You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
IBM Cloud Kubernetes and IBM Cloud Secrets Manager integration sample
This example shows an end-to end-integration of IBM Cloud Kubernetes and IBM Cloud Secrets Manager.
Create an IBM Cloud Secrets Manager instance through the resource controller.
Set up service-to-service authorization through IAM.
Register the Secrets Manager instance to the IBM Cloud Kubernetes cluster.
Create secrets in Secrets Manager.
In the cluster, create a persistent Opaque secret that is backed by the CRN of the secrets in Secrets Manager.
Inputs
Name
Description
Type
Default
Required
ibmcloud_api_key
IBM Cloud API key
string
false
true
name
A name for the resource instance.
string
trial
true
plan
The plan type of the service.
string
false
true
location
Target location or environment to create the resource instance. (Forces new resource.)
string
false
true
secrets_manager_instance_id
Secrets Manager Instance GUID
string
false
true
region
Secrets Manager Instance region
string
us-south
true
description
An extended description of your secret group.To protect your privacy, do not use personal data, such as your name or location, as a description for your secret group.
string
false
true
cluster
Name or id of the cluster.
string
false
true
instance_crn
The instance secrets will be created in.
string
false
true
instance_id
Secrets Manager Instance GUID
string
false
true
endpoint_type
Secrets manager endpoint type
string
public
true
description
An extended description of your secret group.To protect your privacy, do not use personal data, such as your name or location, as a description for your secret group.
string
false
true
expiration_date
The date a secret is expired. The date format follows RFC 3339.
string
false
true
labels
Labels that you can use to search for secrets in your instance.Up to 30 labels can be created.
list(string)
false
true
secret_group_id
A v4 UUID identifier, or default secret group.
string
false
true
username
The username that is assigned to the secret.
string
false
true
password
The password that is assigned to the secret.
string
false
true
payload
The arbitrary secret's data payload.
string
false
true
secret_name
The name of the opaque secret in the cluster.
string
false
true
secret_namespace
The namespace of the opaque secret in the cluster.