Back to module

#Cloud Secrets

Native secret management from cloud providers.

#AWS Secrets Manager

bash
1# Create secret
2aws secretsmanager create-secret \
3  --name myapp/db \
4  --secret-string '{"username":"admin","password":"secret"}'
5
6# Get secret
7aws secretsmanager get-secret-value --secret-id myapp/db
8
9# Rotate secret
10aws secretsmanager rotate-secret --secret-id myapp/db

#Azure Key Vault

bash
1# Create vault
2az keyvault create --name myvault --resource-group myRG
3
4# Set secret
5az keyvault secret set --vault-name myvault --name dbpassword --value "secret"
6
7# Get secret
8az keyvault secret show --vault-name myvault --name dbpassword

#GCP Secret Manager

bash
1# Create secret
2echo -n "supersecret" | gcloud secrets create db-password --data-file=-
3
4# Access secret
5gcloud secrets versions access latest --secret=db-password
6
7# Add version
8echo -n "newsecret" | gcloud secrets versions add db-password --data-file=-

#Kubernetes Integration

yaml
1# External Secrets Operator
2apiVersion: external-secrets.io/v1beta1
3kind: ExternalSecret
4metadata:
5  name: myapp-secret
6spec:
7  secretStoreRef:
8    name: aws-secrets-manager
9    kind: SecretStore
10  target:
11    name: myapp-secret
12  data:
13    - secretKey: db-password
14      remoteRef:
15        key: myapp/db
16        property: password