Hi there! I'm currently setting up a production-grade Kubernetes cluster on AWS using EC2 and RKE2. I'm looking for recommendations on the most secure way to manage secrets using AWS Secret Manager. Should I go with the External Secrets Operator (ESO) or the Secret CSI Driver? Also, how does HashiCorp Vault compare in terms of security and usability? Right now, I'm just storing database credentials, but I plan to include more sensitive data in the future. I'd love your insights!
3 Answers
I switched to the Doppler Kubernetes Operator and it's been a game changer for managing secrets. You should definitely check it out – it might fit your needs better.
Honestly, I'm not a fan of how the Secret CSI Driver works. It's really slow and cumbersome for handling secrets, which can be frustrating in a production environment.
I've been using the External Secrets Operator with AWS Secrets Manager and EKS via Rancher in my production setup. It integrates well with GitHub Actions for automation; my dev team utilizes GitHub secrets to push into AWS Secrets Manager. The ESO simplifies pulling secrets for every deployment, which is especially handy when managing multiple clusters under a single tenant.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures