External secrets create multiple secrets in k8s

[mariusv]

Heya,

If one needs to create multiple Kubernetes secrets from AWS Secrets Manager (for example) can't do it as for now the rok8s-scripts will just pull all secrets in AWS_SECRETS and merge them in the EXTERNAL_SECRETS_K8S_NAME which will create the Kubernetes secret.

Would be nice to have this option to create multiple k8s secrets from specific AWS/GCP secrets manager.

For now the workaround is to create one secret in k8s and then selectively mount or use the keys as needed.

For example:

  volumes:
  - name: foo
    secret:
      secretName: mysecret
      items:
      - key: username
        path: my-group/my-username

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[gaspo53]

Hey! Do you have an example on how to use AWS_SECRETS with get-secrets? I just need to inject a value from a secret for the template rendering (I don't need to create kubernetes secrets, just read AWS ones).

Thanks!

[sudermanjr]

I don't believe we support that particular use-case with rok8s scripts. You would likely need to retrieve that from AWS before running rok8s.