External Secrets Operator is a Kubernetes operator that integrates external secret management systems, such as Yandex Lockbox, AWS Secrets Manager, HashiCorp Vault, Google Secrets Manager, Azure Key Vault, and others.The operator reads external APIs and automatically inserts values into Kubernetes Secret.
External Secrets Operator with Yandex Lockbox support enables you to configure the synchronization of Yandex Lockbox secrets with those of Managed Service for Kubernetes clusters.
-
Create a service account for External Secrets Operator:
yc iam service-account create --name eso-service-account
-
Create an authorized key for the service account and save it to the file:
yc iam key create --service-account-name eso-service-account --output authorized-key.json
-
(Optional) Assign the
lockbox.editor
role to the service account for full access to all folder secrets:yc resource-manager folder add-access-binding --id=<folder ID> --service-account-name eso-service-account --role lockbox.editor
-
Configure External Secrets Operator:
- Namespace: Select a namespace or create a new one.
- Application name: Enter a name for the application.
- Service account key: Insert the contents of the file with the authorized key.
-
Click Install.
-
Wait for the application to change its status to
Deployed
.
After installing the product:
-
Create secrets in Yandex Lockbox.
-
Configure secrets in Kubernetes by creating an
ExternalSecret
object and specify:- Secret ID.
ClusterSecretStore
with the namecluster-secret-store
.
Learn more about syncing Yandex Lockbox secrets with Managed Service for Kubernetes cluster secrets.
- Syncing secrets from external APIs in Kubernetes.
- Using secrets for multi-tenant deployments.
Yandex Cloud technical support is available 24/7 to respond to requests. Available support modes and response times depend on your support plan. You can enable paid support in the management console. Learn more about requesting technical support.
Helm chart | Version | Pull-command | Documentation |
---|---|---|---|
yandex-cloud/external-secrets/chart/external-secrets | 0.10.5 | Open |
Docker image | Version | Pull-command |
---|---|---|
yandex-cloud/external-secrets/external-secrets1732299769355108918513208831127434322673107294297 | v0.10.5 |