Skip to content

Commit

Permalink
feat: add ESO and ESC blog post
Browse files Browse the repository at this point in the history
  • Loading branch information
dirien committed Sep 27, 2024
1 parent 137b981 commit d902ea9
Showing 1 changed file with 4 additions and 4 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -36,12 +36,12 @@ applications through its dedicated SDKs built for different programming language
which can be used to manage secrets and configurations from the command line to provide a context for your CLI tools (
e.g. `terraform`).

For more information on Pulumi ESC, you can check out the official documentation. In this blog post, we will be using
For more information on Pulumi ESC, you can check out the official [documentation](/docs/esc/). In this blog post, we will be using
the External Secrets Operator, and it's Pulumi ESC provider to manage secrets in a Kubernetes cluster.

## External Secrets Operator (ESO)

The Open Source project External Secrets Operator (ESO) is a Kubernetes operator that helps us to manage secrets in a
The Open Source project [External Secrets Operator](https://external-secrets.io/latest/) (ESO) is a Kubernetes operator that helps us to manage secrets in a
highly secure and scalable way. ESO synchronizes secrets stored in external secret management systems like Pulumi ESC,
HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, and more into Kubernetes secrets. This approach allows us to tame
any secrets sprawl and centralize the management of secrets in a single place while providing a secure and controlled
Expand Down Expand Up @@ -69,7 +69,7 @@ or using `kubectl`:
kubectl create secret generic mysecret --from-literal=username=admin --from-literal=password=admin
```

But Kubernetes secrets have some limitations:
But [Kubernetes secrets](https://kubernetes.io/docs/concepts/configuration/secret/) have some limitations:

- They are stored in etcd in base64 encoded format, which is not secure.
- They are created either manually by using `kubectl` commands or by using a manifest file, making them hart to manage
Expand Down Expand Up @@ -99,7 +99,7 @@ shines by providing a way to manage secrets in a more secure and efficient way:

## External Secrets Operator Architecture

Central part of the ESO architecture is the extension of the Kubernetes API with a new Custom Resource Definition (CRD)
Central part of the [ESO architecture](https://external-secrets.io/latest/introduction/overview/) is the extension of the Kubernetes API with a new [Custom Resource Definition (CRD)](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/)
which defines where the secrets are stored and how they are synchronized into Kubernetes secrets. The ESO controller
then retrieves the secrets from the external secret management system and creates or updates the Kubernetes secrets.
Every time a secret is updated in the external secret management system, the ESO controller will synchronize the secret
Expand Down

0 comments on commit d902ea9

Please sign in to comment.