Member-only story
Enable Kubernetes Pods to Securely Access Secrets Stored in External Systems AWS KMS, Google Cloud KMS, or HashiCorp Vault
6 min readOct 30, 2024
To enable Kubernetes pods to securely access secrets stored in external systems (such as AWS KMS, Google Cloud KMS, or HashiCorp Vault) by injecting them as Kubernetes secrets, you can use Kubernetes External Secrets (KES) alongside a Key Management Service (KMS) provider for encrypting/decrypting these secrets.
Here’s how you can set up this integration:
1. Install Kubernetes External Secrets
Kubernetes External Secrets allows Kubernetes to fetch secrets from external APIs like AWS Secrets Manager, AWS Parameter Store, and HashiCorp Vault. First, install KES in your cluster.
- Add the Helm repository for KES:
helm repo add external-secrets https://charts.external-secrets.io helm repo update- Install the
external-secretsHelm chart:
helm install external-secrets external-secrets/external-secrets --namespace external-secrets --create-namespace- This will deploy the necessary CRDs and controllers in your cluster.
