- Create Secret in External Service:
- Store your secret (e.g. API keys, passwords) in a supported external service, such as AWS Systems Manager Parameter Store, ensuring it’s correctly secured with the proper permissions and encryption.
- Create ExternalSecret Object in Kubernetes:
- Define an
ExternalSecretobject in your Kubernetes cluster specifying the details like the name of the external secret, the backend type, and the data keys to retrieve from the external service.
- Define an
- External Secrets Operator Generates Kubernetes Secret:
- The External Secrets Operator will synchronize the
ExternalSecretwith the external service and automatically create the corresponding Kubernetes Secret in the cluster.
- The External Secrets Operator will synchronize the
- Use the Secret in Your Application:
- Reference the generated Kubernetes Secret in your application’s deployment configurations allowing your application to access the secret values.
When using External Secrets Operator with Kubernetes, you typically do not manually create a Kubernetes Secret. Instead, the External Secrets Operator automatically generates the Kubernetes Secret based on the ExternalSecret object you define in your Kubernetes cluster.
The actual secret value is stored in an external service, like AWS Systems Manager Parameter Store, AWS Secrets Manager, Azure Key Vault, etc. So, before creating an ExternalSecret object in Kubernetes, you need to create and store your secret value in one of these supported external services, like Parameter Store, and properly configure the access permissions.
Use Cases of External Secrets Operator Using AWS and Kubernetes
You do not need to create a secret in Kubernetes before creating an ExternalSecret. The ExternalSecret object will create a Kubernetes Secret object for you.
You do need to create the ParameterStore in AWS before creating the ExternalSecret. The ExternalSecret object will use the ParameterStore to fetch the secret data.
Here is an example of the steps you would follow:
- Create a ParameterStore in AWS.
- Create an ExternalSecret object in Kubernetes.
- Reference the ParameterStore in the ExternalSecret object.
- ESO will fetch the secret data from the ParameterStore and create a Kubernetes Secret object containing the secret data.
I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I have worked at Cotocus. I share tech blog at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at TrueReviewNow , and SEO strategies at Wizbrand.
Do you want to learn Quantum Computing?
Please find my social handles as below;
Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at WIZBRAND
Find Trusted Cardiac Hospitals
Compare heart hospitals by city and services — all in one place.
Explore Hospitals