Parent: #584 Priority: Medium
Currently cluster config is stored in AWS Secrets Manager ({clusterName}/config). Consider migrating to AWS Systems Manager Parameter Store:
Advantages:
Lower cost (no per-secret pricing, free for standard parameters)
Simpler API for key-value config that isn't truly secret
Parameter Store supports hierarchical paths (/{clusterName}/config)
Better suited for non-sensitive metadata (cluster ARN, region, VPC ID)
What stays in Secrets Manager:
Keycloak passwords ({clusterName}/keycloak)
Any actual secrets (tokens, credentials)
Changes needed:
Update ClusterSecretStore to use Parameter Store provider
Update ExternalSecret dataFrom to use Parameter Store
Update Taskfile secrets-manager:seed to use aws ssm put-parameter
Update PlatformCluster composition (if seeding is automated via Automate spoke cluster Secrets Manager seeding via Crossplane composition #602
Update fleet-secret chart if key format changes
Update destroy task cleanup commands
Parent: #584
Priority: Medium
Currently cluster config is stored in AWS Secrets Manager (
{clusterName}/config). Consider migrating to AWS Systems Manager Parameter Store:Advantages:
/{clusterName}/config)What stays in Secrets Manager:
{clusterName}/keycloak)Changes needed:
dataFromto use Parameter Storesecrets-manager:seedto useaws ssm put-parameter