kes icon indicating copy to clipboard operation
kes copied to clipboard
verified publisher icon minio

Make endpoint config optional in AWS secrets-manager keystore config

Open derSascha opened this issue 1 year ago • 3 comments

The AWS SDK contains a set of pre-configured endpoints. Make the endpoint config optional, and let the SDK decide what endpoint should be used. This fixes #495. See #495 about more details.

Maybe we should make the region optional too. Both can be autoconfigured by the SDK.

derSascha avatar Dec 17 '24 15:12 derSascha

Tested with IRSA on EKS with a config like this:

  keystore:
    aws:
      secretsmanager:
        region: us-east-1
        kmskey: arn:aws:kms:us-east-1:...

derSascha avatar Dec 17 '24 15:12 derSascha

@aead @shtripat any chance to look into this? Changes in this pull-request are comparable small

derSascha avatar Jan 31 '25 09:01 derSascha

Rebased on the current master. @aead @shtripat any chance to merge this? It's only a minimalistic change in the config parser/validator

derSascha avatar Apr 23 '25 11:04 derSascha