Skip to main content

Preset Workflows

External Secrets Enterprise Edition comes with a set of preset workflow templates that you can use to automate common secret management tasks. These templates are automatically available in your cluster when you install External Secrets Enterprise Edition. The Preset Workflow Templates are created on eso-server namespace.
You can use these templates as a starting point and customize them to fit your specific needs.

Available Workflows

This workflow distributes a secret from a source location to multiple target locations. It is particularly useful for synchronizing secrets that have been identified as duplicates by a scan job.Use this Workflow when you want to react to a change on a given Source of Truth. Whenever the value in the source is changed, this Workflow will distribute it to the selected Target Locations.Mandatory Parameters:
  • sourceLocation (secretlocation): The source secret to be distributed.
  • targetLocations (array[secretlocation]): A list of destination locations.
To inspect the full template, run the following command:
kubectl get workflowtemplate distribute-between-locations -n eso-server -o yaml
This workflow generates a new secret using a specified generator and then distributes it to multiple secret stores.Use this Workflow when you want External Secrets Enterprise Edition to handle rotation on a given time frame.Mandatory Parameters:
  • generator (generator[any]): The generator to use for creating the secret.
  • storesToDistribute (array[secretstore]): A list of SecretStore destinations.
  • keyToDistribute (string): The name of the secret key to be created in the destination stores.
To inspect the full template, run the following command:
kubectl get workflowtemplate generate-and-distribute-workflow -n eso-server -o yaml
This workflow is designed to distribute secrets that are in JSON format from a source SecretStore to multiple destination SecretStores.Use this Workflow when you want to distribute a JSON secret to multiple locations - preserving the JSON format.Mandatory Parameters:
  • store (secretstore): The source SecretStore.
  • keyToDistribute (string): The key of the JSON secret to distribute.
  • storesToDistribute (array[secretstore]): A list of destination SecretStores.
To inspect the full template, run the following command:
kubectl get workflowtemplate json-distribution-workflow -n eso-server -o yaml
This workflow finds secrets in a SecretStore that match a regular expression and distributes them to multiple other SecretStores.Use this Workflow when you want to distribute multiple secrets to multiple locations on a raw value.Mandatory Parameters:
  • store (secretstore): The source SecretStore.
  • pattern (string): The regular expression to match secret names.
  • storesToDistribute (array[secretstore]): A list of destination SecretStores.
To inspect the full template, run the following command:
kubectl get workflowtemplate multiple-distribution-workflow -n eso-server -o yaml
This is a basic workflow for distributing a single secret of any format from one SecretStore to many others.Mandatory Parameters:
  • store (secretstore): The source SecretStore.
  • keyToDistribute (string): The key of the secret to distribute.
  • storesToDistribute (array[secretstore]): A list of destination SecretStores.
To inspect the full template, run the following command:
kubectl get workflowtemplate distribution-workflow -n eso-server -o yaml