Secrets management has always been a complex and critical aspect of cloud-native environments. As organizations increasingly rely on APIs and automation, managing the secure distribution of sensitive information has only become more challenging.
When External Secrets Operator was created and later donated to the CNCF in 2022, our goal was clear: to simplify the process of managing secrets across multiple providers. We wanted to give users a unified interface to handle sensitive data effortlessly. Features like PushSecret were introduced to further streamline the distribution and management of secrets, making it easier for teams to secure their operations.
Yet, despite these advancements, the project only tackles a very specific topic inside the Secrets Management space, and we noticed that many enterprises continue to struggle with effectively managing their secrets. Organizations often deal with fragmented systems, duplicate data, and unclear access controls of this data. This leads to confusion over who has access to critical information, when it was accessed, and how to respond to security incidents. Password rotation, a fundamental security practice, is frequently postponed because it disrupts operations—especially in larger organizations where the complexity multiplies.
This is why we decided to launch External Secrets Inc. Our company is focused on solving these pressing issues. We want to bring to our customers what External Secrets Operator brought to Kubernetes - simplicity. By doing so, we hope to transform secret orchestration from a potential vulnerability into a robust component of your security strategy.
Neutral Ground
As we build this company, we are deeply committed to maintaining the principles that guided the creation of the External Secrets Operator. We understand the trust that the open-source community has placed in us, and we want to make it clear: our goal is not to monopolize or restrict the tools and resources that have been freely available to developers and enterprises. Instead, we aim to enhance and expand these tools, providing additional value through enterprise-grade features and support, while ensuring that the community-driven projects remain robust and accessible. External Secrets Operator will always live under CNCF, and CNCF protects all projects under its belt (no license changes, always open source, and community driven).
The Venture Capital Firm Backing Us (OCV)
Our efforts are backed by Open Core Ventures (OCV), a venture capital firm that believes in the power of open-source technology to transform industries. OCV has a strong track record of supporting companies that build on open-source foundations, helping them scale while staying true to their roots. With OCV’s support, we are well-positioned to take External Secrets to the next level, offering enterprise solutions that meet the rigorous demands of modern IT environments. OCV being the one to back us is important as their open source posture is aligned with ours as we can see with their initiative called OPBC charter. In general, companies in their portfolio are part of that charter that safeguards projects licenses and legally binds companies to a commitment to open source, including a series of objectives for meeting this open source commitment.
What exactly we want this company to solve
I will start by saying what we don’t plan to do: We don’t want to develop yet another secret store system. By stating this upfront, we commit to working with all existing solutions—both in terms of compatibility and collaboration with their teams—because we don’t see them as competitors.
Our goal is to be the glue, the orchestration layer for secret management in your environments. That is our ambitious goal, but before that, we will start small by offering a managed service of ESO with enterprise-grade features like automatic updates, enterprise features like async rotation, vulnerability management, FIPS-compliant images, and dedicated support. From there, we’ll evolve into a comprehensive platform that enables you to distribute, control, observe, and report on every secret source or destination, ensuring compliance, policy adherence, and reasonable secret access management across all environments—Kubernetes or otherwise.
But the future is “secretless”
We agree with that statement, to an extent. We also wish for a “secretless” future, where credentials are entirely managed by context-aware identity systems, but that’s utopic in most cases. The whole idea behind starting this company was to support organizations struggling with Secrets Management, many of which are far from that reality. We believe managing sensitive data should be straightforward and dependable, whether it’s with temporary credentials or long-term secrets (vendor licenses and similar long lived credentials), whether its modern cloud native or legacy environments.