Support AWS Secret Manager to keep the configuration values #7
Labels
enhancement
New feature or request
Comments
|
thanks! do you have a preferred way of accessing values from AWS SM inside K8s? I'm not aware of any direct integrations, thought it would be nice to have a secret csi driver. Another option is a direct client call, but that will also require some IAM context in the pod or keys loaded directly. |
|
We can assign the AWS secret manager access role to the adapter pod with the IAM Roles for Service Accounts feature, and get the secrets with the aws api calls. |
zhill
pushed a commit
that referenced
this issue
Mar 21, 2020
* Draft the codes of read credential from aws secret manager * Add more debug logs * Resolve conflict * Fix a typo * Apply the factory pattern to load the credential * fix import cycle * cleanup import * Fix typo * Fix the credential factory usage * Change the method name to LoadFromCredentialStore * Enable reading credential from aws secret manager
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Anchore user name and password are required as the configuration items, and it's not a best secure approach to keep them as a plain text or k8s secrets.
We plan to enable the support with AWS Secret Manager which will be used to store the configuration as json format as below; and the adpater will read it during the runtime.
{
"endpoint": "http://anchore-anchore-engine-api.default.svc.cluster.local:8228",
"username": "harbor",
"password": "harboruserpass123",
"timeoutSeconds": 10,
"filterVendorIgnoredVulns": false
}
The text was updated successfully, but these errors were encountered: