Skip to main content
This tutorial will guide you through a complete workflow in External Secrets Enterprise Edition. You’ll learn how to define a reusable workflow, run it on-demand, and schedule it to run periodically.

Prerequisites

Before you begin, you will need:
  • A Kubernetes cluster.
  • External Secrets Enterprise Edition installed.
This tutorial will guide you through creating a scheduled workflow that generates a password and distributes it to multiple secret stores. We will use the preset generate-and-distribute workflow template.
  • Using the UI
  • Manifest-Based Instructions

Step 1: Create Secret Stores

First, we need to create two SecretStore resources where the generated password will be stored.
  1. Navigate to the Secret Stores section in the External Secrets Enterprise Edition UI.
  2. Click on Add Secret Store.
  3. Create the first SecretStore with the following details:
    • Name: fake
    • Provider: Fake (This is useful for testing purposes)
    • Add two data blocks: one with key key-1 and value duplicate; the other one with name key-2 and value duplicate as well.
  4. Repeat the process to create a second SecretStore:
    • Name: fake2
    • Provider: Fake

Step 2: Create a Password Generator

Next, we’ll create a Password generator that will produce the secure passwords.
  1. Go to the Generators section in the UI.
  2. Click on Create Generator.
  3. Select Passwords as the generator type.
  4. Configure the generator:
    • Name: my-password-generator
    • Digits: 4
    • Length: 32
    • Symbols: 4
  5. Save the generator.

Step 3: Create a Scheduled Workflow

Now, let’s create a WorkflowRunTemplate to schedule the password generation and distribution.
  1. Navigate to the Workflows Templates section. A list of Preset Workflow Templates will appear.
  2. Find the generate-and-distribute-workflow template. Click the Add Run Templates button.
  3. Fill in the parameters:
    • Name: my-scheduled-password
    • Generator: Select my-password-generator.
    • Stores to Distribute: Add fake and fake2 to the list.
    • Key to Distribute: Type generated-password. This is the key that will be used to store the generated password in the stores.
    • Run Policy select Scheduled Interval
    • Schedule: Select Every time period
    • Every time period type 1m.
  4. External Secrets will Run this workflow every 1 minute, generating a new Password and adding it to fake and fake2 stores, under the generated-password key.
  5. Click Create to save the WorkflowRunTemplate.

Step 4: Check Runs

After creating your run template, you’ll be able to see all the runs executing for that job. Click on a Run to obtain information about all of the steps, its status and its execution time.