Sha256: c157ffb0a909c604ada9a86058a71c8fab2bcd2db640ce7bc0cf8e1d64b797ee
Contents?: true
Size: 1.44 KB
Versions: 30
Compression:
Stored size: 1.44 KB
Contents
---
title: AWS Secrets
nav_text: Secrets
categories: helpers-aws
---
The `aws_secret` helper fetches secret data from AWS Secrets Manager.
## Example
.kubes/resources/shared/secret.yaml
```yaml
apiVersion: v1
kind: Secret
metadata:
name: demo
labels:
app: demo
data:
PASS: <%= aws_secret("demo-#{Kubes.env}-PASS") %>
USER: <%= aws_secret("demo-#{Kubes.env}-USER") %>
```
For example if you have these secret values:
$ aws secretsmanager get-secret-value --secret-id demo-dev-PASS | jq '.SecretString'
test1
$ aws secretsmanager get-secret-value --secret-id demo-dev-USER | jq '.SecretString'
test2
$
.kubes/output/shared/secret.yaml
```yaml
metadata:
namespace: demo
name: demo-2a78a13682
labels:
app: demo
apiVersion: v1
kind: Secret
data:
PASS: dGVzdDEK
USER: dGVzdDIK
```
By default, the values are automatically base64 encoded.
## Base64 Option
By default, the values are automatically base64 encoded. You can change the default behavior with a config option.
.kubes/config.rb
```ruby
KubesAws.configure do |config|
config.secrets.base64 = false
end
```
Note: The use of `KubesAws.configure` instead of `Kubes.configure` here.
You can also set the `base64` option to turn on and off the automated base64 encoding on a per secret basis.
```ruby
aws_secret("demo-#{Kubes.env}-USER", base64: true) # default is base64=true
aws_secret("demo-#{Kubes.env}-PASS", base64: false)
```
{% include helpers/base64.md %}
Version data entries
30 entries across 30 versions & 1 rubygems