werne2j
commented
2 years ago Thanks for the question @StevenACoffman! The first thing that i will point you is this talk https://www.youtube.com/watch?v=7L6nSuKbC2c from KubeCon. It lays out what the goal for this project was and how it differs from others.
But at the end of the day, these tools are looking to solve the same problem but in different ways. This tool works as CLI tool or plugin to Argo CD to help inject secrets into Kubernetes Secret files using a templating system.
Something like External Secrets makes use of Custom Resources and an Operator to generate a Kubernetes Secret from the provided Custom Resource.
So multiple ways to try and solve you GitOps secrets problems. Hope that helps clear things up!
StevenACoffman
What I'm wondering is how using argoproj-labs/argocd-vault-plugin differs from using external secrets with ArgoCD? It might be a helpful add to your documentation generally.
Background
In the existing ArgoCD secret management documentation, while it mentions several popular kubernetes secrets solutions... it doesn't really have any guidance or instructions for how to get them to work specifically with ArgoCD.
It is at least also perhaps noting in that document that the argoproj-labs/argocd-vault-plugin supports not only HashiCorp Vault, but also GCP Secret Manager, AWS Secrets Manager, Azure Key Vault, and IBM Cloud Secrets Manager. Or is this support still in beta?
I found that there was a pretty good write-up on using external secrets with ArgoCD in this Kubernetes External Secrets article. External secrets also supports AWS Secrets Manager, Azure Key Vault, Google Secret Manager, IBM Cloud Secrets Manager, and HashiCorp Vault like argocd-vault-plugin does. (external secrets also supports addition to Akeyless, Yandex, Gitlab, Oracle and webhooks)
Anyway, I am wondering how these two similar things differ from one another and what the pros and cons are. Thanks for any insight or guidance!