{"id":56941,"date":"2023-03-29T09:30:21","date_gmt":"2023-03-29T04:00:21","guid":{"rendered":"https:\/\/www.tothenew.com\/blog\/?p=56941"},"modified":"2023-04-05T09:36:24","modified_gmt":"2023-04-05T04:06:24","slug":"how-to-access-your-aws-secret-manager-secrets-in-an-eks-cluster","status":"publish","type":"post","link":"https:\/\/www.tothenew.com\/blog\/how-to-access-your-aws-secret-manager-secrets-in-an-eks-cluster\/","title":{"rendered":"How to access your AWS Secret Manager secrets in an EKS cluster"},"content":{"rendered":"

How to access your AWS Secret Manager secrets in an EKS cluster<\/h1>\n

This blog will show how we can use AWS secret manager inside AWS EKS pods.<\/span><\/p>\n

You all know that almost every application has sensitive data like usernames and passwords. To secure such sensitive data, AWS provides two ways to store and manage application configuration data:<\/span><\/p>\n

    \n
  1. Secret Manager<\/span><\/li>\n
  2. Parameter Store<\/span><\/li>\n<\/ol>\n

    Both services allow encryption, CloudFormation, and versioning, But Parameter Store is not useful if secrets are centrally managed from another AWS account. If you want encryption, key rotation, and cross-account access of secrets, then you can go with AWS Secret Manager.<\/span>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\u00a0<\/span><\/p>\n

    Flow Diagram\u00a0<\/b><\/p>\n

    \"\"<\/p>\n

      \n
    1. The user makes a pod creation request to API server\u00a0<\/span><\/li>\n
    2. API Server requests Pod Scheduler in Control Plan to Schedule Pod to Node<\/span><\/li>\n
    3. Kubelet running on the node gets the request to create a pod. Kubelet scans the pod manifest file and finds the volume to be mounted using the CSI driver and calls the Secret CSI driver to mount the volume in the pod.<\/span><\/li>\n
    4. Then CSI Driver invokes the ASCP (AWS Secrets and Config Providers) to call Secrets Managers to get the secrets by API Call and ACSP uses the SecretProviderClass manifest file to find which secrets to be loaded and create the secrets files in the mounted volume.<\/span><\/li>\n<\/ol>\n

      Prerequisites\u00a0<\/b><\/p>\n

        \n
      • Existing EKS Cluster\u00a0<\/span><\/li>\n
      • Your secret is stored in the secret manager<\/span><\/li>\n
      • AWS CLI, eksctl, helm, and kubectl installed<\/span><\/li>\n<\/ul>\n

        Setup Guide<\/b><\/p>\n

          \n
        • Install CSI Driver\u00a0\u00a0<\/b><\/li>\n<\/ul>\n\n\n\n
          helm repo add secrets-store-csi-driver \\<\/b><\/p>\n

          \u00a0\u00a0https:\/\/kubernetes-sigs.github.io\/secrets-store-csi-driver\/charts<\/b><\/p>\n

          helm install -n kube-system csi-secrets-store \\<\/b><\/p>\n

          \u00a0\u00a0–set syncSecret.enabled=true \\<\/b><\/p>\n

          \u00a0\u00a0–set enableSecretRotation=true \\<\/b><\/p>\n

          \u00a0\u00a0secrets-store-csi-driver\/secrets-store-csi-driverAA<\/b><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

           <\/p>\n

            \n
          • Install ASCP Plugin<\/b><\/li>\n<\/ul>\n\n\n\n
            kubectl apply -f https:\/\/raw.githubusercontent.com\/aws\/secrets-store-csi-driver-provider-aws\/main\/deployment\/aws-provider-installer.yaml<\/b><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

             <\/p>\n

              \n
            • Check the DaemonSet for ASCP and CSI Driver in Kube-system Namespace<\/b><\/li>\n<\/ul>\n

              \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Note<\/b>: <\/b>Above two steps will deploy the daemon set for ASCP and CSI Driver<\/span><\/p>\n

              \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 To check the ASCP daemon set:<\/span><\/p>\n\n\n\n
              kubectl get daemonsets -n kube-system -l app=csi-secrets-store-provider-aws<\/b><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

              \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 To check the CSI Driver daemon set:<\/span><\/p>\n\n\n\n
              kubectl get daemonsets -n kube-system -l app.kubernetes.io\/instance=csi-secrets-Astore<\/b><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

               <\/p>\n

                \n
              • Create an AWS Secret Manager and Note down Secret arn<\/b><\/li>\n<\/ul>\n\n\n\n
                aws –region “us-east-1” secretsmanager \\<\/b><\/p>\n

                \u00a0\u00a0create-secret –name test-ritika \\Create an AWS Secret Manager and Note down Secret arn<\/b><\/p>\n

                \u00a0\u00a0–secret-string ‘{“username”:”foo”, “url”:”hello.com”}’<\/b><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

                 <\/p>\n

                  \n
                • Create an IAM policy\u00a0<\/b><\/li>\n<\/ul>\n

                  This policy will be attached to Kubernetes Service Account to allow access to Secret Manager. In place of the red highlighted part below, give the Secret ARN that we have just created.<\/span><\/p>\n\n\n\n
                  {Create an IAM policy\u00a0<\/b><\/p>\n

                  \u00a0\u00a0\u00a0\u00a0“Version”: “2012-10-17”,<\/b><\/p>\n

                  \u00a0\u00a0\u00a0\u00a0“Statement”: [<\/b><\/p>\n

                  \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0{<\/b><\/p>\n

                  \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0“Sid”: “”,<\/b><\/p>\n

                  \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0“Effect”: “Allow”,<\/b><\/p>\n

                  \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0“Action”: [<\/b><\/p>\n

                  \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0“secretsmanager:GetSecretValue”,<\/b><\/p>\n

                  \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0“secretsmanager:DescribeSecret”<\/b><\/p>\n

                  \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0],<\/b><\/p>\n

                  \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0“Resource”: “<\/b>SECRET_ARN<\/b>”\u00a0<\/b><\/p>\n

                  \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0}<\/b><\/p>\n

                  \u00a0\u00a0\u00a0\u00a0]<\/b><\/p>\n

                  }<\/b><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

                   <\/p>\n

                    \n
                  • Create a Service Account and attach the above policy\u00a0<\/b><\/li>\n<\/ul>\n

                    This Service Account gives your pods access to the Secret Manager with the previously created policy. Provide any name for your service account and add your policy arn in place of \u201cIAM_POLICY_ARN_SECRET\u201d.\u00a0<\/span><\/p>\n\n\n\n
                    eksctl create iamserviceaccount \\<\/span><\/p>\n

                    \u00a0\u00a0\u00a0\u00a0–region=”$AWS_REGION” –name “<\/span>$ServiceAccountName<\/span>”\u00a0 \\<\/span><\/p>\n

                    \u00a0\u00a0\u00a0\u00a0–cluster “$EKS_CLUSTERNAME” \\<\/span><\/p>\n

                    \u00a0\u00a0\u00a0\u00a0–attach-policy-arn “<\/span>$IAM_POLICY_ARN_SECRET<\/span>” –approve \\<\/span><\/p>\n

                    \u00a0\u00a0\u00a0\u00a0–override-existing-serviceaccounts<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

                    \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/b>OR<\/b><\/p>\n\n\n\n
                    apiVersion: v1Create an IAM policy\u00a0<\/span><\/p>\n

                    kind: ServiceAccount<\/span><\/p>\n

                    metadata:<\/span><\/p>\n

                    \u00a0\u00a0name:<\/span> $ServiceAccountName<\/span><\/p>\n

                    \u00a0\u00a0annotations:<\/span><\/p>\n

                    \u00a0\u00a0\u00a0\u00a0eks.amazonaws.com\/role-arn:<\/span> $IAM_POLICY_ARN_SECRET<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

                    \"\"<\/p>\n

                      \n
                    • Create SecretProviderClass\u00a0<\/b><\/li>\n<\/ul>\n

                       <\/p>\n

                      ASCP uses the below SecretProviderClass manifest file to find which secrets to be loaded and creates the secrets files in the mounted volume. <\/span>To use ASCP, we create Secret Provider Class to provide a few more details of how we will retrieve the secrets from AWS Secret Manager or Parameter Store.\u00a0<\/span><\/p>\n

                      Note:<\/strong> The Secret Provider Class must be in the same namespace as the pod referencing it. You can pass the namespace under the metadata block.<\/span><\/p>\n

                      SecretProviderClass.yaml<\/b>:<\/span><\/p>\n

                      [Note: Follow the below indentation as shown in the image.]<\/span>\"\"<\/p>\n

                      Apply the below command to create secretproviderclass.<\/span><\/p>\n\n\n\n
                      kubectl apply -f <\/span>SecretProviderClass.yaml<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

                      The output indicates the resource (spa) was created successfully.<\/span><\/p>\n

                      \"\"<\/p>\n\n\n\n
                      apiVersion: secrets-store.csi.x-k8s.io\/v1<\/span><\/p>\n

                      kind: SecretProviderClass<\/span><\/p>\n

                      metadata:<\/span><\/p>\n

                      \u00a0\u00a0name: spc<\/span><\/p>\n

                      spec:<\/span><\/p>\n

                      \u00a0\u00a0provider: aws<\/span><\/p>\n

                      \u00a0\u00a0parameters:<\/span><\/p>\n

                      \u00a0\u00a0\u00a0\u00a0objects: |<\/span><\/p>\n

                      \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0– objectName: “test-ritika”<\/span><\/p>\n

                      \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0objectType: “secretsmanager”<\/span><\/p>\n

                      \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0jmesPath:<\/span><\/p>\n

                      \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0– path: username<\/span><\/p>\n

                      \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0objectAlias: <\/span>dbusername<\/b><\/p>\n

                      \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0– path: url<\/span><\/p>\n

                      \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0objectAlias: <\/span>db_url<\/b><\/p>\n

                      \u00a0\u00a0# Create k8s secret. It requires volume mount first in the pod and then sync.<\/span><\/p>\n

                      \u00a0\u00a0secretObjects:<\/span><\/p>\n

                      \u00a0\u00a0\u00a0\u00a0– secretName: secrets<\/span><\/p>\n

                      \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0type: Opaque<\/span><\/p>\n

                      \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0data:<\/span><\/p>\n

                      \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#- objectName: <objectName> or <objectAlias><\/span><\/p>\n

                      \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0– objectName: <\/span>dbusername<\/b><\/p>\n

                      \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0key: username<\/span><\/p>\n

                      \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0– objectName: <\/span>db_url<\/b><\/p>\n

                      \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Key: password<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

                       <\/p>\n

                        \n
                      • spc<\/b>: <\/b>name for a secret provider class\u00a0<\/span><\/li>\n
                      • aws: <\/b>name of cloud provider\u00a0<\/span><\/li>\n
                      • test-ritika<\/b>: <\/b>name of aws secret manager\u00a0<\/span><\/li>\n
                      • secretsmanager: <\/b>name of secret store aws service\u00a0<\/span><\/li>\n
                      • username,url: <\/b>name of secret manager variables which you want to store in a pod as an env variable<\/span><\/li>\n
                      • dbusername,db_url: <\/b>alias name for secret manager variable through which we can call env variable in pod.\u00a0<\/span><\/li>\n
                      • secrets: <\/b>name of k8s secrets, this will CSI driver automatically create after applying deployment.yaml<\/span><\/li>\n
                      • Under data block: <\/span>dbusername: <\/b>Alias name\u00a0 and\u00a0\u00a0username: <\/b>key name of secretsCreate Deployment manifest :<\/b><\/li>\n<\/ul>\n\n\n\n
                        kind: Service<\/span><\/p>\n

                        apiVersion: v1Create Deployment manifest :<\/span><\/p>\n

                        metadata:<\/span><\/p>\n

                        \u00a0\u00a0name: nginx-deployment<\/span><\/p>\n

                        \u00a0\u00a0labels:<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0app: nginx<\/span><\/p>\n

                        spec:<\/span><\/p>\n

                        \u00a0\u00a0selector:<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0app: nginx<\/span><\/p>\n

                        \u00a0\u00a0ports:<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0– protocol: TCP<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0port: 80<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0targetPort: 80<\/span><\/p>\n

                        —<\/span><\/p>\n

                        apiVersion: apps\/v1<\/span><\/p>\n

                        kind: Deployment<\/span><\/p>\n

                        metadata:<\/span><\/p>\n

                        \u00a0\u00a0name: nginx-deployment<\/span><\/p>\n

                        \u00a0\u00a0labels:<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0app: nginx<\/span><\/p>\n

                        spec:<\/span><\/p>\n

                        \u00a0\u00a0replicas: 1<\/span><\/p>\n

                        \u00a0\u00a0selector:<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0matchLabels:<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0app: nginx<\/span><\/p>\n

                        \u00a0\u00a0template:<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0metadata:<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0labels:<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0app: nginx<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0spec:<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0serviceAccountName: <\/span>$ServiceAccountName<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0volumes:<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0– name: secrets-store-inline<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0csi:<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0driver: secrets-store.csi.k8s.io<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0readOnly: true<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0volumeAttributes:<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0secretProviderClass: “spc”<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0containers:<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0– name: nginx-deployment<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0image: nginx<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0ports:<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0– containerPort: 80<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0volumeMounts:<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0– name: secrets-store-inline<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0mountPath: “\/mnt\/secrets-store”<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0readOnly: true<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0env:<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0– name: rds_user<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0valueFrom:<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0secretKeyRef:<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0name: secrets<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0key: username<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0– name: rds_url<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0valueFrom:<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0secretKeyRef:<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0name: secrets<\/span><\/p>\n

                        \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0key: password<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

                        Create a pod with the below command\u00a0<\/span><\/p>\n\n\n\n
                        kubectl apply -f <\/span>deployment.yaml<\/span><\/p>\n

                        kubectl get pods<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

                        \"\"<\/p>\n

                          \n
                        • After applying the above manifest, we should be able to get our AWS Secrets\u2019 content directly from env var rds_username and rds_url:<\/b><\/li>\n<\/ul>\n

                          \"\"<\/p>\n\n\n\n
                          kubectl exec -it <NAME OF THE POD> — env | grep rds_username<\/span><\/p>\n

                          kubectl exec -it <NAME OF THE POD> — env | grep rds_url<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

                           <\/p>\n

                          <\/div>","protected":false},"excerpt":{"rendered":"

                          How to access your AWS Secret Manager secrets in an EKS cluster This blog will show how we can use AWS secret manager inside AWS EKS pods. You all know that almost every application has sensitive data like usernames and passwords. To secure such sensitive data, AWS provides two ways to store and manage application […]<\/p>\n","protected":false},"author":1435,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":165},"categories":[4308,2348],"tags":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/56941"}],"collection":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/users\/1435"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/comments?post=56941"}],"version-history":[{"count":8,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/56941\/revisions"}],"predecessor-version":[{"id":57050,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/56941\/revisions\/57050"}],"wp:attachment":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/media?parent=56941"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/categories?post=56941"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/tags?post=56941"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}