Documentation on how to use a secret as an env var

[jruiz-galeotech]

Hello. We have a secret in AWS Secrets Manager in JSON format ({"host":"www.host.com","user":"theuser","pass":"thepass"}) and we'd like to retrieve each of the fields and inject them as env var to a container, however, the documentation for this use case in the case of AWS provider is missing. I can see some documentation for Azure here but not for AWS. Would it be possible to add it? Thanks in advance.

[vettom]

I had same challenges in EKS. I have created pull request, also updated in my repo here https://github.com/vettom/Aws-Eks-SecretsManager

[TuanPointC]

I have same issue, but i do not create k8s secret object

[gonewaje]

let say you have secret in aws with this value :

{
    "username": "user",
    "password": "pass"
}

create SecretProviderClass

apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
  name: myspcname
spec:
  provider: aws
  secretObjects:
  - secretName: mysecretname
    data:
    - objectName: secret-username    # value get from objectAlias
      key: username
    type: Opaque
  parameters:
    objects: |
      - objectName: "<secret ARN / secret name in aws>"
        objectType: secretsmanager
        jmesPath: 
            - path: username     # json path on your secret aws
              objectAlias: "secret-username"

then set as env var on your deployment

      containers:
        env:
        - name: ZZZSECRET_USERNAME
          valueFrom:
            secretKeyRef:
              name: mysecretname
              key: username

enroot@nginx-deployment-6d4bff647b-hvppq:/# env | grep ZZ
ZZZSECRET_USERAME=user