Secret Provider Classes

In order to use the Secrets Store CSI driver, you have to create a SecretProviderClass custom resource. The SecretProviderClass is a namespaced resource in Secrets Store CSI Driver that is used to provide driver configurations and provider-specific parameters to the CSI driver. It must be in the same namespace as the pod referencing it.

Create Service Provider Classes¶

Login into the Web Console as a Project Admin
Click on Integrations > Secret Provider Classes
Click New Secret Provider Class
Provide a Name, and select the secret defining type from the drop-down
Select the Provider AWS from the drop-down

Create Vault

Edit Secret Provider Class¶

On creating a secret provider class, click the Edit icon to add the required information

Wizard¶

On selecting the Wizard, enter the secret path and key details for Secret Configuration as shown in the below example. Optionally, select the AWS region of the secret available under the Advanced Settings to pull the secret from a specific region where the clusters use large numbers of pods

Create Vault

Enter the required secret object parameters as shown below and click Save. To know more about the secret objects, visit here

Create Vault

Click Save & Exit

Upload file Manually¶

On selecting the Upload file Manually, upload the yaml file and click Save & Exit

Create Vault

Pull from Repository¶

On selecting Pull from Repository, users are allowed to provide the repository name, revision, and yaml file path (git repo path)

Create Vault

Click Save & Exit

Users are allowed to share/unshare the existing Service Provider Class with one or more projects or none.

Share SPC

Secret Provider Classes

Create Service Provider Classes¶

Edit Secret Provider Class¶

Wizard¶

Upload file Manually¶

Pull from Repository¶

Share Service Provider Classes¶