Hi! I am planning to use Pulumi ESC for managing s...
# getting-started
w
Hi! I am planning to use Pulumi ESC for managing secrets in my Pulumi project. Some of the secrets I need currently exist as Kubernetes Secrets in a cluster. Is there a way to integrate Kubernetes Secrets directly into Pulumi ESC? If not, are there any suggested workarounds for pulling secrets from Kubernetes and syncing them into ESC environments? Any advice or examples would be really helpful — thanks!
l
I see the ESO allows Kubernetes to access ESC as a secrets store. But you want the opposite?
w
Yes I want do the opposite. Load the secrets stored in Kubernetes into Pulumi ESC
l
And are the secrets declared in Pulumi IaC? You could use
fn::open::pulumi-stacks
.
That wouldn't work if the Kubernetes secrets are unmanaged, or if their values can change after deployment.
Ah here's something: it looks like you can use ESO as a secrets provider in ESC, and ESO can get secrets from a store of type
ClusterSecretStore
. https://www.pulumi.com/docs/esc/integrations/kubernetes/external-secrets-operator/ https://external-secrets.io/latest/provider/pulumi/ (section Creating a ClusterSecretStore).
s
Hi Rushali, thanks for reaching out. Let me make sure I understand correctly, You are looking to use your secrets defined as Kubernetes Secrets in a cluster with ESC in order to use them elsewhere? Or are you trying to being able to pull those secrets from ESC into your cluster? On both cases I think you should be able to use the external secrets operator as suggested above... for the former case, I think you can use PushSecrets
w
Yes I am looking for solution for the former case. The resources you shared are quite helpful! Thank you so much!
🙌 1