Project repository

The AWS provider for the Secrets Store CSI Driver allows you to make secrets stored in Secrets Manager and parameters stored in Parameter Store appear as files mounted in Kubernetes pods.


Installing the Chart

Using Helm:

helm repo add aws-secrets-manager
helm install -n kube-system secrets-provider-aws aws-secrets-manager/secrets-store-csi-driver-provider-aws

Using YAML:

kubectl apply -n kube-system -f

Create the access policy

Follow the Usage guide.


The following table lists the configurable parameters of the csi-secrets-store-provider-aws chart and their default values.

Refer to doc for configurable parameters of the secrets-store-csi-driver chart.

Parameter Description Default
nameOverride String to override the name template with a string ""
fullnameOverride String to override the fullname template with a string ""
image.repository Image repository
image.pullPolicy Image pull policy IfNotPresent
image.tag Image tag 1.0.r2-6-gee95299-2022. (Updates frequently)
nodeSelector Node Selector for the daemonset on nodes {}
tolerations Tolerations for the daemonset on nodes []
port Liveness and readyness tcp probe port 8989
securityContext.privileged Privileged security context false
resources Resource limit for provider pods on nodes requests.cpu: 50m
requests.memory: 100Mi
limits.cpu: 50m
limits.memory: 100Mi
podLabels Additional pod labels {}
podAnnotations Additional pod annotations {}
updateStrategy Configure a custom update strategy for the daemonset on nodes RollingUpdate
rbac.install Install default service account true
  1. The CSI Secret Store driver runs as a DaemonSet, and as described in the AWS documentation, DaemonSet is not supported on Fargate.