.devtron.ai/~gitbook/image?url=https%3A%2F%2Fdevtron-public-asset.s3.us-east-2.amazonaws.com%2Fimages%2Fcreating-application%2Fsecrets%2Faws-eso.jpg&width=768&dpr=4&quality=100&sign=207ee77a79b47b0269d95d0fcb44cacbcb44246bfdfdf8914a39f66a84ff4c2a)
![](https://docs.devtron.ai/~gitbook/image?url=https%3A%2F%2Fdevtron-public-asset.s3.us-east-2.amazonaws.com%2Fimages%2Fcreating-application%2Fsecrets%2Faws-external-secret.jpg&width=768&dpr=4&quality=100&sign=eef77e3f5f6ba4fc4b0afe462d2a37ba86517bec694a994e3bf6970f33ef6b73)
4. Save the secret
ESO AWS secrets Manager Setup with Devtron using ClusterSecretsStore
ClusterSecretStore provides a secure and centralized storage solution for managing and accessing sensitive information, such as passwords, API keys, certificates, and other credentials, within a cluster or application environment.
Requirement: Devtron deployment template chart version should be 4.17 and above.
To setup ESO AWS secrets manager with Devtron using ClusterSecretsStore, follow the mentined steps:
1. Create a secret for AWS authentication
Create a Kubernetes secret in any namespace using base64 encoded AWS access-key and secret-access-key. You can use the devtron generic chart for this.
![](https://docs.devtron.ai/~gitbook/image?url=https%3A%2F%2Fdevtron-public-asset.s3.us-east-2.amazonaws.com%2Fimages%2Fcreating-application%2Fsecrets%2Faws-secret-generic-chart.jpg&width=768&dpr=4&quality=100&sign=9993758ac207de639fdba97de0c2917edbded7244c318d27b4265cf12daa156b)
2. Create a ClusterSecretStore
Create a ClusterSecretStore
using the secret created for AWS authentication in step 1.
3. Create a secret in the application using ESO AWS Secrets Manager
Go to the application where you want to create an external secret. Navigate to secrets section under application configuration and create a secret using ESO AWS Secrets Manager.
Last updated