Describe the solution you'd like
Right now the SecretStore and ExternalSecret resources need to be in the target namespace together. The idea here is to isolate the SecretStore in another namespace, possibly the operator namespace.
What is the added value?
The problem with the SecretStore (and the associated k8s secret containing the provider credentials) being in the target namespace is that everyone that would have access to this namespace would also have access to the provider. We want to avoid this.
Give us examples of the outcome
Most of the changes are going to be done in the externalSecrets controler, we probably need to add the namespace in which it will look for the secretStore
Describe the solution you'd like Right now the SecretStore and ExternalSecret resources need to be in the target namespace together. The idea here is to isolate the SecretStore in another namespace, possibly the operator namespace.
What is the added value? The problem with the SecretStore (and the associated k8s secret containing the provider credentials) being in the target namespace is that everyone that would have access to this namespace would also have access to the provider. We want to avoid this.
Give us examples of the outcome
Most of the changes are going to be done in the externalSecrets controler, we probably need to add the namespace in which it will look for the secretStore
Observations (Constraints, Context, etc):