I'm following this guide. https://docs.aws.amazon.com/secretsmanager/latest/userguide/integrating_csi_driver.html
Using this we can only mount aws secret manager secrets in aws eks
Now applications like Django etc need those secrets as ENVIRONMENTAL VARIABLES. So how do I make available AWS secrets manager secrets in aws eks as pod environmental variables very Securely?
Also for applications which depend on secrets in environmental variables, Is making available sensitive secrets in ENVIRONMENTAL VARIABLES the only secure/advisable option?
Thanks
You can use the Secret Store CSI Driver for Secrets Manager to synchronize secrets in Secrets Manager with Kubernetes Secrets. Once the secrets are stored as Kubernetes secrets you can consume them as environment variables or mounts. It's "safer" to consume them as mounts because environment variables can leak in logs, configuration, etc. See https://secrets-store-csi-driver.sigs.k8s.io/topics/sync-as-kubernetes-secret.html and https://aws.amazon.com/blogs/security/how-to-use-aws-secrets-configuration-provider-with-kubernetes-secrets-store-csi-driver/ for additional information on how to configure the driver. If you don't want to use the CSI driver, you can use https://external-secrets.io/v0.8.1/.