Skip to content
Latchkey

What Is an External Secret?

An external secret references a secret stored in an external system, such as a cloud secret manager or vault, and an operator fetches it and creates or updates a native cluster secret to match. The authoritative value stays in the external store, and the cluster copy is refreshed automatically. Manifests reference the secret without ever containing the value.

Why it matters

External secrets centralize credential management in a dedicated store while still feeding workloads in the cluster. Rotations in the source store propagate without editing manifests.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →