External Secrets Inc. is launched!

External Secrets Inc. is launched!
Launch

External Secrets Inc. is launched!

Lucas Severo Alves, Gustavo Carvalho | 20 Aug, 2024 | 4 min read

Secrets management has always been a complex and critical aspect of cloud-native environments. As organizations increasingly rely on APIs and automation, managing the secure distribution of sensitive information has only become more challenging.

When External Secrets Operator was created and later donated to the CNCF in 2022, our goal was clear: to simplify the process of managing secrets across multiple providers. We wanted to give users a unified interface to handle sensitive data effortlessly. Features like PushSecret were introduced to further streamline the distribution and management of secrets, making it easier for teams to secure their operations.

Yet, despite these advancements, the project only tackles a very specific topic inside the Secrets Management space, and we noticed that many enterprises continue to struggle with effectively managing their secrets. Organizations often deal with fragmented systems, duplicate data, and unclear access controls of this data. This leads to confusion over who has access to critical information, when it was accessed, and how to respond to security incidents. Password rotation, a fundamental security practice, is frequently postponed because it disrupts operations—especially in larger organizations where the complexity multiplies.

This is why we decided to launch External Secrets Inc. Our company is focused on solving these pressing issues. We want to bring to our customers what External Secrets Operator brought to Kubernetes - simplicity. By doing so, we hope to transform secret orchestration from a potential vulnerability into a robust component of your security strategy.

Neutral Ground

As we build this company, we are deeply committed to maintaining the principles that guided the creation of the External Secrets Operator. We understand the trust that the open-source community has placed in us, and we want to make it clear: our goal is not to monopolize or restrict the tools and resources that have been freely available to developers and enterprises. Instead, we aim to enhance and expand these tools, providing additional value through enterprise-grade features and support, while ensuring that the community-driven projects remain robust and accessible. External Secrets Operator will always live under CNCF, and CNCF protects all projects under its belt (no license changes, always open source, and community driven).

The Venture Capital Firm Backing Us (OCV)

Our efforts are backed by Open Core Ventures (OCV), a venture capital firm that believes in the power of open-source technology to transform industries. OCV has a strong track record of supporting companies that build on open-source foundations, helping them scale while staying true to their roots. With OCV’s support, we are well-positioned to take External Secrets to the next level, offering enterprise solutions that meet the rigorous demands of modern IT environments. OCV being the one to back us is important as their open source posture is aligned with ours as we can see with their initiative called OPBC charter. In general, companies in their portfolio are part of that charter that safeguards projects licenses and legally binds companies to a commitment to open source, including a series of objectives for meeting this open source commitment.

What exactly we want this company to solve

I will start by saying what we don’t plan to do: We don’t want to develop yet another secret store system. By stating this upfront, we commit to working with all existing solutions—both in terms of compatibility and collaboration with their teams—because we don’t see them as competitors.

Our goal is to be the glue, the orchestration layer for secret management in your environments. That is our ambitious goal, but before that, we will start small by offering a managed service of ESO with enterprise-grade features like automatic updates, enterprise features like async rotation, vulnerability management, FIPS-compliant images, and dedicated support. From there, we’ll evolve into a comprehensive platform that enables you to distribute, control, observe, and report on every secret source or destination, ensuring compliance, policy adherence, and reasonable secret access management across all environments—Kubernetes or otherwise.

But the future is “secretless”

We agree with that statement, to an extent. We also wish for a “secretless” future, where credentials are entirely managed by context-aware identity systems, but that’s utopic in most cases. The whole idea behind starting this company was to support organizations struggling with Secrets Management, many of which are far from that reality. We believe managing sensitive data should be straightforward and dependable, whether it’s with temporary credentials or long-term secrets (vendor licenses and similar long lived credentials), whether its modern cloud native or legacy environments.

blog-image
Secrets ,Agent ,Features ,Guide ,Namespace isolation ,Oss ,External secrets
Isolating Secrets Management within Kubernetes Namespaces
15 Oct, 2024|5 min read

Why should I care? This piece will be useful to you if you need to ensure that workloads in your cluster don’t have cluster-scoped access to resources, even if they are controllers that one would typically consider closer to the control plane than to individual workloads. You are probably looking for ways to configure external secrets management with namespace isolation or more specifically how to configure ESO (External Secrets Operator – external-secrets) through a namespaced approach.

blog-image
Launch ,Async rotator ,Announcements ,Agent
Introducing the Free-Tier of our Product!
07 Oct, 2024|2 min read

We’re excited to announce the launch of our Free-tier! With it, you can leverage the External Secrets Inc. Agent to manage deployments of the External Secrets Operator, streamlining secrets management across your cloud-native infrastructure. Our platform includes: Enterprise Distribution of External Secrets Operator: Pre-configured with enterprise-exclusive providers. Automatic Image Updates: Ensure your deployments stay up-to-date with configurable policies for image management. Namespace and Cluster Scope Management without RBAC Hassle: Easily control and monitor ExternalSecretsOperator deployments without complicated RBAC configurations.

blog-image
Secrets ,Async rotation ,Features
Reconcile secrets immediately with Async Rotation!
30 Aug, 2024|4 min read

At numerous events, in our community forums, and even on our Slack channels, we’ve heard a growing demand for a feature that gives users more control over how and when secrets are reconciled by the External Secrets Operator (ESO). Specifically, many of you have expressed the need to trigger a reconciliation of secrets based on external events rather than relying solely on the predefined refresh intervals. We listened, we’re excited to say that we are working on a new feature in the enterprise offering of External Secrets: Async Rotation (Immediate Synchronization).

Join us for effortless Secrets Management

Sign Up