security/understanding-secrets-management.adoc

:_mod-docs-content-type: ASSEMBLY
include::_attributes/common-attributes.adoc[]
[id="understanding-secrets-management"]
= Understanding secrets management in {product-title}
:context: understanding-secrets-management

toc::[]

[role="_abstract"]
Secret management tools can be used to automate the lifecycle of sensitive data, such as passwords, private files, and certificates, by providing a centralized system to control and monitor access. This approach enhances security by limiting the uncontrolled spread of secrets and enables automation for the entire secret lifecycle, including updates, expiration, and removal.

{product-title} uses a flexible Operator and plugin design to decouple your workloads from external secret managers, ensuring you are not locked into a single vendor. In this model, the Operator acts as an intermediary, while a vendor-specific plugin manages communication between the cluster and the external storage. This allows applications to access secrets without needing to know the details of where or how they are stored.

include::modules/secrets-management-operators.adoc[leveloffset=+1]

[role="_additional-resources"]
.Additional resources

* xref:../storage/container_storage_interface/persistent-storage-csi-secrets-store.adoc#persistent-storage-csi-secrets-store[Secrets Store Container Storage Interface Driver Operator]

* xref:../security/external_secrets_operator/index.adoc#external-secrets-operator-about[{external-secrets-operator}]

* xref:../security/cert_manager_operator/index.adoc#cert-manager-operator-about[{cert-manager-operator}]
review comments 2025-12-02 18:12:57 +05:30			`:_mod-docs-content-type: ASSEMBLY`
			`include::_attributes/common-attributes.adoc[]`
			`[id="understanding-secrets-management"]`
			`= Understanding secrets management in {product-title}`
			`:context: understanding-secrets-management`

			`toc::[]`

			`[role="_abstract"]`
			`Secret management tools can be used to automate the lifecycle of sensitive data, such as passwords, private files, and certificates, by providing a centralized system to control and monitor access. This approach enhances security by limiting the uncontrolled spread of secrets and enables automation for the entire secret lifecycle, including updates, expiration, and removal.`

			`{product-title} uses a flexible Operator and plugin design to decouple your workloads from external secret managers, ensuring you are not locked into a single vendor. In this model, the Operator acts as an intermediary, while a vendor-specific plugin manages communication between the cluster and the external storage. This allows applications to access secrets without needing to know the details of where or how they are stored.`

			`include::modules/secrets-management-operators.adoc[leveloffset=+1]`

			`[role="_additional-resources"]`
			`.Additional resources`

			`* xref:../storage/container_storage_interface/persistent-storage-csi-secrets-store.adoc#persistent-storage-csi-secrets-store[Secrets Store Container Storage Interface Driver Operator]`

			`* xref:../security/external_secrets_operator/index.adoc#external-secrets-operator-about[{external-secrets-operator}]`

			`* xref:../security/cert_manager_operator/index.adoc#cert-manager-operator-about[{cert-manager-operator}]`