Hi folks! I'm currently setting up a production-grade Kubernetes cluster on AWS using EC2 and RKE2, and I'm looking for advice on managing secrets securely. I'm trying to choose between AWS Secrets Manager's External Secrets Operator (ESO) and the Secret CSI Driver. Additionally, I've heard about HashiCorp Vault and wondered if it might be a better option overall. Currently, I'm storing critical items like database credentials, with the potential to add more secrets in the future. Any insights would be greatly appreciated!
1 Answer
I've been using the External Secrets Operator with AWS Secrets Manager on an EKS cluster with Rancher. It works really well for production environments, especially when you automate deployments with GitHub Actions. My dev team pulls secrets from GitHub, and with ESO, every deployment automatically fetches the necessary secrets. This setup is great for managing multiple clusters while keeping each cluster isolated for a single tenant.
That's great to hear! Have you experienced any issues or downsides with that setup?