<h3 id="heading-kubernetes-secret-to-aws-secret-manager">Kubernetes Secret to AWS Secret Manager</h3>
<p>AWS SecretManager requires the secrets to be in decoded format. However, Kubernetes Secrets are encoded in base64 and require conversion. We can use <code>jq</code> to do this for us.</p>
<p>Once the secrets are decoded, we can pass this key-value pair to AWS CLI to create a Secret Manager object.</p>
<pre><code class="lang-bash">kubectl get secret app-config -o jsonpath=<span class="hljs-string">'{.data}'</span> | jq -r <span class="hljs-string">'reduce to_entries[] as {$key, $value} (null; .[$key] = ($value|@base64d))'</span> &gt; secret.json

aws secretsmanager create-secret --name app-config --secret-string file://secret.json
</code></pre>
<h3 id="heading-aws-secret-manager-to-kubernetes-secret">AWS Secret Manager to Kubernetes Secret</h3>
<p>AWS CLI can fetch decoded secrets from Secret Manager. However, <code>kubectl</code> requires the secrets to be in <code>env</code> format if there are plenty of them. Once again, we can use <code>jq</code> to map them in <code>env</code> like and later this <code>env</code> file can be used to create the Kubernetes Secret.</p>
<pre><code class="lang-bash">aws secretsmanager get-secret-value --secret-id app-config | jq -r <span class="hljs-string">'.SecretString | fromjson | to_entries[] | "(.key)=(.value)"'</span> &gt; secret.env

kubectl create secret generic app-config --from-env-file=secret.env
</code></pre>


### Kubernetes Secret to AWS Secret Manager

AWS SecretManager requires the secrets to be in decoded format. However, Kubernetes Secrets are encoded in base64 and require conversion. We can use `jq` to do this for us.

Once the secrets are decoded, we can pass this key-value pair to AWS CLI to create a Secret Manager object.

```bash
kubectl get secret app-config -o jsonpath='{.data}' | jq -r 'reduce to_entries[] as {$key, $value} (null; .[$key] = ($value|@base64d))' > secret.json

aws secretsmanager create-secret --name app-config --secret-string file://secret.json
```

### AWS Secret Manager to Kubernetes Secret

AWS CLI can fetch decoded secrets from Secret Manager. However, `kubectl` requires the secrets to be in `env` format if there are plenty of them. Once again, we can use `jq` to map them in `env` like and later this `env` file can be used to create the Kubernetes Secret.

```bash
aws secretsmanager get-secret-value --secret-id app-config | jq -r '.SecretString | fromjson | to_entries[] | "(.key)=(.value)"' > secret.env

kubectl create secret generic app-config --from-env-file=secret.env
```

Minhaz's Blog

Minhaz's Blog

Conversion between AWS Secrets Manager and Kubernetes Secrets

Kubernetes Secret to AWS Secret Manager

AWS Secret Manager to Kubernetes Secret