Skip to content

Secret Provider Classes

In order to use the Secrets Store CSI driver, you have to create a SecretProviderClass custom resource. The SecretProviderClass is a namespaced resource in Secrets Store CSI Driver that is used to provide driver configurations and provider-specific parameters to the CSI driver. It must be in the same namespace as the pod referencing it.

Create Service Provider Classes

  • Login into the Web Console as a Project Admin
  • Click on Integrations > Secret Provider Classes
  • Click New Secret Provider Class
  • Provide a Name, and select the secret defining type from the drop-down
  • Select the Provider AWS from the drop-down

Create Vault

Edit Secret Provider Class

On creating a secret provider class, click the Edit icon to add the required information


On selecting the Wizard, enter the secret path and key details for Secret Configuration as shown in the below example. Optionally, select the AWS region of the secret available under the Advanced Settings to pull the secret from a specific region where the clusters use large numbers of pods

Create Vault

Enter the required secret object parameters as shown below and click Save. To know more about the secret objects, visit here

Create Vault

Click Save & Exit

Upload file Manually

On selecting the Upload file Manually, upload the yaml file and click Save & Exit

Create Vault

Pull from Repository

On selecting Pull from Repository, users are allowed to provide the repository name, revision, and yaml file path (git repo path)

Create Vault

Click Save & Exit

Share Service Provider Classes

Users are allowed to share/unshare the existing Service Provider Class with one or more projects or none.

Share SPC