Skip to content

The road to external-secrets GA

The following external-secret custom resource APIs are considered stable:

  • ExternalSecret
  • ClusterExternalSecret
  • SecretStore
  • ClusterSecretStore

These CRDs are currently at v1beta1 and are considered production ready. Going forward, breaking changes to these APIs will be accompanied by a conversion mechanism.

We have identified the following areas of work. This is subject to change while we gather feedback. We have a GitHub Project Board where we organize issues and milestones on a high level.

  • Conformance testing
    • end to end testing with ArgoCD and Flux
    • end to end testing for all project maintained providers
  • API enhancements
    • consolidate provider fields
    • dataFrom key rewrites
    • provider versioning strategy
    • pushing secrets to a provider
  • Documentation Improvements
    • Troubleshooting Guides
    • FAQ
    • review multi tenancy docs
    • provide security model for infosec teams
    • provider specific guides
  • Observability
    • Provide Grafana Dashboard and Prometheus alerts
    • add provider-level metrics
  • Pentest & SBOM