Tree:
640978ca9e
IdanAdar-patch-1
Switch-UBI-to-go-toolset-as-base-image
aws-iam-anywhere
aws-metadata
beach-team
beach-team-fix/beach-team-pipeline
beach/fix-fake-provider
beach/keyvault-set-secret
bh.ss
broken-link
bump/0.8.13
bunp-helm-chart
chart/certcontroller-partial-cache
chore/bump-0.9.2-branch
chore/bump-controller-runtime
chore/refactor-aws-auth
chore/standardize-vault-auth-paths
chore/update-readme-with-vision
cleanup-keys-when-using-template
coderabbitai/docstrings/17d3e22
conversion-webhook-debug
copilot/fix-code-scanning-alerts
copilot/fix-license-header-typographical-errors
copilot/sub-pr-6021
dependabot/go_modules/github.com/onsi/ginkgo-1.15.1
dependabot/go_modules/sigs.k8s.io/controller-runtime-0.8.3
design/decoding-strategy
dev/jsauvain/plugin_ovh_provider
docs/demo-of-devops-toolkit
e2e-test-run
feat/add-log-values-to-helm-chart
feature/aws-getallsecrets
feature/aws-getallsecrets-trim-root-path
feature/configure-promethues-target-port
feature/custom-cert-secret
feature/gcp-referent-auth
feature/keyvault-deletion-policy
feature/new-provider-structure
fix-infisical-404
fix-test
fix/e2e
fix/gcp-issues
fix/kubernetes-access-review-strategy
fix/vault-lint
fix/vault-not-handling-json-values
gc-fix-update-readme
gc/design/gen-secretstore-v2
gc/fix/ibm
gc/fix/v015.1
gc/rollback-0.15.1
gh-pages
gh-pages-dev
gitlab-validation-refactors
gusfcarvalho-patch-1
main
mj-add-generator
mj-bump-ubiimg
mj-bumps
mj-design-oopp
mj-e2e-managed-aws-tf
mj-expose-admission-warnings
mj-fix-aws-genereator-auth-cache
mj-fix-dashboard
mj-fix-reko
mj-fix-vault-ref-spec
mj-go-mod
mj-provider-mod
mj-pushsecret-generator-state
mj-test-gcp-m
mj-test-mgmt
mj-v2-poc
mj-v2-poc-rebased
poc-workflow
pr-5527
predicate-watch-fix
promote-chart-0.9.11
release-0.10.3-helm-charts
release-0.10.4-helm-charts
release-0.6
release-0.7
release-0.8
release-0.9
release-branch-test-1
release-chart-v0.10.5
release-chart-v0.15.0
release-chart-v0.15.0-2
release-chart-v0.15.0-3
release-helm-2.2.0
release-helm-chart-v0.10.5
release-helm-chart-v0.16.1
release-helm-chart-v0.16.2
release-helm-chart-v0.17.0
release-helm-chart-v0.18.1
release-helm-chart-v0.18.2
release-helm-chart-v0.19.0
release-helm-chart-v0.19.1
release-helm-chart-v0.20.1
release-helm-chart-v0.20.1-2
release-helm-chart-v0.20.1-3
release-helm-chart-v0.20.2
release-helm-chart-v0.20.3
release-helm-chart-v0.20.3-2
release-helm-chart-v0.20.4
release-helm-chart-v1.0.0
release-helm-chart-v1.1.0
release-notes-0.18.0
release-v0.10.6-helm-chart
release-v0.10.6-helm-chart-docs
release-v0.10.7
release-v0.11.0-charts
release-v0.12.1-charts
release-v0.13.0-charts
release-v0.13.0-charts-2
release-v0.14.0-charts
release-v0.14.2-charts
release-v0.14.3-charts
release-v0.14.3-charts-2
release-v0.14.4
revert-662-revert-613-getall-Secrets
sonar-dispatch
test-ca-cert-trouble
test-e2e-no-fork-2
test-e2e-run
test-infra
test-non-fork-e2e-test
update-deps-1679516143
update-deps-1679516914
update-deps-1679517123
update-deps-1679518009
update-deps-1679519068
update-deps-1679520715
update-deps-1679521323
update-deps-1679522475
update-deps-1679524823
update-deps-1679526149
update-deps-1679526150
update-deps-1684144987
update-deps-1684144991
update-deps-1684749783
update-deps-1684749784
update-deps-1685354595
update-deps-1685354598
update-deps-1685959386
update-deps-1685959389
update-deps-1686564186
update-deps-1686564187
update-deps-1687168984
update-deps-1688983412
update-deps-1689588212
update-deps-1689588216
update-deps-1689588218
update-deps-1690192998
update-deps-1690192999
update-deps-1690193006
update-deps-1690797787
update-deps-1690797790
update-deps-1690797793
update-deps-1691402717
update-deps-1692612193
update-deps-1692612200
update-deps-1698660199
update-deps-1699265013
update-deps-1699869789
update-deps-1702893806
update-deps-1703498593
update-deps-1704103390
update-deps-1705313002
update-deps-1705313003
update-deps-1707127435
update-deps-1708337007
update-deps-1708941785
update-deps-1709548582
update-deps-1711361006
update-deps-1728295726
update-deps-1728900214
update-deps-1729505043
update-deps-1730714625
update-deps-1731319410
update-deps-1731924224
update-deps-1733738623
update-deps-1734343423
update-deps-1734948213
update-deps-1735553019
update-deps-1735553021
update-deps-1736157834
update-deps-1736762637
update-deps-1737367411
update-deps-1737367413
update-deps-1737972215
update-deps-1738577008
update-deps-1739181819
update-deps-1739786702
update-deps-1740391424
update-deps-1740996509
update-deps-1741601012
update-deps-1742205840
update-deps-1742810656
update-deps-1744021399
update-deps-1745229858
update-deps-1745836636
update-deps-1746439470
update-deps-1747044270
update-deps-1747649082
update-deps-1748254077
update-deps-1748858663
update-deps-1749463460
update-deps-1750068277
update-deps-1750673073
update-deps-1751277848
update-deps-1751882658
update-deps-1752487463
update-deps-1753092271
update-deps-1753697066
update-deps-1754301928
update-deps-1754906674
update-deps-1755511479
update-deps-1755511483
update-deps-1756116259
update-deps-1762164298
update-deps-1770632590
update-deps-1774261326
update-helm-chart-v0.14.2
update-ibm-docs
update-vault-api
validate-secret-store-gitlab
validate-store-oracle
helm-chart-2.3.0
v2.3.0
helm-chart-2.2.0
v2.2.0
helm-chart-2.1.0
v2.1.0
helm-chart-2.0.1
v2.0.1
helm-chart-2.0.0
v2.0.0
helm-chart-1.3.2
v1.3.2
helm-chart-1.3.1
v1.3.1
v1.3.0
helm-chart-1.2.1
v1.2.1
helm-chart-1.2.0
v1.2.0
helm-chart-1.1.1
v1.1.1
helm-chart-1.1.0
v1.1.0
helm-chart-1.0.0
v1.0.0
v0.2.1-esoctl
v0.2.0-esoctl
helm-chart-0.20.4
v0.20.4
helm-chart-0.20.3
v0.20.3
helm-chart-0.20.2
v0.20.2
helm-chart-0.20.1
v0.20.1
v0.20.0
helm-chart-0.19.2
v0.19.2
helm-chart-0.19.1
v0.19.1
helm-chart-0.19.0
v0.19.0
helm-chart-0.18.2
v0.18.2
helm-chart-0.18.1
v0.18.1
helm-chart-0.18.0
v0.18.0
helm-chart-0.18.0-rc1
v0.18.0-rc1
helm-chart-0.17.1-rc1
v0.17.1-rc1
helm-chart-0.17.0
v0.17.0
helm-chart-0.16.2
v0.16.2
helm-chart-0.16.1
v0.16.1
helm-chart-0.16.0
v0.16.0
helm-chart-0.15.1
v0.15.1
helm-chart-0.15.0
v0.15.0
helm-chart-0.14.4
v0.14.4
helm-chart-0.14.3
v0.14.3
helm-chart-0.14.2
v0.14.2
helm-chart-0.14.1
v0.14.1
helm-chart-0.14.0
v0.14.0
helm-chart-0.13.0
v0.13.0
v0.1.0-esoctl
v0.1.0-render
helm-chart-0.12.1
v0.12.1
v0.12.0
helm-chart-0.11.0
v0.11.0
helm-chart-0.10.7
v0.10.7
helm-chart-0.10.6
v0.10.6
helm-chart-0.10.5
v0.10.5
helm-chart-0.10.4
v0.10.4
helm-chart-0.10.3
v0.10.3
helm-chart-0.10.2
v0.10.2
helm-chart-0.10.1
v0.10.1
helm-chart-0.10.0
v0.10.0
helm-chart-0.9.20
v0.9.20
helm-chart-0.9.19
v0.9.19
helm-chart-0.9.18
v0.9.18
helm-chart-0.9.17
v0.9.17
helm-chart-0.9.16
v0.8.17
v0.8.16
v0.9.16
helm-chart-0.9.15-2
v0.9.15-2
v0.9.15
v0.8.15
helm-chart-0.9.14
v0.9.14
v0.8.14
helm-chart-0.9.13
v0.9.13
v0.8.13
helm-chart-0.9.12
v0.9.12
v0.8.12
helm-chart-0.9.11
v0.9.11
helm-chart-0.9.10
v0.9.10
v0.8.11
v0.8.10
helm-chart-0.9.9
v0.9.9
helm-chart-0.9.8
v0.9.8
helm-chart-0.9.7
v0.9.7
v0.8.9
v0.8.8
helm-chart-0.9.6
v0.9.6
helm-chart-0.9.5
v0.9.5
helm-chart-0.9.4
v0.9.4
helm-chart-0.9.3
helm-chart-0.8.7
v0.9.3
v0.8.7
helm-chart-0.9.2
helm-chart-0.8.6
v0.9.2
v0.8.6
helm-chart-0.8.5
helm-chart-0.9.1
v0.9.1
v0.8.5
helm-chart-0.9.0
helm-chart-0.8.4
v0.9.0
v0.8.4
helm-chart-0.8.3
v0.8.3
helm-chart-0.8.2
v0.8.2
v0.7.3
helm-chart-0.8.1
v0.8.1
helm-chart-0.8.0
v0.8.0
helm-chart-0.7.2
v0.7.2
helm-chart-0.7.1
v0.7.1
helm-chart-0.7.0
v0.7.0
helm-chart-0.7.0-rc1
v0.7.0-rc1
helm-chart-0.6.1
v0.6.1
helm-chart-0.6.0
v0.6.0
helm-chart-0.6.0-rc1
v0.6.0-rc1
helm-chart-0.5.9
v0.5.9
helm-chart-0.5.8
v0.5.8
helm-chart-0.5.7
v0.5.7
helm-chart-0.5.6
v0.5.6
helm-chart-0.5.5
v0.5.5
helm-chart-0.5.4
v0.5.4
helm-chart-0.5.3
v0.5.3
helm-chart-0.5.2
v0.5.2
helm-chart-0.5.1
v0.5.1
helm-chart-0.5.0
v0.5.0
helm-chart-0.4.4
v0.4.4
helm-chart-0.4.3
v0.4.3
helm-chart-0.4.2
v0.4.2
helm-chart-0.4.1
v0.4.1
helm-chart-0.4.0
v0.4.0
helm-chart-0.3.11
v0.3.11
helm-chart-0.3.10
v0.3.10
helm-chart-0.3.9
v0.3.9
helm-chart-0.3.8
v0.3.8
helm-chart-0.3.7
v0.3.7
helm-chart-0.3.6
v0.3.6
v.0.3.6
helm-chart-0.3.5
v0.3.5
helm-chart-0.3.4
v0.3.4
helm-chart-0.3.3
v0.3.3
helm-chart-0.3.2
v0.3.2
helm-chart-0.3.1
v0.3.1
helm-chart-0.3.0
v0.3.0
helm-chart-0.2.3
v0.2.3
helm-chart-0.2.2
v0.2.2
helm-chart-0.2.1
v0.2.1
helm-chart-0.2.0
v0.2.0
v0.1.4
helm-chart-0.1.4
v0.1.3
helm-chart-0.1.3
helm-chart-0.1.2
v0.1.2
helm-chart-0.1.1
v0.1.0
provider-aws-secrets-manager.md 924 B
--8<-- "snippets/provider-aws-access.md"
Secrets Manager
A SecretStore points to AWS Secrets Manager in a certain account within a
defined region. You should define Roles that allow fine-grained access to
individual secrets and pass them to ESO using spec.provider.aws.role. This
way users of the SecretStore can only access the secrets necessary.
{% include 'aws-sm-store.yaml' %}
Create a IAM Policy to pin down access to secrets matching dev-*.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"secretsmanager:GetResourcePolicy",
"secretsmanager:GetSecretValue",
"secretsmanager:DescribeSecret",
"secretsmanager:ListSecretVersionIds"
],
"Resource": [
"arn:aws:secretsmanager:us-west-2:111122223333:secret:dev-*",
]
}
]
}