Skip to content

Commit

Permalink
Adding secret store
Browse files Browse the repository at this point in the history
  • Loading branch information
rodrigobersa committed Oct 10, 2023
1 parent d93e4fa commit 88a8e84
Show file tree
Hide file tree
Showing 11 changed files with 75 additions and 2 deletions.
18 changes: 18 additions & 0 deletions manifests/modules/security/secrets-manager/deployment copy.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: catalog
spec:
template:
spec:
containers:
- name: catalog
env:
- name: DB_USER
valueFrom:
secretKeyRef:
name: catalog-sealed-db
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: catalog-sealed-db
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
bases:
- ../../../base-application/catalog
patches:
- deployment.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
apiVersion: v1
kind: Secret
metadata:
name: catalog-sealed-db
namespace: catalog
type: Opaque
data:
password: ZGVmYXVsdF9wYXNzd29yZA==
username: Y2F0YWxvZ191c2Vy
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
3 changes: 2 additions & 1 deletion website/docs/security/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,4 +9,5 @@ Security at AWS is the highest priority, and is a shared responsibility between

In this chapter, we'll explore various aspects of Amazon EKS related to security. To learn more about security with EKS refer to the [EKS Best Practices Guide](https://aws.github.io/aws-eks-best-practices/security/docs/).

![Shared Responsibility](assets/shared-responsibility.jpg)
![Shared Responsibility](assets/managed-nodegroups.png)
![Shared Responsibility](assets/selfmanaged-nodegroups.png)
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
---
title: "Storing secrets in AWS Secrets Manager"
sidebar_position: 63
---

To store a secret in AWS Secrets Manager, you can either use the AWS Console or the AWS CLI. We will cover both scenarios below.

### AWS Console

If you choose to use the AWS Console, navigate to the [AWS Secrets Manager Console](https://console.aws.amazon.com/secretsmanager/landing), an click on the **Store a new Secret** orange button, on the right hand side of the screen.

![store-new-secret](./assets/store-new-secret.png)

In the first screen *Choose secret type*, select *Other type of secret*, fill the *Key/value pairs* as shown below an click **Next**.

![choose-type](./assets/choose-type.png)


In the second screen *Configure secret*, type the secret name, and click **Store**.

![configure-secret](./assets/configure-secret.png)


Leave the rest of the configuration with the default values, then click **Create**.

### AWS CLI

If you prefere to use the AWS CLI, run the command like the example below in you Cloud9 Environment.

```bash
$ aws secretsmanager create-secret --name "eks-workshop/static-secret" --secret-string '{"username":"testdb_user", "password":"super-sekret"}' --region $AWS_REGION
{
"ARN": "arn:aws:secretsmanager:$AWS_REGION:$AWS_ACCOUNT_ID:secret:eks-workshop/static-secret-ABCdef",
"Name": "eks-workshop/static-secret",
"VersionId": "7e0b352d-6666-4444-aaaa-cec1f1d2df1b"
}
```

Validate the new stored secret in the [AWS Secrets Manager Console](https://console.aws.amazon.com/secretsmanager/listsecrets)
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ title: "Validating AWS Secrets and Configuration Provider (ASCP)"
sidebar_position: 62
---

If you ran the `prepare-environment` script detailed in the [previous step](index.md), it has already installed the AWS Secrets and Configuration Provider (ASCP) for the Kubernetes Secrets Store CSI Driver that's required for this lab.
If you ran the `prepare-environment` script detailed in the [previous step](./index.md), it has already installed the AWS Secrets and Configuration Provider (ASCP) for the Kubernetes Secrets Store CSI Driver that's required for this lab.

Lets then, validate if the addons deployed.

Expand Down

0 comments on commit 88a8e84

Please sign in to comment.