Reconcile secrets immediately with Async Rotation!

Reconcile secrets immediately with Async Rotation!

Reconcile secrets immediately with Async Rotation!

At numerous events, in our community forums, and even on our Slack channels, we’ve heard a growing demand for a feature that gives users more control over how and when secrets are reconciled by the External Secrets Operator (ESO). Specifically, many of you have expressed the need to trigger a reconciliation of secrets based on external events rather than relying solely on the predefined refresh intervals. We listened, we’re excited to say that we are working on a new feature in the enterprise offering of External Secrets: Async Rotation (Immediate Synchronization).

Why Async Rotation?

The traditional ESO operates by periodically checking for updates to secrets and reconciling them at set intervals. While this approach works well for many use cases, it’s not always sufficient in environments where secrets need to be updated or rotated immediately in response to external triggers. For instance, think about an application that needs to rotate its credentials immediately after detecting a security event in the cloud, an automated workflow that responds to changes in external event logs, or just when the secret is changed in the secret vault.

With Async Rotation, one can force ESO to reconcile secrets immediately based on specific external events. This gives the user the power to ensure their applications are always using the most up-to-date secrets, without waiting for the next scheduled refresh. Previously, users had to implement custom solutions to integrate with ESO resources and manually force a reconcile. However, this approach meant that each organization was solving the problem differently, often consuming valuable engineering time. We are finally working on a streamlined solution to this.

The Value and Drawbacks of Async Rotation

The primary advantage of Async Rotation is the increased control and security it offers. In critical environments, where the timing of secret updates can be crucial, this feature ensures that your systems are strategically aligned with the latest changes. It also reduces the window of exposure for any potentially compromised secrets, as updates can be pushed immediately upon detecting an issue.

However, it’s important to acknowledge the potential drawbacks as well. For one, there’s the complexity of setting up and maintaining the triggers for Async Rotation. Depending on your environment and the tools you use, configuring these triggers could add a layer of complexity to your operations. Additionally, frequent, unplanned reconciliations could put extra load on your systems, especially if not managed carefully (We can help with that).

Beyond ESO: A Platform Vision

As we’ve been developing the enterprise version of External Secrets Inc., we’ve also been thinking about the broader ecosystem of tools and features that could be part of it. While ESO’s simplicity and ease of use have been key to its popularity, we recognize that enterprise environments often require more robust, feature-rich solutions. This is why we’re planning to implement a range of new features that extend beyond what the open-source version of ESO was designed to handle.

These features didn’t quite fit within the open-source project’s scope, primarily because they would have complicated the simplicity that made ESO so successful. But now, as we build out our enterprise offering, we have the freedom to create a more comprehensive platform that can serve a wider range of use cases. Alongside Async Rotation, you can expect more advanced capabilities and companion projects that together will form a holistic solution for secret management in enterprise environments.

Join Us in Shaping the Future

We’re incredibly excited about the potential of Async Rotation and the other features we have in the pipeline. But as always, your feedback is invaluable to us. We’d love for you to try out our free tier, which will include Async Rotation, and let us know how it works for you. Your insights will help us refine and perfect these new capabilities.

If you’re interested in shaping this feature further, please reach out to us. We’re eager to collaborate with our community to ensure that we’re meeting your needs and building the best possible tools for managing secrets in complex environments.

Together, we can continue to push the boundaries of what’s possible within the Secrets Management Space and build a platform that meets the evolving needs of modern enterprises. Thank you for your continued support and input—it’s what drives us to keep innovating!

blog-image
Cost-Effective Secrets Management: Optimizing AWS Parameter Store for Kubernetes

AWS Parameter Store is a feature part of Systems Manager that allows users to manage application parameters and configuration within AWS. While AWS Parameter Store is convenient for managing application parameters, it poses challenges when used within Kubernetes clusters, it does still have an inherent problem when using it within a Kubernetes Cluster. It is also one of the biggest Secret Store bases for external-secrets based on the open source documentation website.

blog-image
Kubernetes Secrets Replication with ESO

Replicating secrets across namespaces is a common challenge in Kubernetes environments, particularly when multiple applications require shared access to sensitive data like database credentials or API keys. While there are tools like Kyverno that can handle this, they often fall short in terms of synchronization and integration with external secret stores. In this guide, we’ll demonstrate how to use the External Secrets Operator (ESO) to achieve seamless replication of secrets across namespaces.

blog-image
Just in time rotation is out!

Our Just-in-Time Rotation feature is now live, and you can explore it for free on our platform! We shared our plans in a recent blog post: Async Rotation and after gathering feedback and listening to requests from our community and partners, we officially launched this feature with a focus on real-world use cases. Many organizations face the challenge of waiting for data to sync within a refresh interval. Just-in-Time Rotation solves this by ensuring that updated secrets are available immediately upon changes in the source of truth or triggered by supported event sources.

Join us for effortless Secrets Management

Sign Up