Replicating secrets across namespaces is a common challenge in Kubernetes environments, particularly when multiple applications require shared access to sensitive data like database credentials or API keys. While there are tools like Kyverno that can handle this, they often fall short in terms of synchronization and integration with external secret stores. In this guide, we’ll demonstrate how to use the External Secrets Operator (ESO) to achieve seamless replication of secrets across namespaces.
Our Just-in-Time Rotation feature is now live, and you can explore it for free on our platform! We shared our plans in a recent blog post: Async Rotation and after gathering feedback and listening to requests from our community and partners, we officially launched this feature with a focus on real-world use cases. Many organizations face the challenge of waiting for data to sync within a refresh interval. Just-in-Time Rotation solves this by ensuring that updated secrets are available immediately upon changes in the source of truth or triggered by supported event sources.
Why should I care? This piece will be useful to you if you need to ensure that workloads in your cluster don’t have cluster-scoped access to resources, even if they are controllers that one would typically consider closer to the control plane than to individual workloads. You are probably looking for ways to configure external secrets management with namespace isolation or more specifically how to configure ESO (External Secrets Operator – external-secrets) through a namespaced approach.
We’re excited to announce the launch of our Free-tier! With it, you can leverage the External Secrets Inc. Agent to manage deployments of the External Secrets Operator, streamlining secrets management across your cloud-native infrastructure. Our platform includes: Enterprise Distribution of External Secrets Operator: Pre-configured with enterprise-exclusive providers. Automatic Image Updates: Ensure your deployments stay up-to-date with configurable policies for image management. Namespace and Cluster Scope Management without RBAC Hassle: Easily control and monitor ExternalSecretsOperator deployments without complicated RBAC configurations.
At numerous events, in our community forums, and even on our Slack channels, we’ve heard a growing demand for a feature that gives users more control over how and when secrets are reconciled by the External Secrets Operator (ESO). Specifically, many of you have expressed the need to trigger a reconciliation of secrets based on external events rather than relying solely on the predefined refresh intervals. We listened, we’re excited to say that we are working on a new feature in the enterprise offering of External Secrets: Async Rotation (Immediate Synchronization).
Secrets management has always been a complex and critical aspect of cloud-native environments. As organizations increasingly rely on APIs and automation, managing the secure distribution of sensitive information has only become more challenging. When External Secrets Operator was created and later donated to the CNCF in 2022, our goal was clear: to simplify the process of managing secrets across multiple providers. We wanted to give users a unified interface to handle sensitive data effortlessly.