At numerous events, in our community forums, and even on our Slack channels, we’ve heard a growing demand for a feature that gives users more control over how and when secrets are reconciled by the External Secrets Operator (ESO). Specifically, many of you have expressed the need to trigger a reconciliation of secrets based on external events rather than relying solely on the predefined refresh intervals. We listened, we’re excited to say that we are working on a new feature in the enterprise offering of External Secrets: Async Rotation (Immediate Synchronization).
Why Async Rotation?
The traditional ESO operates by periodically checking for updates to secrets and reconciling them at set intervals. While this approach works well for many use cases, it’s not always sufficient in environments where secrets need to be updated or rotated immediately in response to external triggers. For instance, think about an application that needs to rotate its credentials immediately after detecting a security event in the cloud, an automated workflow that responds to changes in external event logs, or just when the secret is changed in the secret vault.
With Async Rotation, one can force ESO to reconcile secrets immediately based on specific external events. This gives the user the power to ensure their applications are always using the most up-to-date secrets, without waiting for the next scheduled refresh. Previously, users had to implement custom solutions to integrate with ESO resources and manually force a reconcile. However, this approach meant that each organization was solving the problem differently, often consuming valuable engineering time. We are finally working on a streamlined solution to this.
The Value and Drawbacks of Async Rotation
The primary advantage of Async Rotation is the increased control and security it offers. In critical environments, where the timing of secret updates can be crucial, this feature ensures that your systems are strategically aligned with the latest changes. It also reduces the window of exposure for any potentially compromised secrets, as updates can be pushed immediately upon detecting an issue.
However, it’s important to acknowledge the potential drawbacks as well. For one, there’s the complexity of setting up and maintaining the triggers for Async Rotation. Depending on your environment and the tools you use, configuring these triggers could add a layer of complexity to your operations. Additionally, frequent, unplanned reconciliations could put extra load on your systems, especially if not managed carefully (We can help with that).
Beyond ESO: A Platform Vision
As we’ve been developing the enterprise version of External Secrets Inc., we’ve also been thinking about the broader ecosystem of tools and features that could be part of it. While ESO’s simplicity and ease of use have been key to its popularity, we recognize that enterprise environments often require more robust, feature-rich solutions. This is why we’re planning to implement a range of new features that extend beyond what the open-source version of ESO was designed to handle.
These features didn’t quite fit within the open-source project’s scope, primarily because they would have complicated the simplicity that made ESO so successful. But now, as we build out our enterprise offering, we have the freedom to create a more comprehensive platform that can serve a wider range of use cases. Alongside Async Rotation, you can expect more advanced capabilities and companion projects that together will form a holistic solution for secret management in enterprise environments.
Join Us in Shaping the Future
We’re incredibly excited about the potential of Async Rotation and the other features we have in the pipeline. But as always, your feedback is invaluable to us. We’d love for you to try out our free tier, which will include Async Rotation, and let us know how it works for you. Your insights will help us refine and perfect these new capabilities.
If you’re interested in shaping this feature further, please reach out to us. We’re eager to collaborate with our community to ensure that we’re meeting your needs and building the best possible tools for managing secrets in complex environments.
Together, we can continue to push the boundaries of what’s possible within the Secrets Management Space and build a platform that meets the evolving needs of modern enterprises. Thank you for your continued support and input—it’s what drives us to keep innovating!