Integrations
When it comes to managing sensitive data, a third-party secret store can strengthen an organization’s security posture by handling the entire lifecycle of Kubernetes Secrets from a central location, outside of the cluster. Dedicated solutions, like HashiCorp Vault and CyberArk Conjur, often have more advanced authentication and authorization features than those available on the cluster itself. Many also offer encryption and support for Hardware Security Modules (HSMs), which are often required for regulatory compliance.
What will you learn?
- Currently available integrations for Cert-manager, External Secrets Operator, and Secrets Store CSI Driver
- Common external secrets management solutions
Integrations
At Red Hat, we believe in choice. Therefore, the products we develop provide you ample opportunities to bring the external secret repository of your choice. You can find a list of plugins developed for each of the above mentioned operators:
Cert-manager:
- Cert-manager has a strong upstream following, and as a result, a number of vendors have developed plugins for this operator. You can find a list of Issuers developed by the community here.
External Secrets Operator:
- Similar to cert-manager, ESO has a strong upstream community, and due to its flexibility and applicability to many use cases, a large number of vendors have produced plugins. You can find a list of ESO Providers here.
Secrets Store CSI Driver:
- SSCSI has the smallest footprint from the perspective of available Providers. You can find the list here. However, the API is stable and well defined, making it fairly easy to develop a Provider.
Vendors
This is not a comprehensive list of vendors that provide external secrets management solutions. However, some of the more commonly seen solutions in the market include:
- CyberArk Conjur
- HashiCorp Vault
- AWS Secrets Manager
- Azure Key Vault
- Google Cloud Secret Manager
