-
Notifications
You must be signed in to change notification settings - Fork 455
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
d93e4fa
commit 88a8e84
Showing
11 changed files
with
75 additions
and
2 deletions.
There are no files selected for viewing
18 changes: 18 additions & 0 deletions
18
manifests/modules/security/secrets-manager/deployment copy.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
apiVersion: apps/v1 | ||
kind: Deployment | ||
metadata: | ||
name: catalog | ||
spec: | ||
template: | ||
spec: | ||
containers: | ||
- name: catalog | ||
env: | ||
- name: DB_USER | ||
valueFrom: | ||
secretKeyRef: | ||
name: catalog-sealed-db | ||
- name: DB_PASSWORD | ||
valueFrom: | ||
secretKeyRef: | ||
name: catalog-sealed-db |
6 changes: 6 additions & 0 deletions
6
manifests/modules/security/secrets-manager/kustomization copy.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
apiVersion: kustomize.config.k8s.io/v1beta1 | ||
kind: Kustomization | ||
bases: | ||
- ../../../base-application/catalog | ||
patches: | ||
- deployment.yaml |
9 changes: 9 additions & 0 deletions
9
manifests/modules/security/secrets-manager/new-catalog-db copy.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
apiVersion: v1 | ||
kind: Secret | ||
metadata: | ||
name: catalog-sealed-db | ||
namespace: catalog | ||
type: Opaque | ||
data: | ||
password: ZGVmYXVsdF9wYXNzd29yZA== | ||
username: Y2F0YWxvZ191c2Vy |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file added
BIN
+126 KB
website/docs/security/secrets-management/secrets-manager/assets/choose-type.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+132 KB
...te/docs/security/secrets-management/secrets-manager/assets/configure-secret.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+127 KB
...te/docs/security/secrets-management/secrets-manager/assets/store-new-secret.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
--- | ||
title: "Storing secrets in AWS Secrets Manager" | ||
sidebar_position: 63 | ||
--- | ||
|
||
To store a secret in AWS Secrets Manager, you can either use the AWS Console or the AWS CLI. We will cover both scenarios below. | ||
|
||
### AWS Console | ||
|
||
If you choose to use the AWS Console, navigate to the [AWS Secrets Manager Console](https://console.aws.amazon.com/secretsmanager/landing), an click on the **Store a new Secret** orange button, on the right hand side of the screen. | ||
|
||
![store-new-secret](./assets/store-new-secret.png) | ||
|
||
In the first screen *Choose secret type*, select *Other type of secret*, fill the *Key/value pairs* as shown below an click **Next**. | ||
|
||
![choose-type](./assets/choose-type.png) | ||
|
||
|
||
In the second screen *Configure secret*, type the secret name, and click **Store**. | ||
|
||
![configure-secret](./assets/configure-secret.png) | ||
|
||
|
||
Leave the rest of the configuration with the default values, then click **Create**. | ||
|
||
### AWS CLI | ||
|
||
If you prefere to use the AWS CLI, run the command like the example below in you Cloud9 Environment. | ||
|
||
```bash | ||
$ aws secretsmanager create-secret --name "eks-workshop/static-secret" --secret-string '{"username":"testdb_user", "password":"super-sekret"}' --region $AWS_REGION | ||
{ | ||
"ARN": "arn:aws:secretsmanager:$AWS_REGION:$AWS_ACCOUNT_ID:secret:eks-workshop/static-secret-ABCdef", | ||
"Name": "eks-workshop/static-secret", | ||
"VersionId": "7e0b352d-6666-4444-aaaa-cec1f1d2df1b" | ||
} | ||
``` | ||
|
||
Validate the new stored secret in the [AWS Secrets Manager Console](https://console.aws.amazon.com/secretsmanager/listsecrets) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters