AWS Parameter Store is a feature part of Systems Manager that allows users to manage application parameters and configuration within AWS. While AWS Parameter Store is convenient for managing application parameters, it poses challenges when used within Kubernetes clusters, it does still have an inherent problem when using it within a Kubernetes Cluster. It is also one of the biggest Secret Store bases for external-secrets based on the open source documentation website.
Replicating secrets across namespaces is a common challenge in Kubernetes environments, particularly when multiple applications require shared access to sensitive data like database credentials or API keys. While there are tools like Kyverno that can handle this, they often fall short in terms of synchronization and integration with external secret stores. In this guide, we’ll demonstrate how to use the External Secrets Operator (ESO) to achieve seamless replication of secrets across namespaces.
Why should I care? This piece will be useful to you if you need to ensure that workloads in your cluster don’t have cluster-scoped access to resources, even if they are controllers that one would typically consider closer to the control plane than to individual workloads. You are probably looking for ways to configure external secrets management with namespace isolation or more specifically how to configure ESO (External Secrets Operator – external-secrets) through a namespaced approach.