Comparasion with the external-secrets KV implementation?

[kenans]

Not a real feature request. But I wonder what is the difference between the secret store CSI driver and the external-secrets Azure KV implementation regarding,

1. Features and limitations
2. AKS team official support

There is a similar question in the external-secrets repo. It would be nice to have the info specifically on Azure KV detailed in the documents.

[eedorenko]

The major difference is that CSI driver synchronizes external secrets directly into a pod volume bypassing the native k8s secret resource. Although, optionally, it can mirror the content of the volume into a normal secret, it's an additional feature to handle use-cases like Set as Env Var. That said, the workloads, consuming external secrets should be configured in a specific way defining "volume" and "volumeMounts".

External Secrets Operator, on the other hand, is more simple/strait-forward/obvious. It synchronizes external secrets to native K8s secrets which decouples applications and manifests from the "secret delivery" details. So it's job is just to deliver the secret to the cluster and then you folks use it in a standard way without knowing/thinking of how the secret appeared in the cluster. Separation of concerns.