MCPcopy
hub / github.com/external-secrets/external-secrets

github.com/external-secrets/external-secrets @helm-chart-2.7.0 sqlite

repository ↗ · DeepWiki ↗ · release helm-chart-2.7.0 ↗
7,088 symbols 20,947 edges 742 files 3,750 documented · 53%
README
<img src="https://github.com/external-secrets/external-secrets/raw/helm-chart-2.7.0/assets/eso-logo-large.png" width="30%" align="center" alt="external-secrets">

External Secrets

ci CII Best Practices OpenSSF Scorecard Go Report Card FOSSA Status Artifact Hub operatorhub.io

External Secrets Operator is a Kubernetes operator that integrates external secret management systems like AWS Secrets Manager, HashiCorp Vault, Google Secrets Manager, Azure Key Vault, IBM Cloud Secrets Manager, Akeyless, CyberArk Secrets Manager, Pulumi ESC and many more. The operator reads information from external APIs and automatically injects the values into a Kubernetes Secret.

Multiple people and organizations are joining efforts to create a single External Secrets solution based on existing projects. If you are curious about the origins of this project, check out this issue and this PR.

Documentation

External Secrets Operator guides and reference documentation is available at external-secrets.io. Also see our stability and support policy.

Contributing

We welcome and encourage contributions to this project! Please read the Developer and Contribution process guides. Also make sure to check the Code of Conduct and adhere to its guidelines.

Also, please take a look our Contribution Ladder for a very detailed explanation of what roles and tracks are available for people to try and help this project.

Sponsoring

Please consider sponsoring this project, there are many ways you can help us with: engineering time, providing infrastructure, donating money, etc. We are open to cooperations, feel free to approach as and we discuss how this could look like. We can keep your contribution anonymized if that's required (depending on the type of contribution), and anonymous donations are possible inside Opencollective.

Bi-weekly Development Meeting

We host our development meeting every odd wednesday on Zoom. We run the meeting with alternating times 8:00 PM Berlin Time and 1:00 PM Berlin Time. Be sure to check the CNCF Calendar to see when the next meeting is scheduled, we'll also announce the time in our Kubernetes Slack channel. Meeting notes are recorded on this google document.

Anyone is welcome to join. Feel free to ask questions, request feedback, raise awareness for an issue, or just say hi. ;)

Security

Please report vulnerabilities by email to cncf-ExternalSecretsOp-maintainers@lists.cncf.io. Also see our SECURITY.md file for details.

Software bill of materials

We attach SBOM and provenance file to our GitHub release. Also, they are attached to container images.

Adopters

Please create a PR and add your company or project to our ADOPTERS.md file if you are using our project!

Roadmap

You can find the roadmap in our documentation: https://external-secrets.io/latest/contributing/roadmap/

Kicked off by

Sponsored by

External Secrets Inc. Container Solutions Form 3 Pento

License

FOSSA Status

Extension points exported contracts — how you extend this code

SecretGetter (Interface)
SecretGetter adapts the secrets received from a remote Yandex.Cloud service for the format expected by v1.SecretsClient. [48 …
providers/v1/yandex/common/secretgetter.go
Provider (Interface)
+kubebuilder:object:root=false +kubebuilder:object:generate:false +k8s:deepcopy-gen:interfaces=nil +k8s:deepcopy-gen=nil [45 …
apis/externalsecrets/v1beta1/provider.go
Generator (Interface)
+kubebuilder:object:root=false +kubebuilder:object:generate:false +k8s:deepcopy-gen:interfaces=nil +k8s:deepcopy-gen=nil [16 …
apis/generators/v1alpha1/generator_interfaces.go
TokenGetter (Interface)
TokenGetter defines an interface for obtaining Azure access tokens. [6 implementers]
generators/v1/acr/acr.go
TokenProvider (Interface)
TokenProvider is the interface that provider-specific OIDC implementations must satisfy. Providers implement this interf [6 …
runtime/oidc/token_manager.go
SecretStoreProvider (Interface)
SecretStoreProvider is a interface that must be implemented by a provider that runs the e2e test. [26 implementers]
e2e/framework/testcase.go
InformerManager (Interface)
InformerManager manages the lifecycle of informers for generic target resources. It handles dynamic registration, tracki [1 …
pkg/controllers/externalsecret/informer_manager.go
ExecFunc (FuncType)
ExecFunc is the function signature type for executing a template engine.
runtime/template/engine.go

Core symbols most depended-on inside this repo

Error
called by 504
providers/v1/oracle/fake/fake.go
String
called by 266
providers/v1/scaleway/client.go
Contains
called by 251
runtime/cache/cache.go
Get
called by 245
providers/v1/scaleway/cache.go
ObserveAPICall
called by 179
runtime/metrics/metrics.go
Create
called by 178
providers/v1/ngrok/client.go
GetRemoteKey
called by 126
apis/externalsecrets/v1/pushsecret_interfaces.go
Add
called by 121
runtime/cache/cache.go

Shape

Method 3,221
Function 2,527
Struct 1,082
FuncType 89
TypeAlias 85
Interface 84

Languages

Go100%

Modules by API surface

apis/externalsecrets/v1/zz_generated.deepcopy.go436 symbols
apis/externalsecrets/v1beta1/zz_generated.deepcopy.go336 symbols
apis/generators/v1alpha1/zz_generated.deepcopy.go202 symbols
providers/v1/onepasswordsdk/client_test.go75 symbols
providers/v1/azure/keyvault/keyvault.go75 symbols
providers/v1/secretserver/client_test.go68 symbols
providers/v1/aws/secretsmanager/secretsmanager.go60 symbols
providers/v1/vault/fake/vault.go52 symbols
providers/v1/dvls/client_test.go51 symbols
pkg/controllers/pushsecret/pushsecret_controller.go49 symbols
providers/v1/onepassword/onepassword_test.go48 symbols
providers/v1/aws/secretsmanager/fake/fake.go48 symbols

Dependencies from manifests, versioned

al.essio.dev/pkg/shellescapev1.6.0 · 1×
buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/gov1.36.10-20250912141 · 1×
cel.dev/exprv0.25.1 · 1×
cloud.google.com/go/auth/oauth2adaptv0.2.8 · 1×
cloud.google.com/go/compute/metadatav0.9.0 · 1×
cloud.google.com/go/secretmanagerv1.16.0 · 1×
dario.cat/mergov1.0.2 · 1×
github.com/1Password/connect-sdk-gov1.5.3 · 1×
github.com/1password/onepassword-sdk-gov0.3.1 · 1×
github.com/Azure/azure-sdk-for-gov68.0.0+incompatible · 1×

Datastores touched

(mysql)Database · 1 repos
mydbDatabase · 1 repos

For agents

$ claude mcp add external-secrets \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact