This message was deleted.

Maybe look into adding that feature into https://external-secrets.io/latest/ ? ,I'm sure that would be valuable to the community

That'd be awesome if external secrets could be extended 🤔 The other thing I'm thinking of is that this feels like the business logic around secrets. Which is the same way in which you have business logic around other things. So basically a secrets operator that can manage its lifecycle. I'm working with some people right now on a similar lifecycle challenge (though not for secrets specifically) and how that translates into a Kratix Promise (free and OSS framework, but also my day job). If brainstorming on that would be interesting for you it definitely sounds like a way to solve these types of problems 💡

Hello @Hugo Pinheiro: Thanks for the response will try to add atleast feature request to external secrets. Hello @Abby Bangser Thanks for the same. Yeah i would be ok to have more brainstorming session around same or similar ideas.

We defined a spec for metadata to embed alongside secrets and then use a watcher type process (part of our IDP) to read the metadata from the 2-3 secret stores we have and report if necessary. We don’t (yet) automate rotation, instead we prefer to use short lived or just in time secrets.

cool thanks @Dom Hutton Thanks for suggestion over here. We are also thinking to create some scheduled workflow which based on metadata linked to secret will either notify or generate new token. Yeah ShortLived and Just in time secrets works but there are some usecases where this kind of STS service is not provided by the 3rd Party.

I would look at https://www.akeyless.io/ As a secrets platform it provides a lot of desirable capabilities This makes it a lot easier to implement your platform goals rather than writing everything yourslf

building some secret management right now at prefab.cloud For these secrets, is it the case that you always know the expiry at the time of creation? We have some similar / rhyming ideas around feature flags. Ways to signify that something is stale / needs to be looked at after N days.