Limited Time Offer!

For Less Than the Cost of a Starbucks Coffee, Access All DevOpsSchool Videos on YouTube Unlimitedly.
Master DevOps, SRE, DevSecOps Skills!

Enroll Now

External Secrets Operator Workflow

  1. Create Secret in External Service:
    • Store your secret (e.g. API keys, passwords) in a supported external service, such as AWS Systems Manager Parameter Store, ensuring it’s correctly secured with the proper permissions and encryption.
  2. Create ExternalSecret Object in Kubernetes:
    • Define an ExternalSecret object in your Kubernetes cluster specifying the details like the name of the external secret, the backend type, and the data keys to retrieve from the external service.
  3. External Secrets Operator Generates Kubernetes Secret:
    • The External Secrets Operator will synchronize the ExternalSecret with the external service and automatically create the corresponding Kubernetes Secret in the cluster.
  4. Use the Secret in Your Application:
    • Reference the generated Kubernetes Secret in your application’s deployment configurations allowing your application to access the secret values.

When using External Secrets Operator with Kubernetes, you typically do not manually create a Kubernetes Secret. Instead, the External Secrets Operator automatically generates the Kubernetes Secret based on the ExternalSecret object you define in your Kubernetes cluster.

The actual secret value is stored in an external service, like AWS Systems Manager Parameter Store, AWS Secrets Manager, Azure Key Vault, etc. So, before creating an ExternalSecret object in Kubernetes, you need to create and store your secret value in one of these supported external services, like Parameter Store, and properly configure the access permissions.

Use Cases of External Secrets Operator Using AWS and Kubernetes

You do not need to create a secret in Kubernetes before creating an ExternalSecret. The ExternalSecret object will create a Kubernetes Secret object for you.

You do need to create the ParameterStore in AWS before creating the ExternalSecret. The ExternalSecret object will use the ParameterStore to fetch the secret data.

Here is an example of the steps you would follow:

  1. Create a ParameterStore in AWS.
  2. Create an ExternalSecret object in Kubernetes.
  3. Reference the ParameterStore in the ExternalSecret object.
  4. ESO will fetch the secret data from the ParameterStore and create a Kubernetes Secret object containing the secret data.
Rajesh Kumar
Follow me
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x