README
¶
External Secrets
External Secrets Operator is a Kubernetes operator that integrates external secret management systems like AWS Secrets Manager, HashiCorp Vault, Google Secrets Manager, Azure Key Vault, IBM Cloud Secrets Manager, Akeyless, CyberArk Secrets Manager, Pulumi ESC and many more. The operator reads information from external APIs and automatically injects the values into a Kubernetes Secret.
Multiple people and organizations are joining efforts to create a single External Secrets solution based on existing projects. If you are curious about the origins of this project, check out this issue and this PR.
Documentation
External Secrets Operator guides and reference documentation is available at external-secrets.io. Also see our stability and support policy.
Contributing
We welcome and encourage contributions to this project! Please read the Developer and Contribution process guides. Also make sure to check the Code of Conduct and adhere to its guidelines.
Also, please take a look our Contribution Ladder for a very detailed explanation of what roles and tracks are available for people to try and help this project.
Sponsoring
Please consider sponsoring this project, there are many ways you can help us with: engineering time, providing infrastructure, donating money, etc. We are open to cooperations, feel free to approach as and we discuss how this could look like. We can keep your contribution anonymized if that's required (depending on the type of contribution), and anonymous donations are possible inside Opencollective.
Bi-weekly Development Meeting
We host our development meeting every odd wednesday on Zoom. We run the meeting with alternating times 8:00 PM Berlin Time and 1:00 PM Berlin Time. Be sure to check the CNCF Calendar to see when the next meeting is scheduled, we'll also announce the time in our Kubernetes Slack channel. Meeting notes are recorded on this google document.
Anyone is welcome to join. Feel free to ask questions, request feedback, raise awareness for an issue, or just say hi. ;)
Security
Please report vulnerabilities by email to cncf-ExternalSecretsOp-maintainers@lists.cncf.io. Also see our SECURITY.md file for details.
Software bill of materials
We attach SBOM and provenance file to our GitHub release. Also, they are attached to container images.
Adopters
Please create a PR and add your company or project to our ADOPTERS.md file if you are using our project!
Roadmap
You can find the roadmap in our documentation: https://external-secrets.io/main/contributing/roadmap/
Kicked off by
Sponsored by
License
Documentation
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
apis
module
|
|
|
cmd
|
|
|
controller
Package controller implements the various controllers for external-secrets
|
Package controller implements the various controllers for external-secrets |
|
esoctl
command
This is the command entry point for the esoctl command-line tool
|
This is the command entry point for the esoctl command-line tool |
|
esoctl/generator
Package generator provides functionality for bootstrapping new generators.
|
Package generator provides functionality for bootstrapping new generators. |
|
generators
|
|
|
v1/acr
module
|
|
|
v1/cloudsmith
module
|
|
|
v1/ecr
module
|
|
|
v1/fake
module
|
|
|
v1/gcr
module
|
|
|
v1/github
module
|
|
|
v1/grafana
module
|
|
|
v1/mfa
module
|
|
|
v1/password
module
|
|
|
v1/quay
module
|
|
|
v1/sshkey
module
|
|
|
v1/sts
module
|
|
|
v1/uuid
module
|
|
|
v1/vault
module
|
|
|
v1/webhook
module
|
|
|
pkg
|
|
|
controllers/clusterexternalsecret
Package clusterexternalsecret implements a controller for managing ClusterExternalSecret resources, which allow creating ExternalSecrets across multiple namespaces.
|
Package clusterexternalsecret implements a controller for managing ClusterExternalSecret resources, which allow creating ExternalSecrets across multiple namespaces. |
|
controllers/clusterexternalsecret/cesmetrics
Package cesmetrics provides functionality for tracking and exposing metrics related to ClusterExternalSecret resources.
|
Package cesmetrics provides functionality for tracking and exposing metrics related to ClusterExternalSecret resources. |
|
controllers/clusterpushsecret
Package clusterpushsecret implements a controller for managing ClusterPushSecret resources, which allow pushing secrets to external systems across multiple namespaces.
|
Package clusterpushsecret implements a controller for managing ClusterPushSecret resources, which allow pushing secrets to external systems across multiple namespaces. |
|
controllers/clusterpushsecret/cpsmetrics
Package cpsmetrics provides functionality for tracking and exposing metrics related to ClusterPushSecret resources.
|
Package cpsmetrics provides functionality for tracking and exposing metrics related to ClusterPushSecret resources. |
|
controllers/common
Package ctrlcommon provides shared utility functions for controllers
|
Package ctrlcommon provides shared utility functions for controllers |
|
controllers/commontest
Package commontest provides testing utilities for controllers.
|
Package commontest provides testing utilities for controllers. |
|
controllers/crds
Package crds implements controllers for handling Custom Resource Definitions.
|
Package crds implements controllers for handling Custom Resource Definitions. |
|
controllers/externalsecret
Package externalsecret implements the controller for managing ExternalSecret resources
|
Package externalsecret implements the controller for managing ExternalSecret resources |
|
controllers/externalsecret/esmetrics
Package esmetrics provides metrics functionality for the ExternalSecret controller
|
Package esmetrics provides metrics functionality for the ExternalSecret controller |
|
controllers/generatorstate
Package generatorstate implements controllers for managing GeneratorState resources
|
Package generatorstate implements controllers for managing GeneratorState resources |
|
controllers/metrics
Package metrics provides utilities for metrics used by controllers.
|
Package metrics provides utilities for metrics used by controllers. |
|
controllers/pushsecret
Package pushsecret implements the controller for managing PushSecret resources.
|
Package pushsecret implements the controller for managing PushSecret resources. |
|
controllers/pushsecret/psmetrics
Package psmetrics provides metrics for PushSecret controller.
|
Package psmetrics provides metrics for PushSecret controller. |
|
controllers/secretstore
Package secretstore implements the controllers for managing SecretStore resources
|
Package secretstore implements the controllers for managing SecretStore resources |
|
controllers/secretstore/cssmetrics
Package cssmetrics provides metrics for ClusterSecretStore controllers.
|
Package cssmetrics provides metrics for ClusterSecretStore controllers. |
|
controllers/secretstore/metrics
Package metrics provides metrics for SecretStore controllers.
|
Package metrics provides metrics for SecretStore controllers. |
|
controllers/secretstore/ssmetrics
Package ssmetrics provides metrics for SecretStore controllers.
|
Package ssmetrics provides metrics for SecretStore controllers. |
|
controllers/templating
Package templating provides functionality for templating secret data.
|
Package templating provides functionality for templating secret data. |
|
controllers/util
Package ctrlutil provides utility functions for controllers.
|
Package ctrlutil provides utility functions for controllers. |
|
controllers/webhookconfig
Package webhookconfig contains the controller for the WebhookConfig resource.
|
Package webhookconfig contains the controller for the WebhookConfig resource. |
|
register
Package register provides explicit registration of all providers and generators.
|
Package register provides explicit registration of all providers and generators. |
|
providers
|
|
|
v1/akeyless
module
|
|
|
v1/alibaba
module
|
|
|
v1/aws
module
|
|
|
v1/azure
module
|
|
|
v1/barbican
module
|
|
|
v1/beyondtrust
module
|
|
|
v1/bitwarden
module
|
|
|
v1/chef
module
|
|
|
v1/cloudru
module
|
|
|
v1/conjur
module
|
|
|
v1/delinea
module
|
|
|
v1/device42
module
|
|
|
v1/doppler
module
|
|
|
v1/dvls
module
|
|
|
v1/fake
module
|
|
|
v1/fortanix
module
|
|
|
v1/gcp
module
|
|
|
v1/github
module
|
|
|
v1/gitlab
module
|
|
|
v1/ibm
module
|
|
|
v1/infisical
module
|
|
|
v1/keepersecurity
module
|
|
|
v1/kubernetes
module
|
|
|
v1/ngrok
module
|
|
|
v1/onboardbase
module
|
|
|
v1/onepassword
module
|
|
|
v1/onepasswordsdk
module
|
|
|
v1/oracle
module
|
|
|
v1/passbolt
module
|
|
|
v1/passworddepot
module
|
|
|
v1/previder
module
|
|
|
v1/pulumi
module
|
|
|
v1/scaleway
module
|
|
|
v1/secretserver
module
|
|
|
v1/senhasegura
module
|
|
|
v1/vault
module
|
|
|
v1/volcengine
module
|
|
|
v1/webhook
module
|
|
|
v1/yandex
module
|
|
|
runtime
module
|