Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Documentation on how to use a secret as an env var #286

Open
jruiz-galeotech opened this issue Oct 18, 2023 · 4 comments
Open

Documentation on how to use a secret as an env var #286

jruiz-galeotech opened this issue Oct 18, 2023 · 4 comments
Labels
enhancement New feature or request

Comments

@jruiz-galeotech
Copy link

Hello. We have a secret in AWS Secrets Manager in JSON format ({"host":"www.host.com","user":"theuser","pass":"thepass"}) and we'd like to retrieve each of the fields and inject them as env var to a container, however, the documentation for this use case in the case of AWS provider is missing. I can see some documentation for Azure here but not for AWS. Would it be possible to add it? Thanks in advance.
@jruiz-galeotech jruiz-galeotech added the enhancement New feature or request label Oct 18, 2023
@vettom vettom mentioned this issue Oct 23, 2023
Open
@vettom
Copy link

vettom commented Oct 23, 2023

I had same challenges in EKS. I have created pull request, also updated in my repo here https://github.com/vettom/Aws-Eks-SecretsManager

@TuanPointC
Copy link

I have same issue, but i do not create k8s secret object

@gonewaje
Copy link

gonewaje commented Nov 4, 2024
edited
Loading

let say you have secret in aws with this value :

{
    "username": "user",
    "password": "pass"
}

create SecretProviderClass

apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
  name: myspcname
spec:
  provider: aws
  secretObjects:
  - secretName: mysecretname
    data:
    - objectName: secret-username    # value get from objectAlias
      key: username
    type: Opaque
  parameters:
    objects: |
      - objectName: "<secret ARN / secret name in aws>"
        objectType: secretsmanager
        jmesPath: 
            - path: username     # json path on your secret aws
              objectAlias: "secret-username"

then set as env var on your deployment

      containers:
        env:
        - name: ZZZSECRET_USERNAME
          valueFrom:
            secretKeyRef:
              name: mysecretname
              key: username

enroot@nginx-deployment-6d4bff647b-hvppq:/# env | grep ZZ
ZZZSECRET_USERAME=user

@rubensa
Copy link

rubensa commented Feb 26, 2025

This is an alternative way of configuring than the one provided by @gonewaje

Lets say you have secret in aws with this value:

{
    "username": "user",
    "password": "pass"
}

Create SecretProviderClass:

apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
  name: myspcname
spec:
  provider: aws
  parameters:
    objects: |
      - objectName: "<secret ARN / secret name in aws>"
        objectType: secretsmanager
        jmesPath: 
          - path: username # json path on your secret aws
            objectAlias: "secret-username"
  secretObjects:
  - secretName: mysecretname
    data:
      - objectName: secret-username # value get from objectAlias
        key: ZZZSECRET_USERNAME # will be the env variable name
    type: Opaque

Then set as envFrom on your deployment (so all keys are available as env vars):

      containers:
        envFrom:
          - secretKeyRef:
            name: mysecretname

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@rubensa @vettom @TuanPointC @gonewaje @jruiz-galeotech