I am trying to implement a caching for the secrets stored in aws KMS, using this blog post.
Locally when I test the code, the script runs fine. At the moment I am unsure if it fetches from KMS or use credentials from ~/.aws
folder. But when I push the code to kubernetes cluster and try to test their I get the error no identity based policy allows the secretsmanager:DescribeSecret action
Can somebody please help how to resolve this error.
CodePudding user response:
It is probably because your local code is using your ~/.aws credentials, which have rights to describe secrets secretsmanager:DescribeSecret
.
Check if the permissions given to your kubernetes cluster have rights to describe secrets secretsmanager:DescribeSecret