External Secrets Operator 0.10: Kubernetes Secret Management Evolution

Introduction

External Secrets Operator 0.10, released on August 28, 2023, is most relevant if you’re hardening clusters without turning every deploy into a support ticket. The real value is in rollout safety: tighter controls with fewer false positives, clearer policy outcomes, and smoother day-2 response when something is blocked.

Secret Management Improvements

• Sync improvements provide faster and more reliable secret synchronization.
• Refresh mechanisms enable automatic secret updates from external systems.
• Validation enhancements ensure secrets meet security requirements before use.
• Rotation capabilities enable automatic secret rotation and updates.

Provider Support

1. AWS Secrets Manager improvements expand support for AWS secret management.
2. Azure Key Vault enhancements provide better integration with Azure secrets.
3. HashiCorp Vault improvements enable better Vault integration and authentication.
4. GCP Secret Manager support expands cloud provider coverage.

Security Features

• RBAC integration provides fine-grained permissions for secret operations.
• Encryption enhancements ensure secrets are encrypted at rest and in transit.
• Audit logging tracks all secret access and synchronization events.
• Secret rotation capabilities enable automatic secret rotation.

Getting Started

helm repo add external-secrets https://charts.external-secrets.io
helm install external-secrets external-secrets/external-secrets

Create a SecretStore:

apiVersion: external-secrets.io/v1beta1
kind: SecretStore
metadata:
  name: aws-secrets
spec:
  provider:
    aws:
      service: SecretsManager
      region: us-east-1
      auth:
        jwt:
          serviceAccountRef:
            name: external-secrets-sa

Summary

External Secrets Operator 0.10 provides teams with comprehensive secret management capabilities with improved provider support and security.