Moritz Johner

External Secrets Operator: the secrets management toolbox for self-sufficient teams

How do you solve the 'first secret' problem in Kubernetes? Learn how the External Secrets Operator uses cloud IAM to securely bridge any vault to your applications.

External Secrets Operator: the secrets management toolbox for self-sufficient teams
#1about 2 minutes

Understanding the fundamentals of secrets management

Secrets management deals with the complete lifecycle of credentials like API keys and passwords to prevent sensitive data exposure.

#2about 4 minutes

A framework for classifying different types of secrets

Secrets can be categorized by their expiry, creation method, dependencies, and consumer type, which dictates how they should be managed.

#3about 4 minutes

Centralizing secrets from development, CI/CD, and production

Using a central vault like HashiCorp Vault or AWS Secrets Manager provides control, auditing, and a consistent API for all environments.

#4about 2 minutes

Overcoming common challenges in secrets management

Key challenges include secret sprawl, complex lifecycle management, poor tooling integration, and users not following security best practices.

#5about 3 minutes

Introducing the External Secrets Operator for Kubernetes

External Secrets Operator (ESO) is a CNCF project that synchronizes secrets from an external provider into native Kubernetes secrets.

#6about 4 minutes

Understanding the core concepts and CRDs of ESO

ESO uses SecretStore and ExternalSecret custom resources to define the connection to a provider and specify which secrets to fetch.

#7about 5 minutes

Using advanced ESO features for complex use cases

ESO supports advanced features like zero-configuration authentication, templating for config files, and multi-tenant isolation across different cloud accounts.

#8about 5 minutes

Q&A on pod restarts, SOPS, and caching benefits

The operator doesn't restart pods automatically, offers a smaller attack surface than SOPS in Git, and acts as a caching layer for high availability.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Crypto crime, EU regulation, and working while you sleep
01:15 MIN

Crypto crime, EU regulation, and working while you sleep

Fake or News: Self-Driving Cars on Subscription, Crypto Attacks Rising and Working While You Sleep - Théodore Lefèvre

Malware campaigns, cloud latency, and government IT theft
01:06 MIN

Malware campaigns, cloud latency, and government IT theft

Fake or News: Self-Driving Cars on Subscription, Crypto Attacks Rising and Working While You Sleep - Théodore Lefèvre

Europe's push for digital independence from US tech
05:17 MIN

Europe's push for digital independence from US tech

WeAreDevelopers LIVE – AI, Freelancing, Keeping Up with Tech and More

The most dangerous trap for HR during company growth
04:20 MIN

The most dangerous trap for HR during company growth

From Data Keeper to Culture Shaper: The Evolution of HR Across Growth Stages

How to build structure and culture without killing agility
05:12 MIN

How to build structure and culture without killing agility

From Data Keeper to Culture Shaper: The Evolution of HR Across Growth Stages

Breaking down silos between HR, tech, and business
03:39 MIN

Breaking down silos between HR, tech, and business

What 2025 Taught Us: A Year-End Special with Hung Lee

The business case for sustainable high performance
03:34 MIN

The business case for sustainable high performance

Sustainable High Performance: Build It or Pay the Price

Selecting strategic partners and essential event tools
03:17 MIN

Selecting strategic partners and essential event tools

Cat Herding with Lions and Tigers - Christian Heilmann

Featured Partners

Related Videos

See all videos
Securing secrets in the GitOps Era58:52

Securing secrets in the GitOps Era

Davide Imola

Securing Secrets in the GitOps era58:57

Securing Secrets in the GitOps era

Alex Soto

Chaos in Containers - Unleashing Resilience27:52

Chaos in Containers - Unleashing Resilience

Maish Saidel-Keesing

Kubernetes Security - Challenge and Opportunity42:45

Kubernetes Security - Challenge and Opportunity

Marc Nimmerrichter

From Factory Floor to Kubernetes Core: Building an Edge Platform One Step at a Time17:34

From Factory Floor to Kubernetes Core: Building an Edge Platform One Step at a Time

Dean Oren & Stefan Belsch

Best Practices for Using GitHub Secrets36:33

Best Practices for Using GitHub Secrets

Marcel Lupo

Kubernetes Security Best Practices23:08

Kubernetes Security Best Practices

Rico Komenda

Kubernetes Maestro: Dive Deep into Custom Resources to Unleash Next-Level Orchestration Power!29:21

Kubernetes Maestro: Dive Deep into Custom Resources to Unleash Next-Level Orchestration Power!

Um e Habiba

Related Articles

View all articles
AG
Andre Braun, GitLab
Now is the time for industrialized software development
Now is the time for industrialized software development Recently, I received a letter from my car’s manufacturer alerting me to a recall. They had discovered a defective part and wanted to replace it. It was easily fixed, and I might have forgotten a...
Now is the time for industrialized software development

From learning to earning

Jobs that call for the skills explored in this talk.

Platform Engineer (m/w/d)

Platform Engineer (m/w/d)

Qvest Digital AG
Bonn, Germany

Remote
Intermediate
Senior
Terraform
Continuous Integration
Cloud (AWS/Google/Azure)
DevOps Engineer

DevOps Engineer

SOMI Experts GmbH
Kiel, Germany

Linux
DevOps
Docker
Jenkins
Kubernetes
+2