onepassword-operator icon indicating copy to clipboard operation
onepassword-operator copied to clipboard

Published 20 hours ago verified publisher icon 1Password

Merging efforts on the Kubernetes Secrets Space ✨

Open jonatasbaldin opened this issue 3 years ago • 4 comments

Hi there, how are you doing?

We are working on the External Secrets Operator, a Kubernetes Operator to read secrets from third party services like AWS Secrets Manager and inject them as Kubernetes Secrets.

The project is a result of different individuals and companies merging efforts to create a vendor-neutral and community-led initiative, after seeing scattered solutions reimplementing the same wheel.

I'm very happy that 1Password is also getting into this space with this Operator, it really shows the need for better ways to manage Secrets within K8S.

I'd like to invite the 1Password team to take a look at our project and see if there's any interest in merging efforts to develop a more unified solution for Kubernetes users.

Thanks ✨

jonatasbaldin avatar Apr 14 '21 16:04 jonatasbaldin

Any news about this? It would be an amazing addition for External Secrets Operator!

bygui86 avatar Dec 11 '21 16:12 bygui86

Hey I was wondering if there has been any discussion on this? It would be really cool if 1Password were to collaborate on this problem! :)

WesleyKlop avatar Feb 15 '22 14:02 WesleyKlop

Just recently support for 1password has been added to external-secrets: https://github.com/external-secrets/external-secrets/pull/1006

moritzjohner-form3 avatar May 20 '22 09:05 moritzjohner-form3

FWIW, besides the benefits of merging efforts and of course the ability to switch vendors in the future, the primary reason we chose to add 1Password support to external-secrets instead of using onepassword-operator is because we needed: The ability to configure secrets specs once, and yet supply differing values from different buckets for differing environments, with minimal overriding.

For example, imagine you have 100 secrets to support your product, and you have 10 customers, each deployed from a different Kustomize overlay. With sops/ksops, onepassword-operator, and more, you end up with 1000 yaml files with overrides for the various environments.

With external-secrets, we can define the 100 secrets configs in our Kustomize base, and then in each overlay supply 1 SecretStore and 1 JSON patch that configures all the configs from base to point to the SecretStore for that overlay, and thus source their values from the bucket for that environment.

Update 10/07/2023: Updated link.

snarlysodboxer avatar May 26 '22 00:05 snarlysodboxer