Just in time rotation is out!

Just in time rotation is out!

Just in time rotation is out!

Our Just-in-Time Rotation feature is now live, and you can explore it for free on our platform!

We shared our plans in a recent blog post: Async Rotation and after gathering feedback and listening to requests from our community and partners, we officially launched this feature with a focus on real-world use cases. Many organizations face the challenge of waiting for data to sync within a refresh interval. Just-in-Time Rotation solves this by ensuring that updated secrets are available immediately upon changes in the source of truth or triggered by supported event sources.

GCP-Diagram

Currently, our Just-in-Time Rotation feature integrates with:

  • AWS SQS (using AWS Secrets Manager and EventBridge)
  • Google Cloud Pub/Sub (with GCP Secret Manager and Log Router)
  • Azure Event Grid (with Azure Key Vault)

We also offer a generic Webhook provider, allowing you to configure it to listen to any payload that meets your needs. All of this is available on our free tier. Plus, we’re removing cluster limits! Use our free tier across as many clusters as you need and take advantage of all developer-focused features we release.

To simplify setup, we provide Terraform code for the essential infrastructure (e.g., CloudTrail, SQS, GCP Router) so you can get started quickly.

For the generic Webhook listener and Azure Event Grid, you’ll need to set up ingresses, allowing the Async Rotator Webhook in your cluster to be accessible by the event source (like Event Grid). Our documentation includes step-by-step guides for setting it up, (e.g. Azure Event Grid – log in to the platform to access). However, setup may vary based on your infrastructure — please reach out if you need any assistance!

We’re excited to attend KubeCon in Salt Lake City and can’t wait to connect with you! We’ll be showcasing our latest features, designed to integrate seamlessly with External Secrets OSS and our new enterprise offerings. Stop by to chat with us, share your feedback, and help us shape the future of secret management.

blog-image
Kubernetes Secrets Replication with ESO

Replicating secrets across namespaces is a common challenge in Kubernetes environments, particularly when multiple applications require shared access to sensitive data like database credentials or API keys. While there are tools like Kyverno that can handle this, they often fall short in terms of synchronization and integration with external secret stores. In this guide, we’ll demonstrate how to use the External Secrets Operator (ESO) to achieve seamless replication of secrets across namespaces.

blog-image
Just in time rotation is out!

Our Just-in-Time Rotation feature is now live, and you can explore it for free on our platform! We shared our plans in a recent blog post: Async Rotation and after gathering feedback and listening to requests from our community and partners, we officially launched this feature with a focus on real-world use cases. Many organizations face the challenge of waiting for data to sync within a refresh interval. Just-in-Time Rotation solves this by ensuring that updated secrets are available immediately upon changes in the source of truth or triggered by supported event sources.

blog-image
Isolating Secrets Management within Kubernetes Namespaces

Why should I care? This piece will be useful to you if you need to ensure that workloads in your cluster don’t have cluster-scoped access to resources, even if they are controllers that one would typically consider closer to the control plane than to individual workloads. You are probably looking for ways to configure external secrets management with namespace isolation or more specifically how to configure ESO (External Secrets Operator – external-secrets) through a namespaced approach.

Join us for effortless Secrets Management

Sign Up