External Secrets Operator

External Secrets Operator is a Kubernetes operator that integrates external secret management systems like AWS Secrets Manager, HashiCorp Vault, Google Secrets Manager, Azure Key Vault.

The goal of External Secrets Operator is to synchronize secrets from external APIs into Kubernetes. ESO is a collection of custom API resources - ExternalSecret, SecretStore and ClusterSecretStore

‍

Architecture

Resource Model

Kubernetes Secrets integration with AWS Secrets Manager using External Secrets Operator (ESO)

‍

Step 1: Create a secret in AWS Secrets Manager

Step 2: Create an AWS IAM Policy and IAM Role

‍

IAM Policy

‍

Step-3 Install External-secrets on kubernetes cluster

External-secrets runs within your Kubernetes cluster as a deployment resource. It utilizes CustomResourceDefinitions to configure access to secret providers through SecretStore resources and manages Kubernetes secret resources with ExternalSecret resources.

‍

‍Install from chart repository

‍

Step-4 Create Service Account

‍

Step-5 Create SecretStore

Create a file 'basic-secret-store.yaml' with the following content.

‍

Step-6 Create ExternalSecret

Create a file 'basic-external-secret.yaml' with the following content.

‍

Step-7 Apply SecretStore and ExternalSecret

Once External Secret is created. It will fetch the secret value from secret manager and create Kubernetes secret in cluster. You can check the secret created and the value.