Skip to content

Banner image Banner image

Cloud‑native patterns: Why you should use External Secrets Operator with ArgoCD

The Problem We Had

GitOps made deployments clean, but secrets became the weak link. Teams either committed secrets or invented fragile workarounds.

The Outcome We Wanted

A secure GitOps flow where secrets never live in Git, yet apps still deploy automatically.

The Blueprint

ESO system context ESO flow

The Implementation Pattern

  • Store real secrets in a secret manager (AWS/GCP/Vault).
  • Commit only ExternalSecret manifests.
  • Let ESO pull and materialize secrets in‑cluster.

Walkthrough Files

  • repo/gitops/secrets/secretstore.yaml
  • repo/gitops/secrets/externalsecret.yaml

What Changed

Security improved immediately: no plaintext secrets in Git, fewer manual steps, and a cleaner audit trail.