{"id":40739,"date":"2023-10-02T19:43:10","date_gmt":"2023-10-02T19:43:10","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=40739"},"modified":"2023-10-02T19:43:12","modified_gmt":"2023-10-02T19:43:12","slug":"external-secrets-operator-workflow","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/external-secrets-operator-workflow\/","title":{"rendered":"External Secrets Operator Workflow"},"content":{"rendered":"\n<ol class=\"wp-block-list\">\n<li><strong>Create Secret in External Service:<\/strong>\n<ul class=\"wp-block-list\">\n<li>Store your secret (e.g. API keys, passwords) in a supported external service, such as AWS Systems Manager Parameter Store, ensuring it\u2019s correctly secured with the proper permissions and encryption.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Create ExternalSecret Object in Kubernetes:<\/strong>\n<ul class=\"wp-block-list\">\n<li>Define an <code>ExternalSecret<\/code> object in your Kubernetes cluster specifying the details like the name of the external secret, the backend type, and the data keys to retrieve from the external service.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>External Secrets Operator Generates Kubernetes Secret:<\/strong>\n<ul class=\"wp-block-list\">\n<li>The External Secrets Operator will synchronize the <code>ExternalSecret<\/code> with the external service and automatically create the corresponding Kubernetes Secret in the cluster.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Use the Secret in Your Application:<\/strong>\n<ul class=\"wp-block-list\">\n<li>Reference the generated Kubernetes Secret in your application\u2019s deployment configurations allowing your application to access the secret values.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<p>When using External Secrets Operator with Kubernetes, you typically do not manually create a Kubernetes Secret. Instead, the External Secrets Operator automatically generates the Kubernetes Secret based on the <code>ExternalSecret<\/code> object you define in your Kubernetes cluster.<\/p>\n\n\n\n<p>The actual secret value is stored in an external service, like AWS Systems Manager Parameter Store, AWS Secrets Manager, Azure Key Vault, etc. So, before creating an <code>ExternalSecret<\/code> object in Kubernetes, you need to create and store your secret value in one of these supported external services, like Parameter Store, and properly configure the access permissions.<\/p>\n\n\n\n<p><strong>Use Cases of External Secrets Operator Using AWS and Kubernetes<\/strong><\/p>\n\n\n\n<p>You do not need to create a secret in Kubernetes before creating an ExternalSecret. The ExternalSecret object will create a Kubernetes Secret object for you.<\/p>\n\n\n\n<p>You do need to create the ParameterStore in AWS before creating the ExternalSecret. The ExternalSecret object will use the ParameterStore to fetch the secret data.<\/p>\n\n\n\n<p>Here is an example of the steps you would follow:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Create a ParameterStore in AWS.<\/li>\n\n\n\n<li>Create an ExternalSecret object in Kubernetes.<\/li>\n\n\n\n<li>Reference the ParameterStore in the ExternalSecret object.<\/li>\n\n\n\n<li>ESO will fetch the secret data from the ParameterStore and create a Kubernetes Secret object containing the secret data.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>When using External Secrets Operator with Kubernetes, you typically do not manually create a Kubernetes Secret. Instead, the External Secrets Operator automatically generates the Kubernetes Secret based&#8230; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[2],"tags":[],"class_list":["post-40739","post","type-post","status-publish","format-standard","hentry","category-uncategorised"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/40739","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=40739"}],"version-history":[{"count":1,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/40739\/revisions"}],"predecessor-version":[{"id":40740,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/40739\/revisions\/40740"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=40739"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=40739"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=40739"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}