External Secrets Operator
K8s operator that syncs secrets from external stores into Kubernetes Secrets
Secrets ManagementFree (open source)Open Source
How we work:This listing is aggregated from External Secrets Operator's official documentation, public pricing pages, community discussions (Reddit, HN, forums), and real user feedback. We do not do hands-on testing. We aggregate and organize what's already out there. Last verified April 2026.
What is External Secrets Operator?
External Secrets Operator (ESO) is a Kubernetes operator that syncs secrets from external stores (AWS Secrets Manager, HashiCorp Vault, GCP Secret Manager, Azure Key Vault, 1Password, and many more) into native Kubernetes Secrets. It is the de facto standard for integrating external secret backends with Kubernetes workloads, with broad community adoption and graduated CNCF status.
Best for: Kubernetes teams that want to use cloud-native or Vault secrets directly in pods
Pros
- ✓ Massive community adoption; de facto standard for K8s + external secrets
- ✓ Broad provider support (30+ backends)
- ✓ Free and open source with no license cost
- ✓ Works cleanly with GitOps workflows
Cons
- ✗ You still need a real secrets backend (Vault, AWS, etc.) for it to sync from
- ✗ Operator deployment adds cluster complexity
- ✗ No UI; all configuration is CRD-based
- ✗ Cluster admin required to install the CRDs
Key Features
→CustomResourceDefinition (CRD) for declarative secret syncing
→Supports 30+ external secret stores
→Works with AWS, Azure, GCP, HashiCorp Vault, 1Password, Doppler
→Automatic secret refresh on a schedule
→PushSecrets for reverse-syncing back to external stores
→ClusterExternalSecret for multi-namespace syncing
→Webhook provider for arbitrary external APIs
→GitOps-friendly (Argo CD, Flux compatible)
→Helm chart and operator deployment
→CNCF Graduated project
What People Are Saying
Real discussions and resources from the community.
Quick Info
| Pricing | Free (open source) |
| Model | Open Source |
| Founded | 2020 |
| Cloud | No |
| Self-Hosted | Yes |
| Open Source | Yes |
| Rating | 4.6/5 |
Last updated: Apr 23, 2026