Managing secrets centrally is a best practice in software development. Secrets should be stored and rotated in a central location, even when they are used by multiple components of an application. However, when secrets need to be accessed in different places, such as CI/CD pipelines and Kubernetes, manually copying them can lead to errors and failures caused by human mistakes.
To address this in Kubernetes, we can use External Secrets Operators, which automatically sync secrets from external secret stores such as Azure Key Vaults into Kubernetes secrets. This removes the need for manual synchronization and reduces the risk of errors due to incorrect or outdated secrets.
Pre-requites:
- Azure Kubernetes Cluster
- Azure Key vault
- Managed identity
