External Secrets Operator 0.6: Kubernetes Secret Management
K8s Guru
2 min read
Table of Contents
Introduction
External Secrets Operator 0.6 — Kubernetes Secret Management — was released on August 18, 2021.
Policy usually becomes urgent the first time you need to stop a risky manifest from shipping — or when you’re trying to make standards repeatable across teams.
In this release: External Secrets Operator 0.6 integrates external secret management systems with Kubernetes, providing secure, automated secret synchronization for cloud-native applications.
Provider Support Expansion
- Cloud provider integrations expand support for AWS Secrets Manager, Azure Key Vault, Google Secret Manager, and HashiCorp Vault.
- Secret store improvements enhance compatibility with additional secret management systems.
- Multi-provider support enables managing secrets from multiple external systems.
- Provider-specific features leverage unique capabilities of each secret store.
Security Enhancements
- Secret rotation support enables automatic synchronization of rotated secrets from external stores.
- Encryption improvements ensure secrets are encrypted at rest and in transit.
- RBAC integration provides fine-grained access control for secret management.
- Audit logging tracks all secret access and synchronization events.
Kubernetes Integration
- CRD support enables managing secrets as Kubernetes-native resources.
- Secret synchronization automatically keeps Kubernetes secrets in sync with external stores.
- Namespace isolation ensures secrets are scoped to appropriate namespaces.
- Label selectors enable flexible secret management based on resource labels.
Advanced Features
- Secret templating enables dynamic secret generation based on templates.
- Multi-secret support allows combining multiple external secrets into single Kubernetes secrets.
- Health checks monitor secret store connectivity and synchronization status.
- Metrics integration exposes secret synchronization metrics for Prometheus.
Getting Started
kubectl apply -f https://raw.githubusercontent.com/external-secrets/external-secrets/v0.6.0/deploy/crds/bundle.yaml
kubectl apply -f https://raw.githubusercontent.com/external-secrets/external-secrets/v0.6.0/deploy/charts/external-secrets/templates/rbac.yaml
kubectl apply -f https://raw.githubusercontent.com/external-secrets/external-secrets/v0.6.0/deploy/charts/external-secrets/templates/deployment.yaml
Create a SecretStore:
apiVersion: external-secrets.io/v1beta1
kind: SecretStore
metadata:
name: aws-secrets-manager
spec:
provider:
aws:
service: SecretsManager
region: us-west-2
auth:
jwt:
serviceAccountRef:
name: external-secrets-sa
Create an ExternalSecret:
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: my-secret
spec:
refreshInterval: 1h
secretStoreRef:
name: aws-secrets-manager
kind: SecretStore
target:
name: my-kubernetes-secret
creationPolicy: Owner
data:
- secretKey: password
remoteRef:
key: my-secret-key
property: password
Summary
| Aspect | Details |
|---|---|
| Release Date | August 18, 2021 |
| Headline Features | Enhanced provider support, improved security, better Kubernetes integration |
| Why it Matters | Integrates external secret management systems with Kubernetes, providing secure, automated secret synchronization |
External Secrets Operator 0.6 continues to evolve as the standard solution for secret management in Kubernetes, providing teams with secure integration with external secret stores.