The Secrets Manager Kubernetes plug-in allows you to configure Key Management Service (KMS) Secrets Manager to store secrets. You can specify the names of secrets in Secrets Manager in the plug-in. The plug-in reads the latest versions of secret values from Secrets Manager at regular intervals and caches the secret values in Kubernetes clusters. This way, you can use dynamic secrets managed in Secrets Manager in the same manner as you use Kubernetes secrets.

If you use a self-managed Kubernetes cluster or an Alibaba Cloud Container Service for Kubernetes (ACK) cluster, you can use the following methods to integrate Secrets Manager with your cluster in a codeless manner:

  • Install the plug-in by using the ACK console
    1. Log on to the ACK console.
    2. In the left-side navigation pane, choose Marketplace > Marketplace.
    3. On the App Catalog tab of the Marketplace page, search for ack-secret-manager.
    4. Click ack-secret-manager to install the plug-in.
    Note You can also visit ack-secret-manager and install the plug-in.
  • Install the plug-in by visiting kubernetes-external-secrets
Note To protect the security of secrets read from Secrets Manager and other static secrets in your Kubernetes cluster, you can encrypt these secrets with a few clicks. The static secrets refer to system secrets. For more information, see Use KMS to encrypt Kubernetes Secrets at rest.