Cross account secret access

aws / secrets-store-csi-driver-provider-aws

The AWS provider for the Secrets Store CSI Driver allows you to fetch secrets from AWS Secrets Manager and AWS Systems Manager Parameter Store, and mount them into Kubernetes pods.

Apache License 2.0

476 stars 134 forks source link

Cross account secret access #363

Closed nitrocode closed 5 months ago

nitrocode commented 5 months ago

Hi.

In account secrets, I have a secret I'd like to use in a pod. This secret allows the IRSA in eks account to access it using a resource policy.

In account eks, I have an EKS cluster with a pod that assumes an IRSA in the same account.

How do I mount the secret in account secrets into the pod in account eks without having to copy over the secret to the other account?

nitrocode commented 5 months ago

Nevermind. I missed that I can set the full arn in the objectName on the readme.

objectName: This field is required. It specifies the name of the secret or parameter to be fetched. For Secrets Manager this is the SecretId parameter and can be either the friendly name or full ARN of the secret. For SSM Parameter Store, this must be the Name of the parameter and can not be a full ARN.