Skip to content

Developer guide

Getting Started

You must have a working Go environment and then clone the repo:

git clone
cd external-secrets

If you want to run controller tests you also need to install kubebuilder's envtest.

The recommended way to do so is to install setup-envtest

Here is an example on how to set it up:

go install

# list available versions
setup-envtest list --os $(go env GOOS) --arch $(go env GOARCH)

# To use a specific version
setup-envtest use -p path 1.20.2

#To set environment variables
source <(setup-envtest use 1.20.2 -p env --os $(go env GOOS) --arch $(go env GOARCH))

for more information, please see setup-envtest docs

Building & Testing

The project uses the make build system. It'll run code generators, tests and static code analysis.

Building the operator binary and docker image:

make build
make IMG=external-secrets:latest

Run tests and lint the code:

make test
make lint

Build the documentation:

make docs


To install the External Secret Operator into a Kubernetes Cluster run:

helm repo add external-secrets
helm repo update
helm install external-secrets external-secrets/external-secrets

You can alternatively run the controller on your host system for development purposes:

make crds.install
make run

To remove the CRDs run:

make crds.uninstall

If you need to test some other k8s integrations and need the operator to be deployed to the actuall cluster while developing, you can use the following workflow:

kind create cluster --name external-secrets

export TAG=v2
export IMAGE=eso-local

#For building in linux
docker build . -t $IMAGE:$TAG --build-arg TARGETARCH=amd64 --build-arg TARGETOS=linux

#For building in MacOS (OSX)
#docker build . -t $IMAGE:$TAG --build-arg TARGETARCH=amd64 --build-arg TARGETOS=darwin

#For building in ARM
#docker build . -t $IMAGE:$TAG --build-arg TARGETARCH=arm --build-arg TARGETOS=linux

make helm.generate
helm upgrade --install external-secrets ./deploy/charts/external-secrets/ --set image.repository=$IMAGE --set image.tag=$TAG

Contributing Flow

The HOW TO guide for contributing is at the Contributing Process page.


We use mkdocs material and mike to generate this documentation. See /docs for the source code and /hack/api-docs for the build process.

When writing documentation it is advised to run the mkdocs server with livereload:

make serve-docs

Run the following command to run a complete build. The rendered assets are available under /site.

make docs
make serve-docs

Open http://localhost:8000 in your browser.

Since mike uses a branch to create/update documentation, any docs operation will create a diff on your local gh-pages branch.

When finished writing/reviewing the docs, clean up your local docs branch changes with git branch -D gh-pages