[gouggoug]

It's worth noting that the "Kubernetes External Secrets"[0] project from Godaddy is now supplanted by "Secret-Manager"[1].

I've been using Secret-Manager and it works very well.

The authors of "kube-secret-syncer" mention "[other solutions] lack either in security, caching or flexibility".

When it comes to "secret-manager", although I can not vouch for its security, the codebase is very small and probably easily auditable.

It's also very flexible. It supports "SecretStores", currently AWS, GCP and Vault out of the box, and it's easy to add more.

Not sure why "caching" is mentioned in the mix.

I'm surprised they decided to re-invent the wheel instead of improving secret-manager.

[0]: https://github.com/godaddy/kubernetes-external-secrets

[1]: https://github.com/itscontained/secret-manager

[tecleandor]

Why is it supplanted? Is it a fork? I still see commits on GoDaddy's repository.

Secret-Manager docs are, ahem, limited.

[gouggoug]

I could be wrong; I had originally started using "external-secrets" then I believe found about "secret-manager" from the Godaddy repository.

I've used both solutions, and ultimately, I think itscontained/secret-manager is better than external-secrets.

Their doc was re-jiggled a few days ago and I agree its made it look like it's inexistant. There's not a _ton_ of it, but it's there[0][1]

[0]https://github.com/itscontained/secret-manager/tree/master/d...

[1]https://github.com/itscontained/secret-manager/blob/master/d...

edit: found the link in the Godaddy repo to "secret-manager": https://github.com/godaddy/kubernetes-external-secrets/issue...

I was mistaken when I said "secret-manager supplanted external-secrets". It's a Golang rewrite from a user.

[Keunic]

Yeah, we should probably include in Github readme, but the itscontained/secret-manager is an implementation of the standardization that a few of us have been working on in https://github.com/godaddy/kubernetes-external-secrets/pull/....

There has been talks of moving one of these solutions to https://github.com/external-secrets ownership, but nothing has happened around that yet.

[riccardomc]

Indeed is not supplanted, it is just another solution. Speaking of which, I would like to put our solution on your radar as well: https://github.com/ContainerSolutions/externalsecret-operato...

[tecleandor]

Oh, I see!

[krthkv]

Hey there, I work on the infra team at Contentful and wanted to expand on the caching. Polling AWS Secrets Manager often can incur considerable costs since it is priced by API calls. We've tried to alleviate this by caching the list of secrets and their values in the process.