External Secrets Operator is a Kubernetes operator that integrates external secret management systems like AWS Secrets Manager, HashiCorp Vault, Google Secrets Manager, Azure Key Vault.
The goal of External Secrets Operator is to synchronize secrets from external APIs into Kubernetes. ESO is a collection of custom API resources - ExternalSecret, SecretStore and ClusterSecretStore
Resource Model
Step 1: Create a secret in AWS Secrets Manager
Step 2: Create an AWS IAM Policy and IAM Role
IAM Policy
Step-3 Install External-secrets on kubernetes cluster
External-secrets runs within your Kubernetes cluster as a deployment resource. It utilizes CustomResourceDefinitions to configure access to secret providers through SecretStore resources and manages Kubernetes secret resources with ExternalSecret resources.
Install from chart repository
Step-4 Create Service Account
Step-5 Create SecretStore
Create a file 'basic-secret-store.yaml' with the following content.
Step-6 Create ExternalSecret
Create a file 'basic-external-secret.yaml' with the following content.
Step-7 Apply SecretStore and ExternalSecret
Once External Secret is created. It will fetch the secret value from secret manager and create Kubernetes secret in cluster. You can check the secret created and the value.