You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
# Kustomize Secret Generator Plugin for AWS SSM Parameter Store
2
+
3
+
This plugin can be attached to [Kustomize](https://kustomize.io/) to generate Kubernetes secrets automatically from parameters in [Parameter Store](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html) of AWS Simple System Manager Service (SSM).
4
+
5
+
This can be useful for CI/CD.
6
+
7
+
## Usage
8
+
Download latest `aws-ssm.so` file from releases and put it in your Kustomize plugin directory (default to `~/.config/kustomize/plugin/kvSources/`)
9
+
10
+
and use it in your kustomization file:
11
+
```yaml
12
+
secretGenerator:
13
+
- name: my-secret-name
14
+
kvSources:
15
+
- name: aws-ssm
16
+
pluginType: go
17
+
args:
18
+
- AWS_SSM_PATH=/path/to/my/secrets/ # Required
19
+
- AWS_REGION=ap-southeast-1 # Optional
20
+
- AWS_ACCESS_KEY_ID= # Optional
21
+
- AWS_SECRET_ACCESS_KEY= # Optional
22
+
- AWS_SESSION_TOKEN= # Optional
23
+
- UPPERCASE_KEY=true # Optional
24
+
```
25
+
26
+
Assuming you have two parameter under `/path/to/my/secrets/` such as:
27
+
28
+
`/path/to/my/secrets/key1`with value of `value1` and
29
+
30
+
`/path/to/my/secrets/key2`with value of `value2`
31
+
32
+
the output will be
33
+
34
+
```yaml
35
+
apiVersion: v1
36
+
data:
37
+
KEY1: dmFsdWUx
38
+
KEY2: dmFsdWUy
39
+
kind: Secret
40
+
metadata:
41
+
name: my-secret-name-someRandomHash
42
+
type: Opaque
43
+
```
44
+
45
+
46
+
### Note
47
+
Note that this feature of Kustomize is alpha and is not released yet.
48
+
So to test you have to build it from master branch and run it with `enable_alpha_goplugins_accept_panic_risk` parameter like:
0 commit comments