Skip to content

External secrets #323

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
May 23, 2025
Merged

External secrets #323

merged 5 commits into from
May 23, 2025

Conversation

IanKWatts
Copy link
Contributor

@IanKWatts IanKWatts commented May 21, 2025
edited
Loading

Add documentation for the External Secrets Operator to the 'Secrets management' section.

@Pilargit12
Updates
896b81c 
- Added pages to index.md and mkdocs.yml
- Updated for plain language and active voice

@IanKWatts - In visual studio code the system is letting me know that Fenced code blocks should have language specified and provides this link: https://github.com/DavidAnson/markdownlint/blob/v0.37.4/doc/md040.md

I am unsure how this affects the code blocks.
ShellyXueHan
ShellyXueHan reviewed May 22, 2025
View reviewed changes
src/docs/secrets-management/external-secrets.md Outdated

ESO's main purpose to keep your Kubernetes Secrets in sync with external APIs. It uses custom resources `ExternalSecret` and `SecretStore` to provide a user-friendly abstraction for the external API that stores and manages the lifecycle of the secrets for you.

You install ESO in each cluster. It's **self-serve**, so you can:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do you mean "we installed ESO in each cluster, so you can self-serve"?

src/docs/secrets-management/vault-secrets-management-service.md
A STRA for Vault has been completed by the Platform Services team.

## Alternatives
If you would prefer to use a different secrets management system, you may use the External Secrets Operator to link your OpenShift namespace to an external service, such as AWS Secrets Manager or Azure Key Vault. See the [External Secrets Operator documentation](external-secrets.md) for more information.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe also mention that Openshift secure is now encrypted, so it's okay to use Openshift secret objects

src/docs/secrets-management/example_secretstore_azure_key_vault.md Outdated

We recommend running the Azure CLI in a Docker or Podman container. Installing the CLI directly on your machine requires many dependencies, which might conflict with other tools or take up unnecessary space if you only need it for this task.

Make sure you have a running Docker ir Podman environment before starting.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Make sure you have a running Docker ir Podman environment before starting.
Make sure you have a running Docker or Podman environment before starting.

@IanKWatts IanKWatts merged commit adb1012 into main May 23, 2025
3 checks passed
@IanKWatts IanKWatts deleted the external_secrets branch May 23, 2025 00:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ShellyXueHan ShellyXueHan ShellyXueHan left review comments

@Pilargit12 Pilargit12 Pilargit12 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@IanKWatts @ShellyXueHan @Pilargit12