Thanks for the video! I'm seeing that you are having some failures with editing the vault-internal service that you cut from the video. I'm also having this error following along with the video. What did you do behind the scenes to make that work? Thanks
You see it in the video. I got the same error. You have to delete the lines with clusterIP and change the type to NodePort. Kubernetes does not let you and say it is saved to a file. Then like in the video kubectl delete -f file and kubectl apply -f file. And then you will have the NodePort.
This just an mechanism to fetch secrets from vault, / aws secret manager and then update it to kubernetes secrets. it will base64 encoded, as long as no one has access to your cluster and aws account, application is safe
Hi sir , I need a solution for the infra setup I'm using. I'm using external secrets operator for secrets management Consider I'm dynamically creating new envs for testing so that they are dynamically creating external secrets and kubernetes secrets for the service (frontend or backend)which will get provisioned . Here in my AWS secrets manager I have templating in the values of keys. Example:- db_name : tf-{{ ENV_NAME }}-{{ BASE_DOMAIN }} So while creating kubernetes secret from external secrets I want to dynamically replace this {{ ENV_NAME }} and {{ BASE_DOMAIN }} with the namespace that I'm dynamically creating for the new env that I'm provisioning and xyz respectively. How can I include templating logic in external secret file so that it will Directly create a templated kubernetes secret file .
Very well explained! Thank you.
Very good explanation
HI, Thanks for this video, is this the same as csi -secret store provider driver in one of your other videos ?
No this is different, if you see the demo portion, it shows how this one works.
Great video,
Thanks for the video! I'm seeing that you are having some failures with editing the vault-internal service that you cut from the video. I'm also having this error following along with the video. What did you do behind the scenes to make that work? Thanks
Did you try from the Repo ?
You see it in the video. I got the same error. You have to delete the lines with clusterIP and change the type to NodePort. Kubernetes does not let you and say it is saved to a file. Then like in the video kubectl delete -f file and kubectl apply -f file. And then you will have the NodePort.
I have a query. with this method, still the secrets can be decoded at the kubernetes end right? So is this secure enough?
This just an mechanism to fetch secrets from vault, / aws secret manager and then update it to kubernetes secrets. it will base64 encoded, as long as no one has access to your cluster and aws account, application is safe
Hi sir , I need a solution for the infra setup I'm using.
I'm using external secrets operator for secrets management
Consider I'm dynamically creating new envs for testing so that they are dynamically creating external secrets and kubernetes secrets for the service (frontend or backend)which will get provisioned .
Here in my AWS secrets manager I have templating in the values of keys.
Example:- db_name : tf-{{ ENV_NAME }}-{{ BASE_DOMAIN }}
So while creating kubernetes secret from external secrets I want to dynamically replace this {{ ENV_NAME }} and {{ BASE_DOMAIN }} with the namespace that I'm dynamically creating for the new env that I'm provisioning and xyz respectively.
How can I include templating logic in external secret file so that it will Directly create a templated kubernetes secret file .
Nice 👍
gr888 session