Kubernetes operator that syncs values from external secret stores into Kubernetes Secrets
- Stars6.7k
- Forks1.3k
- Open Issues189
Apache-2.0
- Go
- Shell
- HCL
About External Secrets Operator
External Secrets Operator is a Kubernetes operator for using external secret management systems with Kubernetes. It reads secret data from external APIs and injects the values into Kubernetes Secrets, so workloads can consume Kubernetes-native secrets while the source data stays in an external secret manager.
Supported systems include AWS Secrets Manager, HashiCorp Vault, Google Secrets Manager, Azure Key Vault, IBM Cloud Secrets Manager, Akeyless, CyberArk Secrets Manager, Pulumi ESC, and more. The operator automates the flow from an external API into a Kubernetes Secret.
It runs inside the cluster as a controller and keeps Kubernetes Secrets in sync with their source, so values are refreshed when they change in the external store. Each release ships an SBOM and provenance file, and those artifacts are also attached to the container images for supply chain verification.
Key features
- Reads secret data from external APIs
- Automatically injects values into Kubernetes Secrets
- Integrates with AWS Secrets Manager, Vault, Google Secrets Manager, and Azure Key Vault
- Supports IBM Cloud Secrets Manager, Akeyless, CyberArk Secrets Manager, and Pulumi ESC
Details
- First released
- 2020
- Runtime
- Kubernetes operator
- Target
- Kubernetes Secret
- Providers
- AWS · Vault · Google · Azure
- More providers
- IBM Cloud · Akeyless · CyberArk · Pulumi ESC
- Release artifacts
- SBOM · provenance files