External Secrets Operator with Yandex Lockbox support

Updated October 17, 2022

External Secrets Operator is a Kubernetes operator that integrates external secret management systems, such as Yandex Lockbox, AWS Secrets Manager, HashiCorp Vault, Google Secrets Manager, Azure Key Vault, and many others.The operator reads information from external APIs and automatically enters values into Kubernetes Secret.

External Secrets Operator with Yandex Lockbox support enables you to configure the synchronization of Yandex Lockbox  secrets with those of Managed Service for Kubernetes clusters.

Deployment instructions
  1. Create a service account for External Secrets Operator:

    yc iam service-account create --name eso-service-account
    
  2. Create an authorized key for the service account and save it to the file:

    yc iam key create --service-account-name eso-service-account --output authorized-key.json
    
  3. (Optional) Assign the lockbox.editor role to the service account for full access to all folder secrets:

    yc resource-manager folder add-access-binding --id=<folder ID> --service-account-name eso-service-account --role lockbox.editor
    
  4. Configure External Secrets Operator:

    • Namespace: Select a namespace or create a new one.
    • Application name: Enter an application name.
    • Service account key: Insert the contents of the file with the authorized key.
  5. Click Install.

After installing the product:

  1. Create secrets in Yandex Lockbox.

  2. Configure secrets in Kubernetes by creating an ExternalSecret object and specify:

    • Secret ID.
    • ClusterSecretStore with the name cluster-secret-store.

Learn more about syncing Yandex Lockbox secrets with Managed Service for Kubernetes cluster secrets.

Billing type
Free
Type
Kubernetes® Application
Category
Security
Publisher
Yandex Cloud
Use cases
  • Syncing secrets from external APIs in Kubernetes.
  • Using secrets for multi-tenant deployments.
Technical support

Yandex Cloud technical support is available 24/7 to respond to requests. Available support modes and response times depend on your support plan. You can enable paid support in the management console. Learn more about requesting technical support.

Yandex Cloud does not provide technical support for this product. If you have any issues, please refer to the developer’s resources.

Product composition
Helm chartVersion
Pull-command
Documentation
yandex-cloud/external-secrets/chart/external-secrets0.3.8-2Open
Docker-imageVersion
Pull-command
yandex-cloud/external-secrets/external-secretsv0.3.8
Terms
By using this product you agree to the Yandex Cloud Marketplace Terms of Service and the terms and conditions of the following software: External Secrets
Billing type
Free
Type
Kubernetes® Application
Category
Security
Publisher
Yandex Cloud