Vyacheslav Gorbov
Reputation: 161
Migrating GKE Secrets to Secret Manager
I was wondering if there are any migration guides for migrating from GKE Secrets to the Secret Manager API?
Upvotes: 0
Views: 1067
Answers (2)
Gari Singh
Reputation: 12033
I'm not aware of any existing guides for doing this.
Basically, you'll need to
- recreate all of your secrets in Secret Manager
- modify your application code to use the Secrets Manager API to access the secrets
- ensure you have Workload Identity enabled for your cluster
- make sure your pod(s) use a identity with access to Secrets Manager.
- assuming everything above works, delete your existing Secrets
Upvotes: 1
かいぜん
Reputation: 361
By default, data in GKE secrets is stored in Base64 encoding, which is practically the same as plaintext. GCP Secret Manager are encrypted with Google-default encryption. With Google-default encryption, secret payloads are encrypted by keys managed by Google.
See this documentation.
Upvotes: 0
Related Questions
- Look up secrets from gcloud secrets manager directly as secretGenerator with kustomize
- Mount google secret manager secret to KubernetesPodOperator
- GKE Secrets OR Google Secret manager
- terraform create k8s secret from gcp secret
- Access secrets in GCP secret manager from PODs
- Using a database password stored in Google Secrets Manager from within a pod running in a GKE cluster
- kubernetes external secrets on GKE , Permission error
- Migration of GKE from Default to Shared VPC and Public to Private GKE CLuster
- How to get Kubernetes secret from one cluster to apply to another?
- Getting GKE secrets back even after deleting the KMS keys used for encryption