Marketplace

External Secrets Operator with Yandex Lockbox support

Updated December 5, 2024

External Secrets Operator is a Kubernetes operator that integrates external secret management systems, such as Yandex Lockbox, AWS Secrets Manager, HashiCorp Vault, Google Secrets Manager, Azure Key Vault, and others.The operator reads external APIs and automatically inserts values into Kubernetes Secret.

External Secrets Operator with Yandex Lockbox support enables you to configure the synchronization of Yandex Lockbox secrets with those of Managed Service for Kubernetes clusters.

Deployment instructions
  1. Create a service account for External Secrets Operator:

    yc iam service-account create --name eso-service-account
    
  2. Create an authorized key for the service account and save it to the file:

    yc iam key create --service-account-name eso-service-account --output authorized-key.json
    
  3. (Optional) Assign the lockbox.editor role to the service account for full access to all folder secrets:

    yc resource-manager folder add-access-binding --id=<folder ID> --service-account-name eso-service-account --role lockbox.editor
    
  4. Configure External Secrets Operator:

    • Namespace: Select a namespace or create a new one.
    • Application name: Enter a name for the application.
    • Service account key: Insert the contents of the file with the authorized key.
  5. Click Install.

  6. Wait for the application to change its status to Deployed.

After installing the product:

  1. Create secrets in Yandex Lockbox.

  2. Configure secrets in Kubernetes by creating an ExternalSecret object and specify:

    • Secret ID.
    • ClusterSecretStore with the name cluster-secret-store.

Learn more about syncing Yandex Lockbox secrets with Managed Service for Kubernetes cluster secrets.

Billing type
Free
Type
Kubernetes® Application
Category
Security
Publisher
Yandex Cloud
Use cases
  • Syncing secrets from external APIs in Kubernetes.
  • Using secrets for multi-tenant deployments.
Technical support

Yandex Cloud technical support is available 24/7 to respond to requests. Available support modes and response times depend on your support plan. You can enable paid support in the management console. Learn more about requesting technical support.

Product composition
Helm chartVersion
Pull-command
Documentation
yandex-cloud/external-secrets/chart/external-secrets0.10.5Open
Docker imageVersion
Pull-command
yandex-cloud/external-secrets/external-secrets1732299769355108918513208831127434322673107294297v0.10.5
Terms
By using this product you agree to the Yandex Cloud Marketplace Terms of Service and the terms and conditions of the following software: External Secrets
Billing type
Free
Type
Kubernetes® Application
Category
Security
Publisher
Yandex Cloud