Using AWS Secrets and Configuration Provider with Kubernetes Secret Store CSI Driver
AWS Secrets Manager securely retrieves secrets from the AWS Secrets Manager for Amazon Elastic Kubernetes Service (Amazon EKS) Kubernetes pods.
AWS Secrets and Config Provider (ASCP) contains an an easy-to-use plugin that provides secrets to applications that operate on Amazon EKS. The plugin supports industry-standard Kubernetes Secrets Store and Container Storage Interface (CSI) driver.
The benefits of ASCP are as follows:
- Provides compatibility for legacy Kubernetes workloads that fetched secrets
through the file system or
etcd
. - Securely store and manage your secrets in Secrets Manager.
- Retrieve secrets, using applications that run on Kubernetes, without writing a custom code.
- Use AWS Identity and Access Management (IAM) and resource policies on your secret to limit and restrict access to specific Kubernetes pods inside a cluster to tightly control secrets accessible by the pods.
AWS Secrets Manager Working Concept with Unica