eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/docs/reference/kubernetes/external-secrets.md
Erich Blume 06e721841c Review 12 reference docs: fix stale image refs, expand stubs, add cross-refs 
Replace hardcoded image tags in Quick Reference tables with pointers to
kustomization manifests (tags drift with every container release). Fix
Prometheus CNPG scrape target, remove misleading .ts.net URLs, expand
external-secrets stub, add backup/disaster-recovery cross-references.
Limit doc-reviewer agent to one doc per cycle.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-23 09:51:57 -07:00

26 lines
870 B
Markdown
Raw Blame History

---
title: External Secrets
modified: 2026-03-23
last-reviewed: 2026-03-23
tags:
- kubernetes
- secrets
---
# External Secrets
The [External Secrets Operator](https://external-secrets.io/) syncs secrets from 1Password into Kubernetes Secrets. It runs in the `1password-connect` namespace alongside the 1Password Connect server.
## How It Works
Each service that needs secrets defines an `ExternalSecret` resource referencing a 1Password item and field. The operator polls 1Password Connect and creates/updates native Kubernetes Secrets.
## Manifests
- **Operator + Connect server:** `argocd/manifests/1password-connect/`
- **Per-service ExternalSecrets:** in each service's manifest directory (e.g., `argocd/manifests/grafana-config/external-secret-*.yaml`)
## Related
- [[1password]] - Credential management
- [[security-model]] - Secrets flow architecture
Reference in a new issue View git blame Copy permalink