Integrating Kubernetes ESO with Delinea

Integrating Kubernetes ESO (External Secrets Operator) with Secret Server or the Delinea Platform offers a secure and centralized solution for managing secrets within Kubernetes environments. The ESO enables the synchronization of secrets from external APIs into Kubernetes. With the updated Kubernetes ESO integration, all types of secret templates are now supported, simplifying the process of securely storing and retrieving secrets within Kubernetes. Secret values are fetched from Secret Server or from Secret Server on the Delinea Platform and are injected into a Kubernetes Secret.

The integration supports Secret Server Cloud, Secret Server On-Premises, and Secret Server on the Delinea Platform, providing a consistent and seamless experience across deployment environments.

Delinea is actively working with the ESO community and is in the process of submitting a PR to advance from Beta toward a Stable release. The current "Beta" version is fully supported by Delinea and is a production Delinea release.

Use Cases

The integration supports the following use cases:

  • Retrieves entire secrets or specific secret values from Secret Server by secret ID, secret name, or secret path.

  • Supports retrieval of secrets that use both JSON and non-JSON secret templates.

The Kubernetes ESO integration uses the Delinea Golang SDK to authenticate with the Delinea APIs to access secrets. For more information about the Golang SDK, explore the Delinea Golang SDK repo.

To retrieve binary file-based secrets from Secret Server or from Secret Server on the Delinea Platform to Kubernetes, perform the following steps:

  1. Encode the file content using Base64 encoding.

  2. Save the content to a standard secret field in Secret Server or Secret Server on the Delinea Platform.

  3. Decode it within the Kubernetes application or container.

For more information about this integration, see the following topics: