index.html 72 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460246124622463246424652466246724682469247024712472247324742475247624772478247924802481248224832484248524862487248824892490249124922493249424952496249724982499250025012502250325042505250625072508250925102511251225132514251525162517251825192520252125222523252425252526252725282529253025312532253325342535253625372538253925402541254225432544254525462547254825492550255125522553255425552556255725582559256025612562256325642565256625672568256925702571257225732574257525762577257825792580258125822583258425852586258725882589259025912592259325942595259625972598259926002601260226032604260526062607260826092610261126122613261426152616261726182619262026212622262326242625262626272628262926302631263226332634263526362637263826392640264126422643264426452646264726482649265026512652265326542655265626572658265926602661266226632664266526662667266826692670267126722673267426752676267726782679268026812682268326842685268626872688268926902691269226932694269526962697269826992700270127022703270427052706270727082709271027112712271327142715271627172718271927202721272227232724272527262727272827292730273127322733273427352736273727382739274027412742274327442745274627472748274927502751275227532754275527562757275827592760276127622763276427652766276727682769277027712772277327742775277627772778277927802781278227832784278527862787278827892790279127922793279427952796279727982799280028012802280328042805280628072808280928102811281228132814281528162817281828192820282128222823282428252826282728282829283028312832283328342835283628372838283928402841284228432844284528462847284828492850285128522853285428552856285728582859286028612862286328642865286628672868286928702871287228732874287528762877287828792880288128822883288428852886288728882889289028912892289328942895289628972898289929002901290229032904290529062907290829092910291129122913291429152916291729182919292029212922292329242925292629272928292929302931293229332934293529362937293829392940294129422943294429452946294729482949295029512952295329542955295629572958295929602961296229632964296529662967296829692970297129722973297429752976297729782979298029812982298329842985298629872988298929902991299229932994299529962997299829993000300130023003300430053006300730083009301030113012301330143015301630173018301930203021302230233024302530263027302830293030303130323033303430353036303730383039304030413042304330443045304630473048304930503051305230533054305530563057305830593060306130623063306430653066306730683069307030713072307330743075307630773078307930803081308230833084308530863087308830893090309130923093309430953096309730983099310031013102310331043105310631073108310931103111311231133114311531163117311831193120312131223123312431253126312731283129313031313132313331343135313631373138313931403141314231433144314531463147314831493150315131523153315431553156315731583159316031613162316331643165316631673168316931703171317231733174317531763177317831793180318131823183318431853186318731883189319031913192319331943195319631973198319932003201320232033204320532063207320832093210321132123213321432153216321732183219322032213222322332243225322632273228322932303231323232333234323532363237323832393240324132423243324432453246324732483249325032513252325332543255325632573258325932603261326232633264326532663267326832693270327132723273327432753276327732783279328032813282328332843285328632873288328932903291329232933294329532963297329832993300330133023303330433053306330733083309331033113312331333143315331633173318331933203321332233233324332533263327332833293330333133323333333433353336333733383339334033413342334333443345334633473348334933503351335233533354335533563357335833593360336133623363336433653366336733683369337033713372337333743375337633773378337933803381338233833384338533863387338833893390339133923393339433953396339733983399340034013402340334043405340634073408340934103411341234133414341534163417341834193420342134223423342434253426342734283429343034313432343334343435343634373438343934403441344234433444344534463447344834493450345134523453345434553456345734583459346034613462346334643465346634673468346934703471347234733474347534763477347834793480348134823483348434853486348734883489349034913492349334943495349634973498349935003501350235033504350535063507350835093510351135123513351435153516351735183519352035213522352335243525352635273528352935303531353235333534353535363537353835393540354135423543354435453546354735483549355035513552355335543555355635573558355935603561356235633564356535663567356835693570357135723573357435753576357735783579358035813582358335843585358635873588358935903591359235933594359535963597359835993600360136023603360436053606360736083609361036113612361336143615361636173618361936203621362236233624362536263627362836293630363136323633363436353636363736383639364036413642364336443645364636473648364936503651365236533654365536563657365836593660366136623663366436653666366736683669367036713672367336743675367636773678367936803681368236833684368536863687368836893690369136923693369436953696369736983699370037013702370337043705370637073708370937103711371237133714371537163717371837193720372137223723372437253726372737283729373037313732373337343735373637373738373937403741374237433744374537463747374837493750375137523753375437553756375737583759376037613762376337643765376637673768376937703771377237733774377537763777377837793780378137823783378437853786378737883789379037913792379337943795379637973798379938003801380238033804380538063807380838093810381138123813381438153816381738183819382038213822382338243825382638273828382938303831383238333834383538363837383838393840384138423843384438453846384738483849385038513852385338543855385638573858385938603861386238633864386538663867386838693870387138723873387438753876387738783879388038813882388338843885388638873888388938903891389238933894389538963897389838993900390139023903390439053906390739083909391039113912391339143915391639173918391939203921392239233924392539263927392839293930393139323933393439353936393739383939394039413942394339443945394639473948394939503951395239533954395539563957395839593960396139623963396439653966396739683969397039713972397339743975397639773978397939803981398239833984398539863987398839893990399139923993399439953996399739983999400040014002400340044005400640074008400940104011401240134014401540164017401840194020402140224023402440254026402740284029403040314032403340344035403640374038403940404041404240434044404540464047404840494050405140524053405440554056405740584059406040614062406340644065406640674068406940704071407240734074407540764077407840794080408140824083408440854086408740884089409040914092409340944095409640974098409941004101410241034104410541064107410841094110411141124113411441154116411741184119412041214122412341244125412641274128412941304131413241334134413541364137413841394140414141424143414441454146414741484149415041514152415341544155415641574158415941604161416241634164416541664167416841694170417141724173417441754176417741784179418041814182418341844185418641874188418941904191419241934194419541964197419841994200420142024203420442054206420742084209421042114212421342144215421642174218421942204221422242234224422542264227422842294230423142324233423442354236423742384239424042414242424342444245424642474248424942504251425242534254425542564257425842594260426142624263426442654266426742684269427042714272427342744275427642774278427942804281428242834284428542864287428842894290429142924293429442954296429742984299430043014302430343044305430643074308430943104311431243134314431543164317431843194320432143224323432443254326432743284329433043314332433343344335433643374338433943404341434243434344434543464347434843494350435143524353435443554356435743584359436043614362436343644365436643674368436943704371437243734374437543764377437843794380438143824383438443854386438743884389439043914392439343944395439643974398439944004401440244034404440544064407440844094410441144124413441444154416441744184419442044214422442344244425442644274428442944304431443244334434443544364437443844394440444144424443444444454446444744484449445044514452445344544455445644574458445944604461446244634464446544664467446844694470447144724473447444754476447744784479448044814482448344844485448644874488448944904491449244934494449544964497449844994500450145024503450445054506450745084509451045114512451345144515451645174518451945204521452245234524452545264527452845294530453145324533453445354536453745384539454045414542454345444545454645474548454945504551455245534554455545564557455845594560456145624563456445654566456745684569457045714572457345744575457645774578457945804581458245834584458545864587458845894590459145924593459445954596459745984599460046014602460346044605460646074608460946104611461246134614461546164617461846194620462146224623462446254626462746284629463046314632463346344635463646374638463946404641464246434644464546464647464846494650465146524653465446554656465746584659466046614662466346644665466646674668466946704671467246734674467546764677467846794680468146824683468446854686468746884689469046914692469346944695469646974698469947004701470247034704470547064707470847094710471147124713471447154716471747184719472047214722472347244725472647274728472947304731473247334734473547364737473847394740474147424743474447454746474747484749475047514752475347544755475647574758475947604761476247634764476547664767476847694770477147724773477447754776477747784779478047814782478347844785478647874788478947904791479247934794479547964797479847994800480148024803480448054806480748084809481048114812481348144815481648174818481948204821482248234824482548264827482848294830483148324833483448354836483748384839484048414842484348444845484648474848484948504851485248534854485548564857485848594860486148624863486448654866486748684869487048714872487348744875487648774878487948804881488248834884488548864887488848894890489148924893489448954896489748984899490049014902490349044905490649074908490949104911491249134914491549164917491849194920492149224923492449254926492749284929493049314932493349344935493649374938493949404941494249434944494549464947494849494950495149524953495449554956495749584959496049614962496349644965496649674968496949704971497249734974497549764977497849794980498149824983498449854986498749884989499049914992499349944995499649974998499950005001500250035004500550065007500850095010501150125013501450155016501750185019502050215022502350245025502650275028502950305031503250335034503550365037503850395040504150425043504450455046504750485049505050515052505350545055505650575058505950605061506250635064506550665067506850695070507150725073507450755076507750785079508050815082508350845085508650875088508950905091509250935094509550965097509850995100510151025103510451055106510751085109511051115112511351145115511651175118511951205121512251235124
  1. <!doctype html>
  2. <html lang="en" class="no-js">
  3. <head>
  4. <meta charset="utf-8">
  5. <meta name="viewport" content="width=device-width,initial-scale=1">
  6. <link rel="prev" href="../pushsecrets/">
  7. <link rel="next" href="../security-best-practices/">
  8. <link rel="icon" href="../../pictures/eso-round-logo.svg">
  9. <meta name="generator" content="mkdocs-1.6.1, mkdocs-material-9.7.6">
  10. <title>Multi Tenancy - External Secrets Operator</title>
  11. <link rel="stylesheet" href="../../assets/stylesheets/main.484c7ddc.min.css">
  12. <link rel="stylesheet" href="../../assets/stylesheets/palette.ab4e12ef.min.css">
  13. <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
  14. <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
  15. <style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
  16. <script>__md_scope=new URL("../..",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
  17. <script id="__analytics">function __md_analytics(){function e(){dataLayer.push(arguments)}window.dataLayer=window.dataLayer||[],e("js",new Date),e("config","G-QP38TD8K7V"),document.addEventListener("DOMContentLoaded",(function(){document.forms.search&&document.forms.search.query.addEventListener("blur",(function(){this.value&&e("event","search",{search_term:this.value})}));document$.subscribe((function(){var t=document.forms.feedback;if(void 0!==t)for(var a of t.querySelectorAll("[type=submit]"))a.addEventListener("click",(function(a){a.preventDefault();var n=document.location.pathname,d=this.getAttribute("data-md-value");e("event","feedback",{page:n,data:d}),t.firstElementChild.disabled=!0;var r=t.querySelector(".md-feedback__note [data-md-value='"+d+"']");r&&(r.hidden=!1)})),t.hidden=!1})),location$.subscribe((function(t){e("config","G-QP38TD8K7V",{page_path:t.pathname})}))}));var t=document.createElement("script");t.async=!0,t.src="https://www.googletagmanager.com/gtag/js?id=G-QP38TD8K7V",document.getElementById("__analytics").insertAdjacentElement("afterEnd",t)}</script>
  18. <script>"undefined"!=typeof __md_analytics&&__md_analytics()</script>
  19. </head>
  20. <body dir="ltr" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo">
  21. <input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
  22. <input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
  23. <label class="md-overlay" for="__drawer"></label>
  24. <div data-md-component="skip">
  25. <a href="#shared-clustersecretstore" class="md-skip">
  26. Skip to content
  27. </a>
  28. </div>
  29. <div data-md-component="announce">
  30. </div>
  31. <div data-md-color-scheme="default" data-md-component="outdated" hidden>
  32. <aside class="md-banner md-banner--warning">
  33. <div class="md-banner__inner md-grid md-typeset">
  34. You're not viewing the latest version.
  35. <a href="../../..">
  36. <strong>Click here to go to latest.</strong>
  37. </a>
  38. </div>
  39. <script>var el=document.querySelector("[data-md-component=outdated]"),base=new URL("../.."),outdated=__md_get("__outdated",sessionStorage,base);!0===outdated&&el&&(el.hidden=!1)</script>
  40. </aside>
  41. </div>
  42. <header class="md-header" data-md-component="header">
  43. <nav class="md-header__inner md-grid" aria-label="Header">
  44. <a href="../.." title="External Secrets Operator" class="md-header__button md-logo" aria-label="External Secrets Operator" data-md-component="logo">
  45. <img src="../../pictures/eso-round-logo.svg" alt="logo">
  46. </a>
  47. <label class="md-header__button md-icon" for="__drawer">
  48. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg>
  49. </label>
  50. <div class="md-header__title" data-md-component="header-title">
  51. <div class="md-header__ellipsis">
  52. <div class="md-header__topic">
  53. <span class="md-ellipsis">
  54. External Secrets Operator
  55. </span>
  56. </div>
  57. <div class="md-header__topic" data-md-component="header-topic">
  58. <span class="md-ellipsis">
  59. Multi Tenancy
  60. </span>
  61. </div>
  62. </div>
  63. </div>
  64. <form class="md-header__option" data-md-component="palette">
  65. <input class="md-option" data-md-color-media="(prefers-color-scheme: light)" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo" aria-label="Switch to dark mode" type="radio" name="__palette" id="__palette_0">
  66. <label class="md-header__button md-icon" title="Switch to dark mode" for="__palette_1" hidden>
  67. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a4 4 0 0 0-4 4 4 4 0 0 0 4 4 4 4 0 0 0 4-4 4 4 0 0 0-4-4m0 10a6 6 0 0 1-6-6 6 6 0 0 1 6-6 6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12z"/></svg>
  68. </label>
  69. <input class="md-option" data-md-color-media="(prefers-color-scheme: dark)" data-md-color-scheme="slate" data-md-color-primary="indigo" data-md-color-accent="indigo" aria-label="Switch to light mode" type="radio" name="__palette" id="__palette_1">
  70. <label class="md-header__button md-icon" title="Switch to light mode" for="__palette_0" hidden>
  71. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 18c-.89 0-1.74-.2-2.5-.55C11.56 16.5 13 14.42 13 12s-1.44-4.5-3.5-5.45C10.26 6.2 11.11 6 12 6a6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12z"/></svg>
  72. </label>
  73. </form>
  74. <script>var palette=__md_get("__palette");if(palette&&palette.color){if("(prefers-color-scheme)"===palette.color.media){var media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']");palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent")}for(var[key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script>
  75. <label class="md-header__button md-icon" for="__search">
  76. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
  77. </label>
  78. <div class="md-search" data-md-component="search" role="dialog">
  79. <label class="md-search__overlay" for="__search"></label>
  80. <div class="md-search__inner" role="search">
  81. <form class="md-search__form" name="search">
  82. <input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
  83. <label class="md-search__icon md-icon" for="__search">
  84. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
  85. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg>
  86. </label>
  87. <nav class="md-search__options" aria-label="Search">
  88. <button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
  89. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/></svg>
  90. </button>
  91. </nav>
  92. </form>
  93. <div class="md-search__output">
  94. <div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix>
  95. <div class="md-search-result" data-md-component="search-result">
  96. <div class="md-search-result__meta">
  97. Initializing search
  98. </div>
  99. <ol class="md-search-result__list" role="presentation"></ol>
  100. </div>
  101. </div>
  102. </div>
  103. </div>
  104. </div>
  105. <div class="md-header__source">
  106. <a href="https://github.com/external-secrets/external-secrets" title="Go to repository" class="md-source" data-md-component="source">
  107. <div class="md-source__icon md-icon">
  108. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M439.6 236.1 244 40.5c-5.4-5.5-12.8-8.5-20.4-8.5s-15 3-20.4 8.4L162.5 81l51.5 51.5c27.1-9.1 52.7 16.8 43.4 43.7l49.7 49.7c34.2-11.8 61.2 31 35.5 56.7-26.5 26.5-70.2-2.9-56-37.3L240.3 199v121.9c25.3 12.5 22.3 41.8 9.1 55-6.4 6.4-15.2 10.1-24.3 10.1s-17.8-3.6-24.3-10.1c-17.6-17.6-11.1-46.9 11.2-56v-123c-20.8-8.5-24.6-30.7-18.6-45L142.6 101 8.5 235.1C3 240.6 0 247.9 0 255.5s3 15 8.5 20.4l195.6 195.7c5.4 5.4 12.7 8.4 20.4 8.4s15-3 20.4-8.4l194.7-194.7c5.4-5.4 8.4-12.8 8.4-20.4s-3-15-8.4-20.4"/></svg>
  109. </div>
  110. <div class="md-source__repository">
  111. External Secrets Operator
  112. </div>
  113. </a>
  114. </div>
  115. </nav>
  116. </header>
  117. <div class="md-container" data-md-component="container">
  118. <nav class="md-tabs" aria-label="Tabs" data-md-component="tabs">
  119. <div class="md-grid">
  120. <ul class="md-tabs__list">
  121. <li class="md-tabs__item">
  122. <a href="../.." class="md-tabs__link">
  123. Introduction
  124. </a>
  125. </li>
  126. <li class="md-tabs__item">
  127. <a href="../../api/components/" class="md-tabs__link">
  128. API
  129. </a>
  130. </li>
  131. <li class="md-tabs__item md-tabs__item--active">
  132. <a href="../introduction/" class="md-tabs__link">
  133. Guides
  134. </a>
  135. </li>
  136. <li class="md-tabs__item">
  137. <a href="../../provider/aws-secrets-manager/" class="md-tabs__link">
  138. Provider
  139. </a>
  140. </li>
  141. <li class="md-tabs__item">
  142. <a href="../../examples/gitops-using-fluxcd/" class="md-tabs__link">
  143. Examples
  144. </a>
  145. </li>
  146. <li class="md-tabs__item">
  147. <a href="../../contributing/devguide/" class="md-tabs__link">
  148. Community
  149. </a>
  150. </li>
  151. </ul>
  152. </div>
  153. </nav>
  154. <main class="md-main" data-md-component="main">
  155. <div class="md-main__inner md-grid">
  156. <div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
  157. <div class="md-sidebar__scrollwrap">
  158. <div class="md-sidebar__inner">
  159. <nav class="md-nav md-nav--primary md-nav--lifted" aria-label="Navigation" data-md-level="0">
  160. <label class="md-nav__title" for="__drawer">
  161. <a href="../.." title="External Secrets Operator" class="md-nav__button md-logo" aria-label="External Secrets Operator" data-md-component="logo">
  162. <img src="../../pictures/eso-round-logo.svg" alt="logo">
  163. </a>
  164. External Secrets Operator
  165. </label>
  166. <div class="md-nav__source">
  167. <a href="https://github.com/external-secrets/external-secrets" title="Go to repository" class="md-source" data-md-component="source">
  168. <div class="md-source__icon md-icon">
  169. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M439.6 236.1 244 40.5c-5.4-5.5-12.8-8.5-20.4-8.5s-15 3-20.4 8.4L162.5 81l51.5 51.5c27.1-9.1 52.7 16.8 43.4 43.7l49.7 49.7c34.2-11.8 61.2 31 35.5 56.7-26.5 26.5-70.2-2.9-56-37.3L240.3 199v121.9c25.3 12.5 22.3 41.8 9.1 55-6.4 6.4-15.2 10.1-24.3 10.1s-17.8-3.6-24.3-10.1c-17.6-17.6-11.1-46.9 11.2-56v-123c-20.8-8.5-24.6-30.7-18.6-45L142.6 101 8.5 235.1C3 240.6 0 247.9 0 255.5s3 15 8.5 20.4l195.6 195.7c5.4 5.4 12.7 8.4 20.4 8.4s15-3 20.4-8.4l194.7-194.7c5.4-5.4 8.4-12.8 8.4-20.4s-3-15-8.4-20.4"/></svg>
  170. </div>
  171. <div class="md-source__repository">
  172. External Secrets Operator
  173. </div>
  174. </a>
  175. </div>
  176. <ul class="md-nav__list" data-md-scrollfix>
  177. <li class="md-nav__item md-nav__item--nested">
  178. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_1" >
  179. <div class="md-nav__link md-nav__container">
  180. <a href="../.." class="md-nav__link ">
  181. <span class="md-ellipsis">
  182. Introduction
  183. </span>
  184. </a>
  185. <label class="md-nav__link " for="__nav_1" id="__nav_1_label" tabindex="0">
  186. <span class="md-nav__icon md-icon"></span>
  187. </label>
  188. </div>
  189. <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_1_label" aria-expanded="false">
  190. <label class="md-nav__title" for="__nav_1">
  191. <span class="md-nav__icon md-icon"></span>
  192. Introduction
  193. </label>
  194. <ul class="md-nav__list" data-md-scrollfix>
  195. <li class="md-nav__item">
  196. <a href="../../introduction/overview/" class="md-nav__link">
  197. <span class="md-ellipsis">
  198. Overview
  199. </span>
  200. </a>
  201. </li>
  202. <li class="md-nav__item">
  203. <a href="../../introduction/glossary/" class="md-nav__link">
  204. <span class="md-ellipsis">
  205. Glossary
  206. </span>
  207. </a>
  208. </li>
  209. <li class="md-nav__item">
  210. <a href="../../introduction/prerequisites/" class="md-nav__link">
  211. <span class="md-ellipsis">
  212. Prerequisites
  213. </span>
  214. </a>
  215. </li>
  216. <li class="md-nav__item">
  217. <a href="../../introduction/getting-started/" class="md-nav__link">
  218. <span class="md-ellipsis">
  219. Getting started
  220. </span>
  221. </a>
  222. </li>
  223. <li class="md-nav__item">
  224. <a href="../../introduction/faq/" class="md-nav__link">
  225. <span class="md-ellipsis">
  226. FAQ
  227. </span>
  228. </a>
  229. </li>
  230. <li class="md-nav__item">
  231. <a href="../../introduction/stability-support/" class="md-nav__link">
  232. <span class="md-ellipsis">
  233. Stability and Support
  234. </span>
  235. </a>
  236. </li>
  237. <li class="md-nav__item">
  238. <a href="../../introduction/deprecation-policy/" class="md-nav__link">
  239. <span class="md-ellipsis">
  240. Deprecation Policy
  241. </span>
  242. </a>
  243. </li>
  244. </ul>
  245. </nav>
  246. </li>
  247. <li class="md-nav__item md-nav__item--nested">
  248. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_2" >
  249. <label class="md-nav__link" for="__nav_2" id="__nav_2_label" tabindex="0">
  250. <span class="md-ellipsis">
  251. API
  252. </span>
  253. <span class="md-nav__icon md-icon"></span>
  254. </label>
  255. <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_2_label" aria-expanded="false">
  256. <label class="md-nav__title" for="__nav_2">
  257. <span class="md-nav__icon md-icon"></span>
  258. API
  259. </label>
  260. <ul class="md-nav__list" data-md-scrollfix>
  261. <li class="md-nav__item">
  262. <a href="../../api/components/" class="md-nav__link">
  263. <span class="md-ellipsis">
  264. Components
  265. </span>
  266. </a>
  267. </li>
  268. <li class="md-nav__item md-nav__item--nested">
  269. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_2_2" >
  270. <label class="md-nav__link" for="__nav_2_2" id="__nav_2_2_label" tabindex="0">
  271. <span class="md-ellipsis">
  272. Core Resources
  273. </span>
  274. <span class="md-nav__icon md-icon"></span>
  275. </label>
  276. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_2_2_label" aria-expanded="false">
  277. <label class="md-nav__title" for="__nav_2_2">
  278. <span class="md-nav__icon md-icon"></span>
  279. Core Resources
  280. </label>
  281. <ul class="md-nav__list" data-md-scrollfix>
  282. <li class="md-nav__item">
  283. <a href="../../api/externalsecret/" class="md-nav__link">
  284. <span class="md-ellipsis">
  285. ExternalSecret
  286. </span>
  287. </a>
  288. </li>
  289. <li class="md-nav__item">
  290. <a href="../../api/secretstore/" class="md-nav__link">
  291. <span class="md-ellipsis">
  292. SecretStore
  293. </span>
  294. </a>
  295. </li>
  296. <li class="md-nav__item">
  297. <a href="../../api/clustersecretstore/" class="md-nav__link">
  298. <span class="md-ellipsis">
  299. ClusterSecretStore
  300. </span>
  301. </a>
  302. </li>
  303. <li class="md-nav__item">
  304. <a href="../../api/clusterexternalsecret/" class="md-nav__link">
  305. <span class="md-ellipsis">
  306. ClusterExternalSecret
  307. </span>
  308. </a>
  309. </li>
  310. <li class="md-nav__item">
  311. <a href="../../api/clusterpushsecret/" class="md-nav__link">
  312. <span class="md-ellipsis">
  313. ClusterPushSecret
  314. </span>
  315. </a>
  316. </li>
  317. <li class="md-nav__item">
  318. <a href="../../api/pushsecret/" class="md-nav__link">
  319. <span class="md-ellipsis">
  320. PushSecret
  321. </span>
  322. </a>
  323. </li>
  324. </ul>
  325. </nav>
  326. </li>
  327. <li class="md-nav__item md-nav__item--nested">
  328. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_2_3" >
  329. <div class="md-nav__link md-nav__container">
  330. <a href="../../api/generator/" class="md-nav__link ">
  331. <span class="md-ellipsis">
  332. Generators
  333. </span>
  334. </a>
  335. <label class="md-nav__link " for="__nav_2_3" id="__nav_2_3_label" tabindex="0">
  336. <span class="md-nav__icon md-icon"></span>
  337. </label>
  338. </div>
  339. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_2_3_label" aria-expanded="false">
  340. <label class="md-nav__title" for="__nav_2_3">
  341. <span class="md-nav__icon md-icon"></span>
  342. Generators
  343. </label>
  344. <ul class="md-nav__list" data-md-scrollfix>
  345. <li class="md-nav__item">
  346. <a href="../../api/generator/acr/" class="md-nav__link">
  347. <span class="md-ellipsis">
  348. Azure Container Registry
  349. </span>
  350. </a>
  351. </li>
  352. <li class="md-nav__item">
  353. <a href="../../api/generator/ecr/" class="md-nav__link">
  354. <span class="md-ellipsis">
  355. AWS Elastic Container Registry
  356. </span>
  357. </a>
  358. </li>
  359. <li class="md-nav__item">
  360. <a href="../../api/generator/sts/" class="md-nav__link">
  361. <span class="md-ellipsis">
  362. AWS STS Session Token
  363. </span>
  364. </a>
  365. </li>
  366. <li class="md-nav__item">
  367. <a href="../../api/generator/cloudsmith/" class="md-nav__link">
  368. <span class="md-ellipsis">
  369. Cloudsmith
  370. </span>
  371. </a>
  372. </li>
  373. <li class="md-nav__item">
  374. <a href="../../api/generator/cluster/" class="md-nav__link">
  375. <span class="md-ellipsis">
  376. Cluster Generator
  377. </span>
  378. </a>
  379. </li>
  380. <li class="md-nav__item">
  381. <a href="../../api/generator/gcr/" class="md-nav__link">
  382. <span class="md-ellipsis">
  383. Google Container Registry
  384. </span>
  385. </a>
  386. </li>
  387. <li class="md-nav__item">
  388. <a href="../../api/generator/grafana/" class="md-nav__link">
  389. <span class="md-ellipsis">
  390. Grafana
  391. </span>
  392. </a>
  393. </li>
  394. <li class="md-nav__item">
  395. <a href="../../api/generator/quay/" class="md-nav__link">
  396. <span class="md-ellipsis">
  397. Quay
  398. </span>
  399. </a>
  400. </li>
  401. <li class="md-nav__item">
  402. <a href="../../api/generator/vault/" class="md-nav__link">
  403. <span class="md-ellipsis">
  404. Vault Dynamic Secret
  405. </span>
  406. </a>
  407. </li>
  408. <li class="md-nav__item">
  409. <a href="../../api/generator/password/" class="md-nav__link">
  410. <span class="md-ellipsis">
  411. Password
  412. </span>
  413. </a>
  414. </li>
  415. <li class="md-nav__item">
  416. <a href="../../api/generator/fake/" class="md-nav__link">
  417. <span class="md-ellipsis">
  418. Fake
  419. </span>
  420. </a>
  421. </li>
  422. <li class="md-nav__item">
  423. <a href="../../api/generator/webhook/" class="md-nav__link">
  424. <span class="md-ellipsis">
  425. Webhook
  426. </span>
  427. </a>
  428. </li>
  429. <li class="md-nav__item">
  430. <a href="../../api/generator/github/" class="md-nav__link">
  431. <span class="md-ellipsis">
  432. Github
  433. </span>
  434. </a>
  435. </li>
  436. <li class="md-nav__item">
  437. <a href="../../api/generator/gitlab/" class="md-nav__link">
  438. <span class="md-ellipsis">
  439. Gitlab
  440. </span>
  441. </a>
  442. </li>
  443. <li class="md-nav__item">
  444. <a href="../../api/generator/uuid/" class="md-nav__link">
  445. <span class="md-ellipsis">
  446. UUID
  447. </span>
  448. </a>
  449. </li>
  450. <li class="md-nav__item">
  451. <a href="../../api/generator/mfa/" class="md-nav__link">
  452. <span class="md-ellipsis">
  453. MFA
  454. </span>
  455. </a>
  456. </li>
  457. <li class="md-nav__item">
  458. <a href="../../api/generator/sshkey/" class="md-nav__link">
  459. <span class="md-ellipsis">
  460. SSHKey
  461. </span>
  462. </a>
  463. </li>
  464. </ul>
  465. </nav>
  466. </li>
  467. <li class="md-nav__item md-nav__item--nested">
  468. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_2_4" >
  469. <label class="md-nav__link" for="__nav_2_4" id="__nav_2_4_label" tabindex="0">
  470. <span class="md-ellipsis">
  471. Reference Docs
  472. </span>
  473. <span class="md-nav__icon md-icon"></span>
  474. </label>
  475. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_2_4_label" aria-expanded="false">
  476. <label class="md-nav__title" for="__nav_2_4">
  477. <span class="md-nav__icon md-icon"></span>
  478. Reference Docs
  479. </label>
  480. <ul class="md-nav__list" data-md-scrollfix>
  481. <li class="md-nav__item">
  482. <a href="../../api/spec/" class="md-nav__link">
  483. <span class="md-ellipsis">
  484. API specification
  485. </span>
  486. </a>
  487. </li>
  488. <li class="md-nav__item">
  489. <a href="../../api/controller-options/" class="md-nav__link">
  490. <span class="md-ellipsis">
  491. Controller Options
  492. </span>
  493. </a>
  494. </li>
  495. <li class="md-nav__item">
  496. <a href="../../api/metrics/" class="md-nav__link">
  497. <span class="md-ellipsis">
  498. Metrics
  499. </span>
  500. </a>
  501. </li>
  502. <li class="md-nav__item">
  503. <a href="../../api/selectable-fields/" class="md-nav__link">
  504. <span class="md-ellipsis">
  505. Selectable Fields
  506. </span>
  507. </a>
  508. </li>
  509. </ul>
  510. </nav>
  511. </li>
  512. </ul>
  513. </nav>
  514. </li>
  515. <li class="md-nav__item md-nav__item--active md-nav__item--section md-nav__item--nested">
  516. <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3" checked>
  517. <label class="md-nav__link" for="__nav_3" id="__nav_3_label" tabindex="">
  518. <span class="md-ellipsis">
  519. Guides
  520. </span>
  521. <span class="md-nav__icon md-icon"></span>
  522. </label>
  523. <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_3_label" aria-expanded="true">
  524. <label class="md-nav__title" for="__nav_3">
  525. <span class="md-nav__icon md-icon"></span>
  526. Guides
  527. </label>
  528. <ul class="md-nav__list" data-md-scrollfix>
  529. <li class="md-nav__item">
  530. <a href="../introduction/" class="md-nav__link">
  531. <span class="md-ellipsis">
  532. Introduction
  533. </span>
  534. </a>
  535. </li>
  536. <li class="md-nav__item md-nav__item--nested">
  537. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_3_2" >
  538. <label class="md-nav__link" for="__nav_3_2" id="__nav_3_2_label" tabindex="0">
  539. <span class="md-ellipsis">
  540. External Secrets
  541. </span>
  542. <span class="md-nav__icon md-icon"></span>
  543. </label>
  544. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_2_label" aria-expanded="false">
  545. <label class="md-nav__title" for="__nav_3_2">
  546. <span class="md-nav__icon md-icon"></span>
  547. External Secrets
  548. </label>
  549. <ul class="md-nav__list" data-md-scrollfix>
  550. <li class="md-nav__item">
  551. <a href="../all-keys-one-secret/" class="md-nav__link">
  552. <span class="md-ellipsis">
  553. Extract structured data
  554. </span>
  555. </a>
  556. </li>
  557. <li class="md-nav__item">
  558. <a href="../getallsecrets/" class="md-nav__link">
  559. <span class="md-ellipsis">
  560. Find Secrets by Name or Metadata
  561. </span>
  562. </a>
  563. </li>
  564. <li class="md-nav__item">
  565. <a href="../datafrom-rewrite/" class="md-nav__link">
  566. <span class="md-ellipsis">
  567. Rewriting Keys
  568. </span>
  569. </a>
  570. </li>
  571. <li class="md-nav__item md-nav__item--nested">
  572. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_3_2_4" >
  573. <label class="md-nav__link" for="__nav_3_2_4" id="__nav_3_2_4_label" tabindex="0">
  574. <span class="md-ellipsis">
  575. Advanced Templating
  576. </span>
  577. <span class="md-nav__icon md-icon"></span>
  578. </label>
  579. <nav class="md-nav" data-md-level="3" aria-labelledby="__nav_3_2_4_label" aria-expanded="false">
  580. <label class="md-nav__title" for="__nav_3_2_4">
  581. <span class="md-nav__icon md-icon"></span>
  582. Advanced Templating
  583. </label>
  584. <ul class="md-nav__list" data-md-scrollfix>
  585. <li class="md-nav__item">
  586. <a href="../templating/" class="md-nav__link">
  587. <span class="md-ellipsis">
  588. v2
  589. </span>
  590. </a>
  591. </li>
  592. <li class="md-nav__item">
  593. <a href="../templating-v1/" class="md-nav__link">
  594. <span class="md-ellipsis">
  595. v1
  596. </span>
  597. </a>
  598. </li>
  599. </ul>
  600. </nav>
  601. </li>
  602. <li class="md-nav__item">
  603. <a href="../common-k8s-secret-types/" class="md-nav__link">
  604. <span class="md-ellipsis">
  605. Kubernetes Secret Types
  606. </span>
  607. </a>
  608. </li>
  609. <li class="md-nav__item">
  610. <a href="../ownership-deletion-policy/" class="md-nav__link">
  611. <span class="md-ellipsis">
  612. Lifecycle: ownership & deletion
  613. </span>
  614. </a>
  615. </li>
  616. <li class="md-nav__item">
  617. <a href="../decoding-strategy/" class="md-nav__link">
  618. <span class="md-ellipsis">
  619. Decoding Strategies
  620. </span>
  621. </a>
  622. </li>
  623. <li class="md-nav__item">
  624. <a href="../controller-class/" class="md-nav__link">
  625. <span class="md-ellipsis">
  626. Controller Classes
  627. </span>
  628. </a>
  629. </li>
  630. </ul>
  631. </nav>
  632. </li>
  633. <li class="md-nav__item">
  634. <a href="../targeting-custom-resources/" class="md-nav__link">
  635. <span class="md-ellipsis">
  636. Targeting Custom Resources
  637. </span>
  638. </a>
  639. </li>
  640. <li class="md-nav__item">
  641. <a href="../generator/" class="md-nav__link">
  642. <span class="md-ellipsis">
  643. Generators
  644. </span>
  645. </a>
  646. </li>
  647. <li class="md-nav__item">
  648. <a href="../pushsecrets/" class="md-nav__link">
  649. <span class="md-ellipsis">
  650. Push Secrets
  651. </span>
  652. </a>
  653. </li>
  654. <li class="md-nav__item md-nav__item--active md-nav__item--nested">
  655. <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_6" checked>
  656. <label class="md-nav__link" for="__nav_3_6" id="__nav_3_6_label" tabindex="0">
  657. <span class="md-ellipsis">
  658. Operations
  659. </span>
  660. <span class="md-nav__icon md-icon"></span>
  661. </label>
  662. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_6_label" aria-expanded="true">
  663. <label class="md-nav__title" for="__nav_3_6">
  664. <span class="md-nav__icon md-icon"></span>
  665. Operations
  666. </label>
  667. <ul class="md-nav__list" data-md-scrollfix>
  668. <li class="md-nav__item md-nav__item--active">
  669. <input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
  670. <label class="md-nav__link md-nav__link--active" for="__toc">
  671. <span class="md-ellipsis">
  672. Multi Tenancy
  673. </span>
  674. <span class="md-nav__icon md-icon"></span>
  675. </label>
  676. <a href="./" class="md-nav__link md-nav__link--active">
  677. <span class="md-ellipsis">
  678. Multi Tenancy
  679. </span>
  680. </a>
  681. <nav class="md-nav md-nav--secondary" aria-label="Table of contents">
  682. <label class="md-nav__title" for="__toc">
  683. <span class="md-nav__icon md-icon"></span>
  684. Table of contents
  685. </label>
  686. <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
  687. <li class="md-nav__item">
  688. <a href="#shared-clustersecretstore" class="md-nav__link">
  689. <span class="md-ellipsis">
  690. Shared ClusterSecretStore
  691. </span>
  692. </a>
  693. </li>
  694. <li class="md-nav__item">
  695. <a href="#managed-secretstore-per-namespace" class="md-nav__link">
  696. <span class="md-ellipsis">
  697. Managed SecretStore per Namespace
  698. </span>
  699. </a>
  700. </li>
  701. <li class="md-nav__item">
  702. <a href="#eso-as-a-service" class="md-nav__link">
  703. <span class="md-ellipsis">
  704. ESO as a Service
  705. </span>
  706. </a>
  707. </li>
  708. </ul>
  709. </nav>
  710. </li>
  711. <li class="md-nav__item">
  712. <a href="../security-best-practices/" class="md-nav__link">
  713. <span class="md-ellipsis">
  714. Security Best Practices
  715. </span>
  716. </a>
  717. </li>
  718. <li class="md-nav__item">
  719. <a href="../threat-model/" class="md-nav__link">
  720. <span class="md-ellipsis">
  721. Threat Model
  722. </span>
  723. </a>
  724. </li>
  725. <li class="md-nav__item">
  726. <a href="../v1beta1/" class="md-nav__link">
  727. <span class="md-ellipsis">
  728. Upgrading to v1beta1
  729. </span>
  730. </a>
  731. </li>
  732. <li class="md-nav__item">
  733. <a href="../using-latest-image/" class="md-nav__link">
  734. <span class="md-ellipsis">
  735. Using Latest Image
  736. </span>
  737. </a>
  738. </li>
  739. <li class="md-nav__item">
  740. <a href="../disable-cluster-features/" class="md-nav__link">
  741. <span class="md-ellipsis">
  742. Disable Cluster Features
  743. </span>
  744. </a>
  745. </li>
  746. </ul>
  747. </nav>
  748. </li>
  749. <li class="md-nav__item md-nav__item--nested">
  750. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_3_7" >
  751. <label class="md-nav__link" for="__nav_3_7" id="__nav_3_7_label" tabindex="0">
  752. <span class="md-ellipsis">
  753. Tooling
  754. </span>
  755. <span class="md-nav__icon md-icon"></span>
  756. </label>
  757. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_7_label" aria-expanded="false">
  758. <label class="md-nav__title" for="__nav_3_7">
  759. <span class="md-nav__icon md-icon"></span>
  760. Tooling
  761. </label>
  762. <ul class="md-nav__list" data-md-scrollfix>
  763. <li class="md-nav__item">
  764. <a href="../using-esoctl-tool/" class="md-nav__link">
  765. <span class="md-ellipsis">
  766. Using the esoctl tool
  767. </span>
  768. </a>
  769. </li>
  770. </ul>
  771. </nav>
  772. </li>
  773. </ul>
  774. </nav>
  775. </li>
  776. <li class="md-nav__item md-nav__item--nested">
  777. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_4" >
  778. <label class="md-nav__link" for="__nav_4" id="__nav_4_label" tabindex="0">
  779. <span class="md-ellipsis">
  780. Provider
  781. </span>
  782. <span class="md-nav__icon md-icon"></span>
  783. </label>
  784. <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_4_label" aria-expanded="false">
  785. <label class="md-nav__title" for="__nav_4">
  786. <span class="md-nav__icon md-icon"></span>
  787. Provider
  788. </label>
  789. <ul class="md-nav__list" data-md-scrollfix>
  790. <li class="md-nav__item">
  791. <a href="../../provider/aws-secrets-manager/" class="md-nav__link">
  792. <span class="md-ellipsis">
  793. AWS Secrets Manager
  794. </span>
  795. </a>
  796. </li>
  797. <li class="md-nav__item">
  798. <a href="../../provider/aws-parameter-store/" class="md-nav__link">
  799. <span class="md-ellipsis">
  800. AWS Parameter Store
  801. </span>
  802. </a>
  803. </li>
  804. <li class="md-nav__item">
  805. <a href="../../provider/aws-access/" class="md-nav__link">
  806. <span class="md-ellipsis">
  807. AWS Access
  808. </span>
  809. </a>
  810. </li>
  811. <li class="md-nav__item">
  812. <a href="../../provider/azure-key-vault/" class="md-nav__link">
  813. <span class="md-ellipsis">
  814. Azure Key Vault
  815. </span>
  816. </a>
  817. </li>
  818. <li class="md-nav__item">
  819. <a href="../../provider/barbican/" class="md-nav__link">
  820. <span class="md-ellipsis">
  821. Barbican
  822. </span>
  823. </a>
  824. </li>
  825. <li class="md-nav__item">
  826. <a href="../../provider/beyondtrust/" class="md-nav__link">
  827. <span class="md-ellipsis">
  828. BeyondTrust
  829. </span>
  830. </a>
  831. </li>
  832. <li class="md-nav__item">
  833. <a href="../../provider/bitwarden-secrets-manager/" class="md-nav__link">
  834. <span class="md-ellipsis">
  835. Bitwarden Secrets Manager
  836. </span>
  837. </a>
  838. </li>
  839. <li class="md-nav__item">
  840. <a href="../../provider/chef/" class="md-nav__link">
  841. <span class="md-ellipsis">
  842. Chef
  843. </span>
  844. </a>
  845. </li>
  846. <li class="md-nav__item">
  847. <a href="../../provider/cloudru/" class="md-nav__link">
  848. <span class="md-ellipsis">
  849. Cloud.ru Secret Manager
  850. </span>
  851. </a>
  852. </li>
  853. <li class="md-nav__item">
  854. <a href="../../provider/conjur/" class="md-nav__link">
  855. <span class="md-ellipsis">
  856. CyberArk Conjur
  857. </span>
  858. </a>
  859. </li>
  860. <li class="md-nav__item">
  861. <a href="../../provider/google-secrets-manager/" class="md-nav__link">
  862. <span class="md-ellipsis">
  863. Google Cloud Secret Manager
  864. </span>
  865. </a>
  866. </li>
  867. <li class="md-nav__item">
  868. <a href="../../provider/hashicorp-vault/" class="md-nav__link">
  869. <span class="md-ellipsis">
  870. HashiCorp Vault
  871. </span>
  872. </a>
  873. </li>
  874. <li class="md-nav__item">
  875. <a href="../../provider/kubernetes/" class="md-nav__link">
  876. <span class="md-ellipsis">
  877. Kubernetes
  878. </span>
  879. </a>
  880. </li>
  881. <li class="md-nav__item">
  882. <a href="../../provider/ibm-secrets-manager/" class="md-nav__link">
  883. <span class="md-ellipsis">
  884. IBM Secrets Manager
  885. </span>
  886. </a>
  887. </li>
  888. <li class="md-nav__item">
  889. <a href="../../provider/akeyless/" class="md-nav__link">
  890. <span class="md-ellipsis">
  891. Akeyless
  892. </span>
  893. </a>
  894. </li>
  895. <li class="md-nav__item">
  896. <a href="../../provider/yandex-certificate-manager/" class="md-nav__link">
  897. <span class="md-ellipsis">
  898. Yandex Certificate Manager
  899. </span>
  900. </a>
  901. </li>
  902. <li class="md-nav__item">
  903. <a href="../../provider/yandex-lockbox/" class="md-nav__link">
  904. <span class="md-ellipsis">
  905. Yandex Lockbox
  906. </span>
  907. </a>
  908. </li>
  909. <li class="md-nav__item">
  910. <a href="../../provider/gitlab-variables/" class="md-nav__link">
  911. <span class="md-ellipsis">
  912. GitLab Variables
  913. </span>
  914. </a>
  915. </li>
  916. <li class="md-nav__item">
  917. <a href="../../provider/github/" class="md-nav__link">
  918. <span class="md-ellipsis">
  919. Github Actions Secrets
  920. </span>
  921. </a>
  922. </li>
  923. <li class="md-nav__item">
  924. <a href="../../provider/oracle-vault/" class="md-nav__link">
  925. <span class="md-ellipsis">
  926. Oracle Vault
  927. </span>
  928. </a>
  929. </li>
  930. <li class="md-nav__item">
  931. <a href="../../provider/ovhcloud/" class="md-nav__link">
  932. <span class="md-ellipsis">
  933. OVHcloud
  934. </span>
  935. </a>
  936. </li>
  937. <li class="md-nav__item">
  938. <a href="../../provider/1password-automation/" class="md-nav__link">
  939. <span class="md-ellipsis">
  940. 1Password Connect Server
  941. </span>
  942. </a>
  943. </li>
  944. <li class="md-nav__item">
  945. <a href="../../provider/1password-sdk/" class="md-nav__link">
  946. <span class="md-ellipsis">
  947. 1Password SDK
  948. </span>
  949. </a>
  950. </li>
  951. <li class="md-nav__item">
  952. <a href="../../provider/webhook/" class="md-nav__link">
  953. <span class="md-ellipsis">
  954. Webhook
  955. </span>
  956. </a>
  957. </li>
  958. <li class="md-nav__item">
  959. <a href="../../provider/fake/" class="md-nav__link">
  960. <span class="md-ellipsis">
  961. Fake
  962. </span>
  963. </a>
  964. </li>
  965. <li class="md-nav__item">
  966. <a href="../../provider/senhasegura-dsm/" class="md-nav__link">
  967. <span class="md-ellipsis">
  968. senhasegura DevOps Secrets Management (DSM)
  969. </span>
  970. </a>
  971. </li>
  972. <li class="md-nav__item">
  973. <a href="../../provider/doppler/" class="md-nav__link">
  974. <span class="md-ellipsis">
  975. Doppler
  976. </span>
  977. </a>
  978. </li>
  979. <li class="md-nav__item">
  980. <a href="../../provider/keeper-security/" class="md-nav__link">
  981. <span class="md-ellipsis">
  982. Keeper Security
  983. </span>
  984. </a>
  985. </li>
  986. <li class="md-nav__item">
  987. <a href="../../provider/cloak/" class="md-nav__link">
  988. <span class="md-ellipsis">
  989. Cloak End 2 End Encrypted Secrets
  990. </span>
  991. </a>
  992. </li>
  993. <li class="md-nav__item">
  994. <a href="../../provider/scaleway/" class="md-nav__link">
  995. <span class="md-ellipsis">
  996. Scaleway
  997. </span>
  998. </a>
  999. </li>
  1000. <li class="md-nav__item">
  1001. <a href="../../provider/delinea/" class="md-nav__link">
  1002. <span class="md-ellipsis">
  1003. Delinea
  1004. </span>
  1005. </a>
  1006. </li>
  1007. <li class="md-nav__item">
  1008. <a href="../../provider/secretserver/" class="md-nav__link">
  1009. <span class="md-ellipsis">
  1010. Secret Server
  1011. </span>
  1012. </a>
  1013. </li>
  1014. <li class="md-nav__item">
  1015. <a href="../../provider/passbolt/" class="md-nav__link">
  1016. <span class="md-ellipsis">
  1017. Passbolt
  1018. </span>
  1019. </a>
  1020. </li>
  1021. <li class="md-nav__item">
  1022. <a href="../../provider/pulumi/" class="md-nav__link">
  1023. <span class="md-ellipsis">
  1024. Pulumi ESC
  1025. </span>
  1026. </a>
  1027. </li>
  1028. <li class="md-nav__item">
  1029. <a href="../../provider/onboardbase/" class="md-nav__link">
  1030. <span class="md-ellipsis">
  1031. Onboardbase
  1032. </span>
  1033. </a>
  1034. </li>
  1035. <li class="md-nav__item">
  1036. <a href="../../provider-passworddepot/" class="md-nav__link">
  1037. <span class="md-ellipsis">
  1038. Password Depot
  1039. </span>
  1040. </a>
  1041. </li>
  1042. <li class="md-nav__item">
  1043. <a href="../../provider/fortanix/" class="md-nav__link">
  1044. <span class="md-ellipsis">
  1045. Fortanix
  1046. </span>
  1047. </a>
  1048. </li>
  1049. <li class="md-nav__item">
  1050. <a href="../../provider/infisical/" class="md-nav__link">
  1051. <span class="md-ellipsis">
  1052. Infisical
  1053. </span>
  1054. </a>
  1055. </li>
  1056. <li class="md-nav__item">
  1057. <a href="../../provider/previder/" class="md-nav__link">
  1058. <span class="md-ellipsis">
  1059. Previder
  1060. </span>
  1061. </a>
  1062. </li>
  1063. <li class="md-nav__item">
  1064. <a href="../../provider/openbao/" class="md-nav__link">
  1065. <span class="md-ellipsis">
  1066. OpenBao
  1067. </span>
  1068. </a>
  1069. </li>
  1070. <li class="md-nav__item">
  1071. <a href="../../provider/volcengine/" class="md-nav__link">
  1072. <span class="md-ellipsis">
  1073. Volcengine
  1074. </span>
  1075. </a>
  1076. </li>
  1077. <li class="md-nav__item">
  1078. <a href="../../provider/ngrok/" class="md-nav__link">
  1079. <span class="md-ellipsis">
  1080. ngrok
  1081. </span>
  1082. </a>
  1083. </li>
  1084. <li class="md-nav__item">
  1085. <a href="../../provider/devolutions-server/" class="md-nav__link">
  1086. <span class="md-ellipsis">
  1087. Devolutions Server
  1088. </span>
  1089. </a>
  1090. </li>
  1091. <li class="md-nav__item">
  1092. <a href="../../provider/nebius-mysterybox/" class="md-nav__link">
  1093. <span class="md-ellipsis">
  1094. Nebius MysteryBox
  1095. </span>
  1096. </a>
  1097. </li>
  1098. </ul>
  1099. </nav>
  1100. </li>
  1101. <li class="md-nav__item md-nav__item--nested">
  1102. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_5" >
  1103. <label class="md-nav__link" for="__nav_5" id="__nav_5_label" tabindex="0">
  1104. <span class="md-ellipsis">
  1105. Examples
  1106. </span>
  1107. <span class="md-nav__icon md-icon"></span>
  1108. </label>
  1109. <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_5_label" aria-expanded="false">
  1110. <label class="md-nav__title" for="__nav_5">
  1111. <span class="md-nav__icon md-icon"></span>
  1112. Examples
  1113. </label>
  1114. <ul class="md-nav__list" data-md-scrollfix>
  1115. <li class="md-nav__item">
  1116. <a href="../../examples/gitops-using-fluxcd/" class="md-nav__link">
  1117. <span class="md-ellipsis">
  1118. FluxCD
  1119. </span>
  1120. </a>
  1121. </li>
  1122. <li class="md-nav__item">
  1123. <a href="../../examples/anchore-engine-credentials/" class="md-nav__link">
  1124. <span class="md-ellipsis">
  1125. Anchore Engine
  1126. </span>
  1127. </a>
  1128. </li>
  1129. <li class="md-nav__item">
  1130. <a href="../../examples/jenkins-kubernetes-credentials/" class="md-nav__link">
  1131. <span class="md-ellipsis">
  1132. Jenkins
  1133. </span>
  1134. </a>
  1135. </li>
  1136. <li class="md-nav__item">
  1137. <a href="../../examples/bitwarden/" class="md-nav__link">
  1138. <span class="md-ellipsis">
  1139. Bitwarden
  1140. </span>
  1141. </a>
  1142. </li>
  1143. </ul>
  1144. </nav>
  1145. </li>
  1146. <li class="md-nav__item md-nav__item--nested">
  1147. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_6" >
  1148. <label class="md-nav__link" for="__nav_6" id="__nav_6_label" tabindex="0">
  1149. <span class="md-ellipsis">
  1150. Community
  1151. </span>
  1152. <span class="md-nav__icon md-icon"></span>
  1153. </label>
  1154. <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_6_label" aria-expanded="false">
  1155. <label class="md-nav__title" for="__nav_6">
  1156. <span class="md-nav__icon md-icon"></span>
  1157. Community
  1158. </label>
  1159. <ul class="md-nav__list" data-md-scrollfix>
  1160. <li class="md-nav__item md-nav__item--nested">
  1161. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_6_1" >
  1162. <label class="md-nav__link" for="__nav_6_1" id="__nav_6_1_label" tabindex="0">
  1163. <span class="md-ellipsis">
  1164. Contributing
  1165. </span>
  1166. <span class="md-nav__icon md-icon"></span>
  1167. </label>
  1168. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_6_1_label" aria-expanded="false">
  1169. <label class="md-nav__title" for="__nav_6_1">
  1170. <span class="md-nav__icon md-icon"></span>
  1171. Contributing
  1172. </label>
  1173. <ul class="md-nav__list" data-md-scrollfix>
  1174. <li class="md-nav__item">
  1175. <a href="../../contributing/devguide/" class="md-nav__link">
  1176. <span class="md-ellipsis">
  1177. Developer guide
  1178. </span>
  1179. </a>
  1180. </li>
  1181. <li class="md-nav__item">
  1182. <a href="../../contributing/process/" class="md-nav__link">
  1183. <span class="md-ellipsis">
  1184. Contributing Process
  1185. </span>
  1186. </a>
  1187. </li>
  1188. <li class="md-nav__item">
  1189. <a href="../../contributing/release/" class="md-nav__link">
  1190. <span class="md-ellipsis">
  1191. Release Process
  1192. </span>
  1193. </a>
  1194. </li>
  1195. <li class="md-nav__item">
  1196. <a href="../../contributing/coc/" class="md-nav__link">
  1197. <span class="md-ellipsis">
  1198. Code of Conduct
  1199. </span>
  1200. </a>
  1201. </li>
  1202. <li class="md-nav__item">
  1203. <a href="../../contributing/calendar/" class="md-nav__link">
  1204. <span class="md-ellipsis">
  1205. Community meetings calendar
  1206. </span>
  1207. </a>
  1208. </li>
  1209. <li class="md-nav__item">
  1210. <a href="../../contributing/roadmap/" class="md-nav__link">
  1211. <span class="md-ellipsis">
  1212. Roadmap
  1213. </span>
  1214. </a>
  1215. </li>
  1216. <li class="md-nav__item">
  1217. <a href="../../contributing/burnout-mitigation/" class="md-nav__link">
  1218. <span class="md-ellipsis">
  1219. Burnout Prevention
  1220. </span>
  1221. </a>
  1222. </li>
  1223. <li class="md-nav__item">
  1224. <a href="../../contributing/llm-policy/" class="md-nav__link">
  1225. <span class="md-ellipsis">
  1226. LLM Policy
  1227. </span>
  1228. </a>
  1229. </li>
  1230. </ul>
  1231. </nav>
  1232. </li>
  1233. <li class="md-nav__item md-nav__item--nested">
  1234. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_6_2" >
  1235. <label class="md-nav__link" for="__nav_6_2" id="__nav_6_2_label" tabindex="0">
  1236. <span class="md-ellipsis">
  1237. External Resources
  1238. </span>
  1239. <span class="md-nav__icon md-icon"></span>
  1240. </label>
  1241. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_6_2_label" aria-expanded="false">
  1242. <label class="md-nav__title" for="__nav_6_2">
  1243. <span class="md-nav__icon md-icon"></span>
  1244. External Resources
  1245. </label>
  1246. <ul class="md-nav__list" data-md-scrollfix>
  1247. <li class="md-nav__item">
  1248. <a href="../../eso-talks/" class="md-nav__link">
  1249. <span class="md-ellipsis">
  1250. Talks
  1251. </span>
  1252. </a>
  1253. </li>
  1254. <li class="md-nav__item">
  1255. <a href="../../eso-demos/" class="md-nav__link">
  1256. <span class="md-ellipsis">
  1257. Demos
  1258. </span>
  1259. </a>
  1260. </li>
  1261. <li class="md-nav__item">
  1262. <a href="../../eso-blogs/" class="md-nav__link">
  1263. <span class="md-ellipsis">
  1264. Blogs
  1265. </span>
  1266. </a>
  1267. </li>
  1268. <li class="md-nav__item">
  1269. <a href="../../eso-tools/" class="md-nav__link">
  1270. <span class="md-ellipsis">
  1271. Tools
  1272. </span>
  1273. </a>
  1274. </li>
  1275. </ul>
  1276. </nav>
  1277. </li>
  1278. </ul>
  1279. </nav>
  1280. </li>
  1281. </ul>
  1282. </nav>
  1283. </div>
  1284. </div>
  1285. </div>
  1286. <div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
  1287. <div class="md-sidebar__scrollwrap">
  1288. <div class="md-sidebar__inner">
  1289. <nav class="md-nav md-nav--secondary" aria-label="Table of contents">
  1290. <label class="md-nav__title" for="__toc">
  1291. <span class="md-nav__icon md-icon"></span>
  1292. Table of contents
  1293. </label>
  1294. <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
  1295. <li class="md-nav__item">
  1296. <a href="#shared-clustersecretstore" class="md-nav__link">
  1297. <span class="md-ellipsis">
  1298. Shared ClusterSecretStore
  1299. </span>
  1300. </a>
  1301. </li>
  1302. <li class="md-nav__item">
  1303. <a href="#managed-secretstore-per-namespace" class="md-nav__link">
  1304. <span class="md-ellipsis">
  1305. Managed SecretStore per Namespace
  1306. </span>
  1307. </a>
  1308. </li>
  1309. <li class="md-nav__item">
  1310. <a href="#eso-as-a-service" class="md-nav__link">
  1311. <span class="md-ellipsis">
  1312. ESO as a Service
  1313. </span>
  1314. </a>
  1315. </li>
  1316. </ul>
  1317. </nav>
  1318. </div>
  1319. </div>
  1320. </div>
  1321. <div class="md-content" data-md-component="content">
  1322. <article class="md-content__inner md-typeset">
  1323. <h1>Multi Tenancy</h1>
  1324. <p>External Secrets Operator provides different modes of operation to fulfill
  1325. organizational needs. This guide outlines the flexibility of ESO and should give
  1326. you a first impression of how you can employ this operator in your organization.</p>
  1327. <p>For a multi-tenant deployment you should first examine your organizational
  1328. structure:</p>
  1329. <ol>
  1330. <li>what roles (i.e. <em>Application Developers</em>, <em>Cluster Admins</em>, ...) do you have
  1331. in your organization,</li>
  1332. <li>what responsibilities do they have and</li>
  1333. <li>how does that map to Kubernetes RBAC roles.</li>
  1334. </ol>
  1335. <p>Further, you should examine how your external API provider manages access
  1336. control for your secrets. Can you limit access by secret names (e.g.
  1337. <code>db/dev/*</code>)? Or only on a bucket level? Please keep in mind that not all
  1338. external APIs provide fine-grained access management for secrets.</p>
  1339. <p><strong>Note:</strong> The following examples should <strong>not</strong> be considered as best practice
  1340. but rather as a example to show how to combine different mechanics and
  1341. techniques for tenant isolation.</p>
  1342. <h3 id="shared-clustersecretstore">Shared ClusterSecretStore</h3>
  1343. <p><img alt="Shared CSS" src="../../pictures/diagrams-multi-tenancy-shared.png" /></p>
  1344. <p>A Cluster Administrator deploys a <code>ClusterSecretStore</code> (CSS) and manages access
  1345. to the external API. The CSS is shared by all tenants within the cluster.
  1346. Application Developers do reference it in a <code>ExternalSecret</code> but can not create
  1347. a ClusterSecretStores or SecretStores on their own. Now all application
  1348. developers have access to all the secrets. You probably want to limit access to
  1349. certain keys or prefixes that should be used. ESO does not provide a mechanic
  1350. to limit access to certain keys per namespace. More advanced validation should be
  1351. done with an Admission Webhook, e.g. with <a href="https://kyverno.io/">Kyverno</a> or
  1352. <a href="https://www.openpolicyagent.org/">Open Policy Agent</a>).</p>
  1353. <p>This setup suites well if you have one central bucket that contains all of your
  1354. secrets and your Cluster Administrators should manage access to it. This setup
  1355. is very simple but does not scale very well.</p>
  1356. <h3 id="managed-secretstore-per-namespace">Managed SecretStore per Namespace</h3>
  1357. <p><img alt="Shared CSS" src="../../pictures/diagrams-multi-tenancy-managed-store.png" /></p>
  1358. <p>Cluster Administrators manage one or multiple <code>SecretStores</code> per Namespace. Each
  1359. SecretStore uses it's own <em>role</em> that limits access to a small set of keys. The
  1360. peculiarity of this is approach is, that <strong>access is actually managed by the
  1361. external API</strong> which provides the roles. The Cluster Administrator does just the
  1362. wiring. This approach may be desirable if you have an external entity - let's
  1363. call it <strong>Secret Administrator</strong> - that manages access and lifecycle of the
  1364. secrets.</p>
  1365. <h3 id="eso-as-a-service">ESO as a Service</h3>
  1366. <p><img alt="Shared CSS" src="../../pictures/diagrams-multi-tenancy-self-service.png" /></p>
  1367. <p>Every namespace is self-contained. Application developers manage <code>SecretStore</code>,
  1368. <code>ExternalSecret</code> and secret infrastructure on their own. Cluster Administrators
  1369. <em>just</em> provide the External Secrets Operator as a service.</p>
  1370. <p>This makes sense if application developers should be completely autonomous while
  1371. a central team provides common services.</p>
  1372. </article>
  1373. </div>
  1374. <script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
  1375. </div>
  1376. </main>
  1377. <img referrerpolicy="no-referrer-when-downgrade"
  1378. src="https://static.scarf.sh/a.png?x-pxid=6658a9eb-067d-49f1-94f2-b8b00f21451e" alt=""
  1379. hidden />
  1380. <footer class="md-footer">
  1381. <div class="md-footer-meta md-typeset">
  1382. <div class="md-footer-meta__inner md-grid">
  1383. <div class="md-copyright">
  1384. <div class="md-copyright__highlight">
  1385. &copy; 2025 The external-secrets Authors.<br/>
  1386. &copy; 2025 The Linux Foundation. All rights reserved.<br/><br/>
  1387. The Linux Foundation has registered trademarks and uses trademarks.<br/>
  1388. For a list of trademarks of The Linux Foundation, please see our <a href="https://www.linuxfoundation.org/trademark-usage/">Trademark Usage page</a>.
  1389. </div>
  1390. Made with
  1391. <a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
  1392. Material for MkDocs
  1393. </a>
  1394. </div>
  1395. </div>
  1396. </div>
  1397. </footer>
  1398. </div>
  1399. <div class="md-dialog" data-md-component="dialog">
  1400. <div class="md-dialog__inner md-typeset"></div>
  1401. </div>
  1402. <script id="__config" type="application/json">{"annotate": null, "base": "../..", "features": ["navigation.tabs", "navigation.indexes", "navigation.expand"], "search": "../../assets/javascripts/workers/search.2c215733.min.js", "tags": null, "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}, "version": {"provider": "mike"}}</script>
  1403. <script src="../../assets/javascripts/bundle.79ae519e.min.js"></script>
  1404. </body>
  1405. </html>