Auth mech for AWS Secret CSI Driver #245

andrewgkew · 2023-07-04T15:59:00Z

andrewgkew
Jul 4, 2023

According to the docs and the more I play with this CSI driver it seems I can only authenticate with a role ie. IRSA but what if I want to use this on a local dev cluster like Kind?

What if I want to authenticate using an IAM user i.e. access and secret key? Can I not do that?

andrewgkew · 2023-07-04T16:01:38Z

andrewgkew
Jul 4, 2023
Author

Looks like according to this file that IRSA is the only way right now?

https://github.com/aws/secrets-store-csi-driver-provider-aws/blob/main/auth/auth.go

0 replies

joebowbeer · 2023-08-04T01:21:34Z

joebowbeer
Aug 4, 2023

Try mounting ~/.aws to /root/.aws in the secrets-store-csi-driver pods.

Then ASCP may be able to assume a chained role (IRSA annotation) in a local cluster using your local ~/.aws/credentials.

Related discussion: external-secrets/external-secrets#2567

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Auth mech for AWS Secret CSI Driver #245

Uh oh!

{{title}}

Uh oh!

Replies: 2 comments

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Select a reply

Uh oh!

Auth mech for AWS Secret CSI Driver #245

Uh oh!

andrewgkew Jul 4, 2023

Replies: 2 comments

Uh oh!

andrewgkew Jul 4, 2023 Author

Uh oh!

Uh oh!

joebowbeer Aug 4, 2023

andrewgkew
Jul 4, 2023

andrewgkew
Jul 4, 2023
Author

joebowbeer
Aug 4, 2023