加载中
正在获取最新内容,请稍候...
External Secrets Operator - Securely Sync External Secrets to Kubernetes
External Secrets Operator syncs secrets from external services like AWS Secrets Manager, Azure Key Vault, Google Secret Manager, and more, injecting them securely into Kubernetes as native Secrets.
Go
Added on 2025年6月27日5,132
Stars985
ForksGo
LanguageProject Introduction
Summary
External Secrets Operator (ESO) is a Kubernetes operator that reads secrets from external secret management systems and automatically injects them as Kubernetes Secrets.
Problem Solved
Managing sensitive information like database credentials or API keys directly within Kubernetes manifests or manually syncing them from external vaults is insecure, cumbersome, and error-prone. This project automates the secure synchronization.
Core Features
Multi-Provider Support
Automatically fetches secrets from various external providers.
Kubernetes Integration
Creates and updates native Kubernetes Secret objects based on external data.
Dynamic Sync
Supports dynamic secret updates without requiring pod restarts.
Tech Stack
Go
Kubernetes API
Controller Runtime
Use Cases
External Secrets Operator is suitable for any scenario where sensitive data needs to be managed externally and consumed by applications running in Kubernetes.
Database Credential Management
Details
Automatically inject database credentials stored in AWS Secrets Manager into Kubernetes Pods.
User Value
Eliminates hardcoding credentials in manifests and ensures credentials can be centrally rotated.
API Key Distribution
Details
Sync API keys or service account credentials from HashiCorp Vault into Kubernetes for microservice access.
User Value
Standardizes secure distribution of access tokens to applications.
TLS Certificate Management
Details
Provision TLS certificates stored in Azure Key Vault as Kubernetes TLS Secrets for ingress controllers.
User Value
Automates certificate lifecycle management within Kubernetes.
Recommended Projects
You might be interested in these projects
XTLSXray-core
Xray-core is a powerful and flexible v2ray-core alternative, designed to penetrate network restrictions and provide secure, high-performance proxying. It's an open platform enabling diverse use cases from personal privacy to enterprise solutions.
Go
292434353
unslothaiunsloth
Unsloth is an open-source library designed to significantly speed up Large Language Model (LLM) finetuning while drastically reducing memory usage, supporting models like Llama, Qwen, Gemma, DeepSeek, and TTS.
Python
391453066
ryanmcdermottclean-code-javascript
A comprehensive guide to writing clean, maintainable, and scalable JavaScript code based on best practices and software design principles.
JavaScript
9310212439