Skip to main content
Version: v4.8

Access native credentials through AWS Secrets Manager

You can add native credentials to your Helm 3 sidecar that are stored in AWS Secret Manager with just a few simple configuration steps.


  1. Configure SSO for the data repo
  2. Downloading a values.yaml from Cyral's Control Plane

Adding the AWS credentials to the sidecar

To add the AWS credentials to the sidecar, you need to add the values.yaml's aws section.

enabled: true
secretKey: <your secret key>
accesskeyId: <your access key id>

The credentials will be stored inside Kubernetes on a secret resource, and accessed from the sidecar through environment variables.

AWS credentials through an already existing secret

You can also specify an existing secret with the format:

apiVersion: v1
kind: Secret
AWS_SECRET_KEY: <your secret key>
AWS_ACCESS_KEY_ID: <your access key id>

and change the values.yaml file to contain this on its aws section:

enabled: true
existingSecret: <the secret name>