Annotations
Important
This is available as a beta feature.
Follow the steps documented below to use Secret Store annotations to dynamically retrieve secrets from the AWS Secret Manager. Workloads based on k8s YAML can use the supported annotations for Secret Store to dynamically retrieve secrets from Secret Manager to the pod's environment variables.
YAML Example¶
Here is an example yaml for a deployment with containers pulling secrets from AWS Secret Manager.
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
annotations:
rafay.dev/secretstore: csi-aws
csi-aws.secretstore.rafay.dev/config-1: |
{
"secret-name": "demo-secret",
"mount-path": "/mnt/secrets-store1"
}
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
serviceAccountName: test-sa
containers:
- name: nginx-deployment
image: nginx
ports:
- containerPort: 80