I'm trying to enable AWS Secrets Manager in

flyte-binary

I've added this to my values.yaml:

configuration:
  inline:
    webhook:
      secretManagerType: "AWS"

Where do I put the AWS service account credentials? And may I specify different credentials on different project/environment combinations? I'd expect to have to put a list of credentials in somewhere, like this for each project/environment:

"AWS_ACCESS_KEY_ID": "some-value"
"AWS_SECRET_ACCESS_KEY": "some-value",
"AWS_DEFAULT_REGION": "some-value"

Thank you for taking a look.

i think the default env variables need to be updated, but i'm not very sure. @glamorous-carpet-83516 how to add the aws credentials to access the secret manager?

Thank you @tall-lock-23197, @glamorous-carpet-83516 do you have any notion where the AWS keys and region data should go? Thank you, kindly.

@fierce-match-73373

Where do I put the AWS service account credentials? And may I specify different credentials on different project/environment combinations?

This is possible but typically we'd use IRSA. For example. in this section of the FTHW tutorial, the chart is indicating an IAM role per domain. It could very well be a different role per domain/project

Oh, nice. I'm running everything on a local k3s cluster I setup with FTHW, which made me think I'd have to have the access key somewhere. Do I need the access key in there somewhere, or no? looks like what I want to do, but it assumes amazon eks, which I'm not planning to use (in favor of local k3s).

oh, nice. With on-prem you should use something like

kube2iam

to do IRSA. Have you tried adding the env vars under

inline:
    plugins:
      k8s:
        e
        default-env-vars:
          - AWS_ACCESS_KEY_ID: "value"
          - AWS_SECRET_ACCESS_KEY: "value"
          - AWS_DEFAULT_REGION: "value

?

Interestin! I have not attempted that, I would add those variables in along with using kube2iam?

without using kube2iam