Skip to content

Using External Secrets Operator with Akeyless Secrets Orchestration

As companies grow, systems expand and security requirements change. Many smaller organizations find that using something like Kubernetes Secrets is good enough for them. However, as we know, Kubernetes secrets are only base64 encoded and not really as secure as standard encryption.

As a company grows, it now has a security team that decides it’s time to make secrets more secure in the organization. When they choose an external secrets management platform such as Akeyless, the question becomes, “How do we seamlessly enable our third-party secret manager to work without refactoring the underlying code already in place?”

About the External Secrets project

External Secrets Operator (ESO) is an open source project that is aimed at making it easy to “synchronize secrets from external APIs into Kubernetes.” This project was built to make it easy for companies to bring their secrets from external secrets management tools and inject them into Kubernetes Secrets.

But why would you want to inject your secrets into Kubernetes Secrets?

Why use External Secrets

As mentioned in the introduction, organizations that are already using Kubernetes Secrets for their credential management need a more secure method for storing and managing the full lifecycle of their secrets with strong encryption. That is why the External Secrets Operator for Kubernetes was created.

But more than that, many companies that have already put in a lot of effort to work with Kubernetes Secrets for their current environment and don’t want to change their workflows which can be anything from updating small components within automation to large scale refactoring of code.

So the basic idea here is that as the organization starts to deal with many services and environments, keeping track of secrets, access, new service onboarding, and rotation can be quite cumbersome. It’s best to let a full-fledged secrets management platform take care of these for you.

Akeyless Provider for External Secrets

The last piece of the puzzle is integrating with your actual external platform in order to synchronize the secrets and have them injected into Kubernetes as needed. For this, users or organizations can build their Provider for ESO to interact with.

As you might have guessed, our team has contributed to ESO and has created the Akeyless Provider to easily inject your Akeyless secrets into Kubernetes Secrets.

Feel free to give it a try and let us know what you think!

cloud

See Akeyless in Action

Get a Demo certification folder key