A Simple Approach for Injecting Secrets Into EKS

A Simple Approach for Injecting Secrets Into EKS

At Galley Solutions, we recently moved from Heroku to containers hosted on Amazon Web Service’s EKS (Elastic Kubernetes Service).

At Galley Solutions, we recently moved from Heroku to containers hosted on Amazon Web Service’s EKS (Elastic Kubernetes Service). During this transition, we kept our first iteration of Kubernetes simple in order to enable Galley to run while moving us toward future growth and overall product expansion. We solved many issues throughout the process, but I chose to write about this specific issue because It was more difficult to find resources about. Shout out to my pair programming partner Taylor Johndrew for brainstorming this solution with me. Let’s first start on the why…

The main goals of the project were to keep standard Kubernetes base64 encoded secrets out of our git repo and to leverage AWS Secrets Manager. We found many different solutions in our research. Some findings were very heavy in their implementation but offered greater security. The solution we devised does not enable secrets encryption at rest in containers. An approach similar to this GitHub — APIServer encryption provider, backed by AWS KMS offers KMS encryption through a provider. Other approaches offered similar secrets hydration through providers (Secrets Manager being one of them) at the expense of added dependencies.

GoDaddy manages a package that appears to handle not just AWS Secrets Manager, but other providers as well… Kubernetes External Secrets — GoDaddy Engineering Blog. The External Secret yaml appeared to be clean and straightforward to implement. I envision Galley using this package, in the future, when we begin to manage a larger number of secrets.

Okay! On to the good stuff. The approach below is a fair game provided that you use EKS and you deploy to EKS through CodeBuild. Here is an overview:

Step 1 — Repository Code

  • Let's create two templates to go in our repo that correspond to one of our services/pods… deployment.yaml and secret.yaml… keep in mind this doesn’t contain all the configuration for actually running EKS, just the pieces for secrets.

aws software-development kubernetes security devops

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

50+ Useful Kubernetes Tools for 2020 - Part 2

Our original Kubernetes tool list was so popular that we've curated another great list of tools to help you improve your functionality with the platform.

Offshore Software Development - Best Practices

To make the most out of the benefits of offshore software development, you should understand the crucial factors that affect offshore development.

Hire AWS Developer

Looking to Hire Professional AWS Developers? The technology inventions have demanded all businesses to use and manage cloud-based computing services and Amazon is dominating the cloud computing services provider in the world. **[Hire AWS...

Hire Dedicated DevOps Developers

Hire our Dedicated DevOps Developers who have in-depth skills and expertise to develop an interactive and secure web application. Get custom DevOps solutions for your project.

Hire Dedicated AWS Developer

Want to Hire AWS Developer for cloud computing services? At **[HourlyDeveloper.io](https://hourlydeveloper.io/ "HourlyDeveloper.io")**, we leverage maximum benefits from the AWS platform ensuring prominent Solutions for business requirements....