Posted by Jeremy Hess
October 12, 2022
As companies grow, systems expand and security requirements change. Many smaller organizations find that using something like Kubernetes Secrets is good enough for them. However, as we know, Kubernetes secrets are only base64 encoded and not really as secure as standard encryption.
As a company grows, it now has a security team that decides it’s time to make secrets more secure in the organization. When they choose an external secrets management platform such as Akeyless, the question becomes, “How do we seamlessly enable our third-party secret manager to work without refactoring the underlying code already in place?”
About the External Secrets project
External Secrets Operator (ESO) is an open source project that is aimed at making it easy to “synchronize secrets from external APIs into Kubernetes.” This project was built to make it easy for companies to bring their secrets from external secrets management tools and inject them into Kubernetes Secrets.
But why would you want to inject your secrets into Kubernetes Secrets?
Why use External Secrets
As mentioned in the introduction, organizations that are already using Kubernetes Secrets for their credential management need a more secure method for storing and managing the full lifecycle of their secrets with strong encryption. That is why the External Secrets Operator for Kubernetes was created.
But more than that, many companies that have already put in a lot of effort to work with Kubernetes Secrets for their current environment and don’t want to change their workflows which can be anything from updating small components within automation to large scale refactoring of code.
So the basic idea here is that as the organization starts to deal with many services and environments, keeping track of secrets, access, new service onboarding, and rotation can be quite cumbersome. It’s best to let a full-fledged secrets management platform take care of these for you.
Akeyless Provider for External Secrets
The last piece of the puzzle is integrating with your actual external platform in order to synchronize the secrets and have them injected into Kubernetes as needed. For this, users or organizations can build their Provider for ESO to interact with.
As you might have guessed, our team has contributed to ESO and has created the Akeyless Provider to easily inject your Akeyless secrets into Kubernetes Secrets.
Feel free to give it a try and let us know what you think!
DevOps SecurityThe Akeyless gateway serves as protection between your private network and the cloud. Equipped with caching and zero-knowledge encryption capabilities, the Akeyless gateway is the powerhouse of the Akeyless SaaS platform.
Using GitHub Securely: Best Practices & What to Watch Out ForDevelopers on public GitHub leak over 5,000 API keys or credentials every day. Learn best practices to avoid credential breaches on GitHub.
What’s in a Secret? Best Practices for Static, Rotated and Dynamic SecretsSecrets are ranked as the leading cause of data breaches. Combat this by learning how to best use static, rotated, and dynamic secrets.