Currently, it's possible to specify an optional ExternalId, which will be used as part of the assume role, to increase security.
The external-id can only be provided via an annotation at this moment.
Given that the desire is to keep this ExternalId opaque, we would like to avoid exposing its value in the kubernetes manifest, in our CI/CD tool (Spinnaker). As such, it would increase security if we would be able to somehow provide this via a secret. Any ideas?
Currently, it's possible to specify an optional ExternalId, which will be used as part of the assume role, to increase security. The external-id can only be provided via an annotation at this moment.
Given that the desire is to keep this ExternalId opaque, we would like to avoid exposing its value in the kubernetes manifest, in our CI/CD tool (Spinnaker). As such, it would increase security if we would be able to somehow provide this via a secret. Any ideas?