Improve HA by pulling AWS SM secrets from a list of regions
andreidum opened this issue · 5 comments
Hello,
Given that AWS Secrets Manager supports secret replication it would be desirable if external-secrets can be configured to pull the secrets from a list of regions, which will improve availability.
Without this feature in place, what solutions are there for those who enable Secret Replication and want to mitigate against AWS Region failure?
This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 30 days.
Hello,
Any thoughts on this?
As far as I can tell the AWS sdk doesn't really handle this in any way.
But for actually switching the endpoint used you should be able to set AWS_SSM_ENDPOINT
environment variable, so in case of a region failure I would update this to point to a working region in which case KES should be able to continue working with secret manager. In case of a region failure you would probably need to update AWS_REGION
environment as well, unless its only secrets manager having issues.
This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 30 days.
This issue was closed because it has been stalled for 30 days with no activity.