Back to all posts

Announcing External Secrets Reloader

Gustavo Carvalho
Apr 2025
Open-source
Secrets
Launch
Our newest contribution to Open Source - External Secrets Reloader allows you to reload a given Kubernetes Object (ExternalSecrets, Deployments, Certificates) based on all sorts of external events!

Rotating credentials due to vulnerabilities is inevitable—and often a complex, manual process. We all know it, we’ve all been there.

At External Secrets Inc., we made that easier through Just-in-Time Rotation: a mechanism that allows various event sources to trigger a reconciliation loop in the External Secrets Operator. But until now, that capability was focused only on the operator itself.

After seeing broader operational needs arise—like rotating TLS certificates (which external-secrets typically doesn’t manage)—we realized it was time to go further.

So we’re excited to announce a new open source tool: External Secrets Reloader.

This is more than a rebrand of Just-in-Time Rotation. We’ve generalized the approach and added support for multiple destinations, so you can now patch various Kubernetes resources to force reconciliation loops—automatically and securely.

For example, you can now trigger a certificate renewal (e.g., cmctl renew <certificate-name> -n <namespace>) via a simple webhook call. This allows pipelines to securely initiate sensitive operations without granting CI/CD systems excessive privileges over your infrastructure.

With Reloader, you can:

  • Automatically refresh ClusterExternalSecrets when an underlying Secret is updated

  • Roll out Deployments or other workload resources based on upstream changes

  • Chain multiple actions together in response to a single event

🔗 How to Get Involved

We’re still setting up dedicated communication channels for the project, but in the meantime, you can:

❤️ Our Take on Open Source

As we shared in our very first blog post, open source is a foundational value at External Secrets Inc. We’re committed to transparency, community collaboration, and building tools that help the ecosystem at large.

We’re continuing to push the External Secrets Operator toward CNCF incubation while also investing in new tools — like Reloader — to support broader operational use cases.

You might ask: “Why is this still under the external-secrets-inc GitHub organization?” Simple answer: it's easier for now. But rest assured — as the community gets involved in maintaining Reloader, we're open (and happy!) to move it into a vendor-neutral home.

Back to all posts

Related posts

Kubernetes Secrets Replication with ESO

Nov 2024

Reconcile secrets immediately with Async Rotation!

Aug 2024

Register for a free audit

Curious how your team’s secret management process stacks up? Sign up for a free audit to see how you score for compliance, security, and cost efficiency.
Register for an audit