Developing applications which deliver rich experiences to users is unthinkable these days without using third party services. These services require authentication information to be used securely. This problem is multiplied by software development practices which involve creating separate environments with separate third party services. This results in an explosion of credentials and complicates their management.The external secrets operator aims to solve this issue by leveraging external secret managers like AWS Secret Manager to inject Kubernetes Secrets based on secret content stored outside the cluster.


- Secrets are refreshed from time to time allowing you to rotate secrets in your providers and still keep everything up to date inside your k8s cluster.
- Change the refresh interval of the secrets to match your needs. You can even make it 10s if you need to debug something (beware of API rate limits).
- For the AWS Backend we support both simple secrets and binfiles.
- You can get speciffic versions of the secrets or just get latest versions of them.
- If you change something in your ExternalSecret CR, the operator will reconcile it (Even if your refresh interval is big).
- AWS Secret Manager, Google Secret Manager and Gitlab backends supported currently!

Available now on GitHub