Skip to main content

External Secrets

Specify secret name in PlatformApplication

Edit .platform/kubernetes/base/application.yaml and add your secret names

spec:
  secrets:
    - name: sample-service

Add external secret resource

Azure KeyVault

  1. Once your application is deployed, PlatformApplication operator will automatically create Azure Key Vault with admin groups based on CloudConfig and name same as application name.
  2. Add Secrets Manually in KeyVaults
  3. Click on specified KeyVault -> Objects -> Secrets -> Generate/import
  4. Set Name as your secret name sample-service, set Secret Value as JSON format like:
{
    "KEY_NAME_1": "VALUE_1",
    "KEY_NAME_2": "value_2",
    "FOO": "BAR"
}
  1. Verify your ExternalSecret and Secret is healthy in ArgoCD ExternalSecret and Secret State Secret key-values
  2. Restart your Deployment, so these key-value pairs is injected to your pods as Environment Variables

AWS Secret Store

  1. Go to AWS Secrets Manager in AWS Console
  2. Click Store New Secret, Select Other type of secret, Add key-value pair for your secrets AWS Create Secret You could also use plain text:
{
    "KEY_NAME_1": "VALUE_1",
    "KEY_NAME_2": "value_2",
    "FOO": "BAR"
}
  1. Click Next, Specify secret name it appears in application.yaml as sample-service. Save Secret Name
  2. Verify your ExternalSecret and Secret is healthy in ArgoCD ExternalSecret and Secret State Secret key-values
  3. Restart your Deployment, so these key-value pairs is injected to your pods as Environment Variables