I have a simple web application running on my machine (Mac) using Docker. I want this application to load secrets from AWS Secret Manager. Does the application need to assume an IAM role to load the secret?
Also, I will eventually deploy this container to a self-managed Kubernetes cluster (no EKS/ECS). Is the process of loading secrets similar?
This is a Python fastAPI application, but examples in Spring Boot are welcomed. I'm more interested in the process.
There are more ways to Rome in this case, but one way might be:
When deploying to your own K8S cluster, you can also set the environment variables on the Pod (probably through something of a CI/CD pipeline).
The boto3
module knows a certain order in which it will try to authenticate itself, you can find more details here. Just make sure you name the environment variables correctly.