Skip to content

Annotations

Important

This is available as a beta feature.

Follow the steps documented below to use Secret Store annotations to dynamically retrieve secrets from the AWS Secret Manager. Workloads based on k8s YAML can use the supported annotations for Secret Store to dynamically retrieve secrets from Secret Manager to the pod's environment variables.


YAML Example

Here is an example yaml for a deployment with containers pulling secrets from AWS Secret Manager.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
  annotations:
    rafay.dev/secretstore: csi-aws
    csi-aws.secretstore.rafay.dev/config-1: |
        {
            "secret-name": "demo-secret",
            "mount-path": "/mnt/secrets-store1"
        }
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      serviceAccountName: test-sa
      containers:
      - name: nginx-deployment
        image: nginx
        ports:
        - containerPort: 80
‚Äč