When I try to get the secrets by running the microservice on my machine it brings them up without problems, but when I dockerize the environment and run the microservice inside the container it gives me the following error: CredentialsProviderError: Could not load credentials from any providers
Will the same error appear if I deploy the application to an EKS service? I assume that the container will take the permissions of the context.
Anyone knows somethinga about this?
I tried deleting volumes and all the images and networks that I had locally, but I still can’t get the secrets inside the container with @aws-sdk/client-secrets-manager for Nodejs
2
Answers
After spending many hours testing I arrived at the solution, I must pass the AWS credentials to the local docker container so that it can consult the secret-manager regardless of whether it is running on a local authenticated machine, in EKS the context variables are passed to the container and the sdk detects that the connection is secure. Thanks for reading
AWS SDK is looking for credentials to authenticate in specific order:
https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/setting-credentials-node.html
In your case, it will not work by default in container. You need to pass somehow credentials into it (e.g. mount ~/.aws/ into container, pass credentials via env and so on).
Once you have it deployed to the EKS you have additional options, such as providing access via Service Account and IAM Role:
https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html