Overview of AWS Secrets Manager
A secret is a concept that exists outside the realm of Kubernetes. Any type of application will at some point require sensitive information to be integrated with each deployment. An application deployed in the cloud requires secure secret handling. For this reason, cloud providers offer components for secret storage.
When it comes to Kubernetes, we saw in Chapter 1, Understanding Kubernetes Secrets Management, that secret information is stored on etcd. Essentially, etcd is the default secret store of Kubernetes. The crucial question is whether it is possible to have external storage for Secrets on Kubernetes apart from etcd.
This is feasible provided you actively use a cloud provider’s secret storage, or you consider taking advantage of it and utilizing it on Kubernetes. Thanks to the Container Storage Interface and the workload identity, we can utilize the available secret stores.
AWS Secrets Manager (https://aws.amazon.com/secrets-manager...
