search

1Password / onepassword-operator

The 1Password Connect Kubernetes Operator provides the ability to integrate Kubernetes Secrets with 1Password. The operator also handles autorestarting deployments when 1Password items are updated.
https://developer.1password.com/docs/connect/
MIT License
532 stars 60 forks source link

Merging efforts on the Kubernetes Secrets Space ✨ #22

Open jonatasbaldin opened 3 years ago

jonatasbaldin commented 3 years ago

Hi there, how are you doing?

We are working on the External Secrets Operator, a Kubernetes Operator to read secrets from third party services like AWS Secrets Manager and inject them as Kubernetes Secrets.

The project is a result of different individuals and companies merging efforts to create a vendor-neutral and community-led initiative, after seeing scattered solutions reimplementing the same wheel.

I'm very happy that 1Password is also getting into this space with this Operator, it really shows the need for better ways to manage Secrets within K8S.

I'd like to invite the 1Password team to take a look at our project and see if there's any interest in merging efforts to develop a more unified solution for Kubernetes users.

Thanks ✨

bygui86 commented 2 years ago

Any news about this? It would be an amazing addition for External Secrets Operator!

WesleyKlop commented 2 years ago

Hey I was wondering if there has been any discussion on this? It would be really cool if 1Password were to collaborate on this problem! :)

moritzjohner-form3 commented 2 years ago

Just recently support for 1password has been added to external-secrets: https://github.com/external-secrets/external-secrets/pull/1006

snarlysodboxer commented 2 years ago

FWIW, besides the benefits of merging efforts and of course the ability to switch vendors in the future, the primary reason we chose to add 1Password support to external-secrets instead of using onepassword-operator is because we needed: The ability to configure secrets specs once, and yet supply differing values from different buckets for differing environments, with minimal overriding.

For example, imagine you have 100 secrets to support your product, and you have 10 customers, each deployed from a different Kustomize overlay. With sops/ksops, onepassword-operator, and more, you end up with 1000 yaml files with overrides for the various environments.

With external-secrets, we can define the 100 secrets configs in our Kustomize base, and then in each overlay supply 1 SecretStore and 1 JSON patch that configures all the configs from base to point to the SecretStore for that overlay, and thus source their values from the bucket for that environment.

Update 10/07/2023: Updated link.