External Secrets

External Secrets Operator reads secrets from external secret management systems and writes them into Kubernetes Secrets on your cluster. Edka deploys it as a Helm chart in the external-secrets namespace with CRDs installed. Secrets stay in the external provider and never land in Git.

  1. Reads from AWS Secrets Manager, Azure Key Vault, Google Secret Manager, HashiCorp Vault, Doppler, and 1Password
  2. Keeps Kubernetes Secrets in sync as the source values change
  3. Templating for complex secret structures and transformations
  4. Namespace-level isolation for multi-tenant clusters

Features available

Configure providers by creating SecretStore or ClusterSecretStore and ExternalSecret resources, from the cluster Secrets tab or via GitOps. The operator runs on your own cluster and tracks sync status per ExternalSecret.


Deploy External Secrets
icon related to External Secrets

External Secrets

Security

Securely sync your secrets from external providers like AWS Secrets Manager, Vault, GCP Secret Manager and more, directly to your Kubernetes cluster.