Unlocking the Power of Terraform for Kubernetes Secret Management with IBM Cloud Kubernetes Service and Secrets Manager

4:27 am
July 19, 2023

In this blog post, we will explore how to leverage Terraform on IBM Cloud to create and manage secrets by integrating IBM Cloud Kubernetes Service with IBM Cloud Secrets Manager.

Previously, users could manage TLS and non-TLS certificates and secrets through the CLI using the namespace “ibmcloud ks ingress secret.” By utilizing the Secrets Manager secret CRNs, users can now create an “Ingress secret” resource in their Kubernetes cluster, which automatically synchronizes any updates made to the secrets within the Secrets Manager instance.

Architecture and Behavior

The IBM Cloud Kubernetes Service handles the creation of Ingress secrets as follows:

  1. Users need an existing IBM Cloud Secrets Manager instance and IBM Cloud Kubernetes Service instance.
  2. Users register the Secrets Manager instance to synchronize the secret CRNs between the Secrets Manager secret and Ingress secret(s).
  3. Users create an IBM Cloud Kubernetes Ingress secret, which can be an Opaque or TLS secret, along with a Secrets Manager CRN. This establishes a correlation between the secret CRN and ClusterID/SecretName/SecretNamespace in the cloud.
  4. IBM Cloud Kubernetes Service fetches the Secrets Manager secret via the CRN.
  5. IBM Cloud Kubernetes Service creates a corresponding Kubernetes secret in the cluster using the values from the CRN(s).
  6. IBM Cloud Kubernetes Service ensures that the secrets remain in sync with the Secrets Manager secret CRN.


The integration of IBM Cloud Kubernetes Service and IBM Cloud Secrets Manager offers several benefits:

  • Seamless creation and management of Secrets Manager secrets with built-in autorotation for enhanced security.
  • Effortless provision of Kubernetes secrets using the secret CRN of any Secrets Manager instance, ensuring consistent and reliable secret management.
  • Automatic synchronization and persistence of secrets within the Kubernetes cluster, eliminating the need for manual updates and reducing the risk of outdated secrets.
  • Easy tracking and monitoring of expiration dates for timely rotation and prevention of security vulnerabilities.
  • Control over access to secrets through the creation of secret groups, enhancing application security.

Hands-on Example

The blog post provides a detailed example of integrating IBM Cloud Kubernetes and IBM Cloud Secrets Manager using a Terraform script. The sample allows users to provision a Secrets Manager instance, register it to an IBM Cloud Kubernetes Service, and create managed IBM Cloud Kubernetes Ingress secrets backed by Secrets Manager secrets. The full sample code can be found on the example’s GitHub repository.


To follow the example, users will need the following prerequisites:

– IBM Cloud Secrets Manager instance
– IBM Cloud Kubernetes Service instance

Implementing the Terraform Script

The blog post outlines the steps involved in implementing the Terraform script:

  1. Create an IBM Cloud Secrets Manager instance
  2. Set up service-to-service authorization through IAM
  3. Register the Secrets Manager instance to the IBM Cloud Kubernetes Service cluster
  4. Create secrets in Secrets Manager and enable automatic rotation
  5. Create a persistent Opaque secret in the cluster using the CRNs of the secrets in Secrets Manager

Creating the Infrastructure

The blog post provides step-by-step instructions on creating the necessary infrastructure using the Terraform script:

  1. Run “terraform init”
  2. Copy the “main.tf” and “output.tf” files from the example repository
  3. Create a “.tfvars” file and fill in the required variables
  4. Run “terraform plan -var-file=<file_name>”
  5. Create the resources with “terraform apply -var-file=<file_name>”

Verifying Created Resources

Once the resources are created, users can verify them in the IBM Cloud Dashboard. They can navigate to the created Secrets Manager instance to view the created secrets and to the IBM Cloud Kubernetes Service to view the Opaque secret.

Contact Us

The blog post concludes by encouraging users to expand and tailor the approach to fit their use case. Users can engage the IBM team via Slack for further support and join the discussion in the #general channel on the public IBM Cloud Kubernetes Service Slack.


1. Can Terraform be used with any version of IBM Cloud Kubernetes Service?

Terraform can be used with any version of IBM Cloud Kubernetes Service.

2. Are there any additional costs associated with utilizing Terraform for Kubernetes secret management with IBM Cloud?

There are no additional costs for utilizing Terraform with IBM Cloud Kubernetes Service and Secrets Manager. However, users should refer to IBM Cloud pricing for any costs associated with using the services.

3. Can the Terraform script be customized to fit specific requirements?

Yes, the Terraform script provided in the example can be customized to fit specific requirements by modifying the variables and resources.


More in this category ...

12:46 pm September 22, 2023

Biometric Verification: Exploring the Future of Identity Authentication

8:45 am September 22, 2023

Exploring the Pros and Cons of Decentralized Social Media Platforms

8:43 am September 22, 2023

The Significance of AI Skill Building and Partner Innovation Highlighted at IBM TechXchange

5:02 am September 22, 2023

Binance CEO and Exchange Seek Dismissal of SEC Lawsuit

Featured image for “Binance CEO and Exchange Seek Dismissal of SEC Lawsuit”
4:43 am September 22, 2023

Blockchain in Drug Supply Chain: Enhancing Transparency and Reducing Counterfeit Medications

12:41 am September 22, 2023

Data Privacy and Security: Ensuring Trust in the Age of Data Sharing

12:24 am September 22, 2023

Uniswap Introduces Uniswap University in Partnership with Do DAO

10:14 pm September 21, 2023

VeChain Launches VeWorld, a Self-Custody Wallet For Enterprise-Focused L1 Blockchain

9:02 pm September 21, 2023

Galaxy Digital Announces Expansion Plans in Europe

8:37 pm September 21, 2023

The Role of Blockchain in Enhancing Transparency in Government Contracts

7:03 pm September 21, 2023

Bitcoin Shorts Accumulate on Binance and Deribit, Potential Squeeze on the Horizon?

Featured image for “Bitcoin Shorts Accumulate on Binance and Deribit, Potential Squeeze on the Horizon?”
6:41 pm September 21, 2023

ASTR Price Surge Following Bithumb Listing, but Gains Trimmed

5:31 pm September 21, 2023

Tether Expands into AI with $420 Million Purchase of Cloud GPUs

4:32 pm September 21, 2023

Demystifying Blockchain Technology: A Primer for Logistics Professionals

4:07 pm September 21, 2023

Understanding the Difference Between Spear Phishing and Phishing Attacks

3:07 pm September 21, 2023

Chancer Surpasses $2.1 Million in Presale Funds Following First Product Update

12:47 pm September 21, 2023

Alchemy Pay Obtains Money Transmitter License in Arkansas, Expanding Global Presence

12:30 pm September 21, 2023

Blockchain-based Prediction Markets: Ensuring Transparency and Fairness

9:03 am September 21, 2023

Phishing Scam Nets Scammer $4.5M in USDT from Unsuspecting Victim

Featured image for “Phishing Scam Nets Scammer $4.5M in USDT from Unsuspecting Victim”
8:29 am September 21, 2023

Smart Contracts and Blockchain: Revolutionizing Intellectual Property Management

7:50 am September 21, 2023

Empowering AI at the Edge with Foundational Models

6:57 am September 21, 2023

Australian regulator ASIC sues Bit Trade, the Kraken subsidiary, for non-compliance with design and distribution requirements

4:28 am September 21, 2023

Transforming the Traditional Supply Chain with Artificial Intelligence

12:27 am September 21, 2023

Navigating the World of Regulated Digital Asset Exchanges: Key Considerations for Investors

11:33 pm September 20, 2023

IBM Partnership with ESPN and Eli Manning: AI-Powered Insights for Fantasy Football

11:04 pm September 20, 2023

BlackRock’s Reported Consideration of XRP as Bitcoin Alternative Sparks Debate

Featured image for “BlackRock’s Reported Consideration of XRP as Bitcoin Alternative Sparks Debate”
10:35 pm September 20, 2023

Cardano Price Stagnates as Bears Maintain Control

9:23 pm September 20, 2023

CHANCER Presale Price Expected to Reach $0.013 as Rollbit Coin Drops 21% in a Week

8:25 pm September 20, 2023

Demystifying Privacy Protocols: How Blockchains are Revolutionizing Data Privacy

8:13 pm September 20, 2023

Cryptocurrency Update: Dogecoin and Polkadot Price Analysis