External Secrets Operator with Yandex Lockbox support
External Secrets Operator is a Kubernetes operator that integrates external secret management systems, such as Yandex Lockbox, AWS Secrets Manager, HashiCorp Vault, Google Secrets Manager, Azure Key Vault, and many others.The operator reads information from external APIs and automatically enters values into Kubernetes Secret.
External Secrets Operator with Yandex Lockbox support enables you to configure the synchronization of Yandex Lockbox secrets with those of Managed Service for Kubernetes clusters.
Create a service account for External Secrets Operator:
yc iam service-account create --name eso-service-account
Create an authorized key for the service account and save it to the file:
yc iam key create --service-account-name eso-service-account --output authorized-key.json
(Optional) Assign the
lockbox.editorrole to the service account for full access to all folder secrets:
yc resource-manager folder add-access-binding --id=<folder ID> --service-account-name eso-service-account --role lockbox.editor
Configure External Secrets Operator:
- Namespace: Select a namespace or create a new one.
- Application name: Enter an application name.
- Service account key: Insert the contents of the file with the authorized key.
After installing the product:
Create secrets in Yandex Lockbox.
Configure secrets in Kubernetes by creating an
ExternalSecretobject and specify:
- Secret ID.
ClusterSecretStorewith the name
Learn more about syncing Yandex Lockbox secrets with Managed Service for Kubernetes cluster secrets.
- Syncing secrets from external APIs in Kubernetes.
- Using secrets for multi-tenant deployments.
Yandex Cloud technical support is available 24/7 to respond to requests. Available support modes and response times depend on your support plan. You can enable paid support in the management console. Learn more about requesting technical support.
Yandex Cloud does not provide technical support for this product. If you have any issues, please refer to the developer’s resources.