External Secrets providers
Definition
External Secrets providers are integrations that allow applications to securely access secrets stored in external secret management systems, such as AWS Secrets Manager, HashiCorp Vault, or Azure Key Vault. These providers abstract the complexity of directly interacting with secret management APIs, enabling applications to retrieve sensitive information like API keys, passwords, and certificates without embedding them in the application code or configuration files. This approach enhances security by centralizing secret management and reducing the risk of accidental exposure.
Secure Settings Example
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: my-secret
spec:
backendType: secretsManager
data:
- key: production/db-password
name: db-password
target:
name: my-secret
template:
data:
db-password: '{{ .db-password }}'
refreshInterval: 1h
Insecure Settings Example
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: my-secret
spec:
backendType: secretsManager
data:
- key: production/db-password
name: db-password
target:
name: my-secret
template:
data:
db-password: '{{ .db-password }}'
refreshInterval: 0s # Setting refresh interval to zero can lead to excessive API calls and potential rate limiting