Skip to content


In this self-paced exercise, you will learn how to setup AWS Secrets Manager for use on an EKS cluster by using the Secrets Store CSI Driver Managed Add-on.

Managed System Add-ons are available in the controller by default for users. One or more managed add-ons can be added to a blueprint and deployed to clusters.

Secrets Store CSI Driver Add-on includes two components:

  • Kubernetes Secrets Store CSI Driver - The Secrets Store CSI Driver allows Kubernetes to mount multiple secrets, keys, and certs stored in enterprise-grade external secrets stores into their pods as a volume. Once the Volume is attached, the data in it is mounted into the container’s file system.

  • Provider specific plugin for the Secrets Store CSI Driver - For AWS Secrets Manager, this would be the AWS Secrets and Configuration Provider (ASCP). ASCP allows you to make secrets stored in Secrets Manager appear as files mounted in Amazon EKS pods.

What Will You Do by Part

Part What will you do?
1 Provision an Amazon EKS Cluster
2 Create Blueprint with Secrets Store CSI Driver
3 Create Workload to access Secrets Manager
4 Deprovision the EKS cluster


  • You have access to an Amazon AWS account with privileges to create an IAM Role with the default Full IAM Policy to allow provisioning of resources on your behalf as part of the EKS cluster lifecycle.