Replies: 1 comment
-
|
We are discussing this internally. There are multiple ways to consume secrets (directly in your application, with one of our client-side caching libraries, through the CSI driver, through a 3rd-party secrets provider, with our newly released Secrets Manager Agent etc). Each solution has its advantages and inconvenients. A big difference between these solutions is how they affect the the size of the threat boundary beyond which accessing the secret value becomes trivial (with fetching your secret directly within the application being safest in that regard). It's a delicate balance between convenience and security. The case for EBS is a lot more straightforward imo since a CSI driver is the obvious solution for attaching a block store to a k8s application. If you do find pain points in installing the secrets store CSI driver and our AWS provider, do let us know by opening an issue. |
Beta Was this translation helpful? Give feedback.
-
Similar to the aws-ebs-csi-driver, this driver is currently packaged as a helm chart. Unlike the EBS driver, however, this one is not an official EKS add-on. Is there a reason this couldn't be promoted as an official add-on?
Beta Was this translation helpful? Give feedback.
All reactions