Frequently Asked Questions

Product Information & Use Cases

What is Akeyless and what does it do?

Akeyless is a cloud-native secrets management platform designed for enterprise DevOps teams. It provides secure access management and centralized secrets management, including credentials, certificates, and keys. The platform is easy to set up and scale, offers integrations for various use cases, and comprehensive logs for troubleshooting and auditability. Learn more.

How does Akeyless help manage Argo CD secrets in Kubernetes?

Akeyless integrates with the Kubernetes External Secrets Operator (ESO) to securely manage secrets in GitOps workflows using Argo CD. The ESO enables Kubernetes clusters to store and manage sensitive data outside the cluster, making it available to applications. Argo CD syncs ExternalSecret manifests from Git to create resources in the cluster, while the ESO controller fetches secrets from Akeyless and creates Kubernetes secret resources. This approach avoids hardcoding secrets in code and supports automated, scalable secret management. See documentation.

What problems does Akeyless solve for DevOps and Kubernetes teams?

Akeyless addresses several key challenges: the Secret Zero Problem (secure authentication without storing initial access credentials), legacy secrets management inefficiencies, secrets sprawl, standing privileges and access risks, high operational costs, and integration complexity. By centralizing secrets management, automating credential rotation, and supporting out-of-the-box integrations, Akeyless helps teams scale securely and efficiently. See case studies.

Features & Capabilities

What are the key features of Akeyless?

Akeyless offers vaultless architecture, Universal Identity (solving the Secret Zero Problem), Zero Trust Access with granular permissions and Just-in-Time access, automated credential rotation, centralized secrets management, cloud-native SaaS deployment, and out-of-the-box integrations with tools like AWS IAM, Azure AD, Jenkins, Kubernetes, and Terraform. See feature overview.

What integrations does Akeyless support?

Akeyless supports a wide range of integrations, including identity providers (Akeyless OIDC, Okta SAML Auth, Ping Identity), configuration management (Ansible, Chef, Puppet), dynamic secrets (AWS JIT Access, Azure AD JIT Access), authentication methods (Auth0, AWS IAM), key management (AWS KMS, Azure KMS), log forwarding (Splunk, Sumo Logic), rotated secrets, CI/CD tools (Jenkins, TeamCity, Azure DevOps, Terraform), certificate management (Cert Manager, Venafi), SDKs (Python, Ruby, C# .NET Core), telemetry (Prometheus), and event forwarding (ServiceNow, Slack). Full list of integrations.

Does Akeyless offer an API?

Yes, Akeyless provides a comprehensive API for its platform, including API Keys for secure authentication. API documentation is available at docs.akeyless.io/docs.

Where can I find technical documentation for Akeyless?

Akeyless offers extensive technical documentation, including platform overviews, password management, Kubernetes secrets management, AWS integration, PKI-as-a-Service, and more. Access all resources at docs.akeyless.io and tutorials.akeyless.io/docs.

Security & Compliance

How does Akeyless ensure security and compliance?

Akeyless adheres to international standards such as ISO 27001, SOC 2 Type II, PCI DSS, and GDPR. It holds certifications including ISO 27001, FIPS 140-2, and CSA STAR. The platform uses patented encryption technologies, enforces Zero Trust Access, and provides audit and reporting tools for compliance. Visit the Akeyless Trust Center for more details.

What security and compliance certifications does Akeyless have?

Akeyless holds several certifications: ISO 27001, SOC 2 Type II, FIPS 140-2, PCI DSS, and CSA STAR. These certifications demonstrate Akeyless's commitment to security and regulatory compliance. See Trust Center.

Implementation & Ease of Use

How long does it take to implement Akeyless and how easy is it to start?

Akeyless can be deployed in just a few days due to its SaaS-native architecture, requiring no infrastructure management. For specific use cases like deploying in OpenShift, setup can be completed in less than 2.5 minutes. The platform offers self-guided product tours, demos, tutorials, and 24/7 support to ensure a smooth onboarding experience. Try the product tour.

What feedback have customers shared about the ease of use of Akeyless?

Customers consistently praise Akeyless for its ease of use and seamless integration. For example, Conor Mancone (Cimpress) noted, "We set Akeyless up 9 months ago and we haven’t had to worry about credential rotation or leakage. All of our software just works—it’s been a really smooth, really easy process." Shai Ganny (Wix) said, "The simplicity of Akeyless has enhanced our operations and given us the confidence to move forward securely." Read Cimpress case study, Wix testimonial.

Support & Training

What customer support and training resources are available for Akeyless users?

Akeyless provides 24/7 customer support via ticket submission, email ([email protected]), and Slack. Proactive assistance is available for upgrades and troubleshooting. Users can access self-guided product tours, platform demos, tutorials, and comprehensive technical documentation. For unresolved issues, an escalation procedure is available. Submit a support ticket.

Industries & Use Cases

Which industries and roles benefit most from Akeyless?

Akeyless serves IT security professionals, DevOps engineers, compliance officers, and platform engineers across technology, finance, retail, manufacturing, and cloud infrastructure sectors. Case studies include companies like Wix (technology), Progress (cloud storage), Constant Contact (web development), and Cimpress (printing and mass customization). See industry case studies.

Can you share specific customer success stories using Akeyless?

Yes, Akeyless has several published case studies: Constant Contact scaled in a multi-cloud, multi-team environment; Cimpress transitioned from Hashi Vault to Akeyless for enhanced security; Progress saved 70% of maintenance and provisioning time; Wix adopted Akeyless for centralized secrets management and Zero Trust Access. Constant Contact, Cimpress, Progress, Wix video.

Competition & Comparison

How does Akeyless compare to HashiCorp Vault?

Akeyless offers a vaultless, cloud-native SaaS architecture, reducing infrastructure complexity and operational overhead compared to HashiCorp Vault's self-hosted model. It provides advanced security features like Universal Identity, Zero Trust Access, and automated credential rotation, with faster deployment and easier scalability. See comparison.

How does Akeyless compare to AWS Secrets Manager?

Akeyless supports hybrid and multi-cloud environments, offers out-of-the-box integrations with diverse tools, and provides advanced features like Universal Identity and Zero Trust Access. It also offers significant cost savings and better integration across environments compared to AWS Secrets Manager, which is limited to AWS. See comparison.

How does Akeyless compare to CyberArk Conjur?

Akeyless unifies secrets, access, certificates, and keys into a single SaaS platform, eliminating the need for multiple tools. It offers advanced security measures like Zero Trust Access and vaultless architecture, reducing operational complexity and costs compared to traditional PAM solutions like CyberArk Conjur. See comparison.

Business Impact

What business impact can customers expect from using Akeyless?

Customers can expect enhanced security, operational efficiency, cost savings (up to 70% in maintenance and provisioning time), scalability across multi-cloud and hybrid environments, regulatory compliance, and improved employee productivity. These impacts are supported by published case studies and customer testimonials. Read Progress case study.

Skip to content

Join our Episode Series: Identity Security – Unleashed for the AI Era →

Back
  1. Home
  2. Resources
  3. Blog
  4. Managing Argo CD Secrets with Akeyless

Managing Argo CD Secrets with Akeyless

managing-argocd-secrets

Posted by Joyce Ling
April 5, 2023

Welcome to our Akeyless on Akeyless series, where we discuss how the DevOps team at Akeyless uses Akeyless to take secrets management to the next level. In this article, we discuss how to securely manage Argo CD Secrets.

When speaking with Lior Hasson, the Head of DevOps at Akeyless, we uncovered an Akeyless use case that got him particularly excited: the integration with External Secrets Operator to securely handle Kubernetes secrets using GitOps and Argo CD. 

In this post, we will look into which options the Akeyless DevOps team considered, and, ultimately, what solution they landed on to secure Kubernetes secrets in a GitOps workflow using Argo CD and the External Secrets Operator.

The Problem with Secrets Management Using GitOps

GitOps uses Git as the single source of truth to deploy changes, and ensures the system is always in the desired state.

Using Git as the source of truth can have a variety of benefits:

  • There is better compliance and auditability, because any changes to infrastructure are tracked in version control.
  • The system stays more consistent over time, as GitOps tools like Argo CD constantly compare the system to the source of truth, making sure that any erroneous changes are self-healed.
  • Deployment is faster because delivery and deployment is automated, avoiding manual mistakes and integrating seamlessly with CI/CD pipeline deployments.

Despite all these benefits, there’s one critical question that arises when infrastructure is maintained with version control: What about secrets?

In Kubernetes, containers need to both securely store and access secrets in order to function. The approach with least resistance is to store secrets in the code itself. However, this isn’t the best approach, as hard-coding secrets in code increases risk of a breach. In using Argo CD, a popular tool for implementing GitOps, Lior knew he had to find a better approach to handle secrets within Kubernetes.

At first, the team handled secrets by manually encrypting and decrypting secrets. However, this quickly grew unsustainable as the Kubernetes infrastructure grew. They looked into other solutions for handling Kubernetes secrets, like Sealed Secrets, but found that it didn’t have the performance and flexibility necessary at scale.

Ultimately, Lior and his team went with the Kubernetes External Secrets Operator because it was flexible, and allowed the team to integrate Akeyless with ArgoCD.

Managing ArgoCD Secrets with the Kubernetes External Secrets Operator

The Kubernetes External Secrets Operator (ESO) enables a Kubernetes cluster to securely store and manage sensitive data outside of it while making the data available to applications running within it. It integrates with secret management systems like Akeyless.

argocd-secrets-diagram

This is how the External Secrets Operator (ESO) works in conjunction with Akeyless and ArgoCD:

As discussed previously, Argo CD is the GitOps tool that monitors for any changes in Git. It then implements the desired application state, which is defined in Kubernetes manifests. In the case pictured above, Argo CD syncs the ExternalSecret manifest from a Git repo to create an ExternalSecret resource inside the Kubernetes cluster (1).

The ESO Controller inspects the configuration of the synced ExternalSecret to determine which SecretStore to use and the path in the external API (Secrets Manager e.g. Vault) where the secret is located (2).

In the below example of a ExternalSecret manifest, you can see that it points to the akeyless-secret-store under secretStoreRef. It also designates a path that tells the ESO Controller where to access a particular secret within Akeyless.

argocd-secrets-externalsecret-yaml

In (3), the Controller then queries the SecretStore for the credentials required to access the external API. The SecretStore is another manifest that determines how to access the secret manager of your choice. In this case, it’s Akeyless. 

In the below code example of a SecretStore manifest, you can see the name of the defined SecretStore is akeyless-secret-store. This is what the ExternalSecret snippet above is referring to. You can see the details that allow the ESO Controller to access Akeyless in the secretRef section. 

argocd-secrets-secretstore-yaml

Now, the ESO Controller has all the ingredients necessary to get the secret it needs, including:

  1. How to access the external secret manager
  2. Where to find the secret

With both ingredients, you can see in (4) that the ESO fetches the secret(s) from the secrets manager at the path declared in the ExternalSecret.

Finally, in (5), the ESO Controller creates and syncs an actual Kubernetes secret resource inside the cluster.

Syncing Argo CD Secrets with Akeyless

If you choose, you can configure your Argo CD app to automatically sync with your ExternalSecret manifests. Argo CD will pick up these changes and reflect them in the cluster. To create new Kubernetes secrets, push additional ExternalSecret manifests to the repository path Argo CD is monitoring.

The ESO controller can monitor Akeyless at regular intervals for changes in secret values, updating the corresponding cluster secret values. The ESO controller will check for updates at the interval you set in the ExternalSecret manifest.

For a step-by-step on how to use the External Secrets Operator with Akeyless, check out our online documentation.

About Akeyless

Akeyless is a born-in-the-cloud secrets management platform for enterprise DevOps teams. Easy to set up and scale, it has integrations for every use case and comprehensive logs for troubleshooting and auditability. 

Ready to learn more about Akeyless? Get a custom demo today at akeyless.io.

Never Miss an Update

The latest news and insights about Secrets Management,
Akeyless, and the community we serve.

 

Ready to get started?

Discover how Akeyless simplifies secrets management, reduces sprawl, minimizes risk, and saves time.

Book a Demo
Subscribe to Newsletter
  • PrivilegedAccessManagement(PAM)_BestSupport_Enterprise_QualityOfSupport
  • PrivilegedAccessManagement(PAM)_HighPerformer_Enterprise_HighPerformer
  • PrivilegedAccessManagement(PAM)_EasiestAdmin_Enterprise_EaseOfAdmin
  • PrivilegedAccessManagement(PAM)_UsersMostLikelyToRecommend_Nps

© 2025 AKEYLESS. All rights reserved