Aws Secrets Manager Trait

The Secrets Manager trait can be used to use secrets from AWS Secrets Manager

The AWS Secrets Manager trait is disabled by default.

For more information about how to use secrets from AWS Secrets Manager take a look at the components docs: AWS Secrets Manager component

A sample execution of this trait, would require the following trait options: -t aws-secrets-manager.enabled=true -t aws-secrets-manager.access-key="aws-access-key" -t aws-secrets-manager.secret-key="aws-secret-key" -t aws-secrets-manager.region="aws-region"

To enable the automatic context reload on secrets updates you should define the following trait options: -t aws-secrets-manager.enabled=true -t aws-secrets-manager.access-key="aws-access-key" -t aws-secrets-manager.secret-key="aws-secret-key" -t aws-secrets-manager.region="aws-region" -t aws-secrets-manager.context-reload-enabled="true" -t aws-secrets-manager.refresh-enabled="true" -t aws-secrets-manager.refresh-period="30000" -t aws-secrets-manager.secrets="test*"

This trait is available in the following profiles: Kubernetes, Knative, OpenShift.

Configuration

Trait properties can be specified when running any integration with the CLI:

$ kamel run --trait aws-secrets-manager.[key]=[value] --trait aws-secrets-manager.[key2]=[value2] integration.yaml

The following configuration options are available:

Property Type Description

aws-secrets-manager.enabled

bool

Can be used to enable or disable a trait. All traits share this common property.

aws-secrets-manager.auto

bool

Enables automatic configuration of the trait.

aws-secrets-manager.access-key

string

The AWS Access Key to use. This could be a plain text or a configmap/secret The content of the aws access key is expected to be a text containing a valid AWS access key. Syntax: [configmap|secret]:name[/key], where name represents the resource name, key optionally represents the resource key to be filtered (default key value = aws-access-key).

aws-secrets-manager.secret-key

string

The AWS Secret Key to use. This could be a plain text or a configmap/secret The content of the aws secret key is expected to be a text containing a valid AWS secret key. Syntax: [configmap|secret]:name[/key], where name represents the resource name, key optionally represents the resource key to be filtered (default key value = aws-secret-key).

aws-secrets-manager.region

string

The AWS Region to use

aws-secrets-manager.use-default-credentials-provider

bool

Define if we want to use the Default Credentials Provider chain as authentication method

aws-secrets-manager.context-reload-enabled

bool

Define if we want to use the Camel Context Reload feature or not

aws-secrets-manager.refresh-enabled

bool

Define if we want to use the Refresh Feature for secrets

aws-secrets-manager.refresh-period

string

If Refresh is enabled, this defines the interval to check the refresh event

aws-secrets-manager.secrets

string

If Refresh is enabled, the regular expression representing the secrets we want to track