IBM Cloud Global

Cloud Global

Our mission is to provide clients with an online user community of industry peers and IBM experts, to exchange tips and tricks, best practices, and product knowledge. We hope the information you find here helps you maximize the value of your IBM Cloud solutions.

 View Only

Secret group support in IBM Cloud Secrets Manager for Kubernetes and OpenShift Services

By THEODORA CHENG posted Fri July 08, 2022 12:30 PM

  
Secret groups are now supported in the IBM Cloud Secrets Manager integration for Kubernetes and OpenShift Services. You can create a secret group to organize secrets and control who has access to them.

Secret groups can be applied to your default Secrets Manager instances and are included as an option when you register or update a new default instance. After you set a secret group to a default instance, the changes are applied at the next certificate renewal. If you do not want to wait for the next scheduled certificate renewal, you can run the ibmcloud ks nlb-dns secret regenerate to manually start the certificate renewal and apply your secret group right away.

For more information about creating and managing secret groups, see Organizing your secrets in the Secrets Manager documentation. For more information about using Secrets Manager for Kubernetes and OpenShift services, see the Kubernetes service documentation.

View the commands below to see the new '--secret-group' command option.

Using the ibmcloud ks ingress instance register CLI api
ibmcloud ks ingress instance register
NAME:
register - Register an IBM Cloud Secrets Manager instance to a cluster.
USAGE:
ibmcloud ks ingress instance register --cluster CLUSTER --crn CRN [--is-default] [-q] [--secret-group GROUP]
PARAMETERS:
--cluster value, -c value Specify the cluster name or ID.
--crn value CRN of the IBM Cloud Secret Manager instance.
--is-default Persist the secret in the cluster so that it cannot be deleted.
--secret-group value Secret Group ID where the secrets are persisted of the IBM Cloud Secret Manager instance.
-q Do not show the message of the day or update reminders.

Using the ibmcloud ks ingress instance default set CLI api
ibmcloud ks ingress instance default set
NAME:
set - Set a registered IBM Cloud Secrets Manager instance as the default. If an existing default instance exists, it is unset.
USAGE:
ibmcloud ks ingress instance default set --cluster CLUSTER --name NAME [-q] [--secret-group GROUP]
PARAMETERS:
--cluster value, -c value Specify the cluster name or ID.
--name value The name of the registered IBM Cloud Secret Manager instance.
--secret-group value Secret Group ID where the secrets are persisted of the IBM Cloud Secret Manager instance.
-q Do not show the message of the day or update reminders.
0 comments
24 views

Permalink

https://community.ibm.com/community/user/blogs/theodora-cheng/2022/07/08/secret-group-support-in-ibm-cloud-secrets-manager