vault-k8s VS external-secrets

Compare vault-k8s vs external-secrets and see what are their differences.


First-class support for Vault and Kubernetes. (by hashicorp)


External Secrets Operator reads information from a third-party service like AWS Secrets Manager and automatically injects the values as Kubernetes Secrets. (by external-secrets)
Our great sponsors
  • SonarQube - Static code analysis for 29 languages.
  • InfluxDB - Collect and Analyze Billions of Data Points in Real Time
  • Mergify - Updating dependencies is time-consuming.
vault-k8s external-secrets
5 23
734 3,101
1.9% 5.1%
0.0 7.2
6 days ago 4 days ago
Go Go
Mozilla Public License 2.0 Apache License 2.0
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.


Posts with mentions or reviews of vault-k8s. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-01-18.
  • GitOps and Kubernetes – Secure Handling of Secrets
    7 projects | | 18 Jan 2023
    Hashicorp Vault k8s is an operator that modifies pods via a mutating webhook to connect between vault and pod via sidecars (additional containers) to provide secrets. This has the major advantage that no secret objects are created in Kubernetes here. The disadvantage is that this way only works with Vault.
  • Solving ArgoCD Secret Management with the argocd-vault-plugin
    2 projects | /r/kubernetes | 6 Feb 2021
    They’ve made it so you can define the order that the vault sidecar starts in, so that the proxy will be running first.


Posts with mentions or reviews of external-secrets. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-07-06.

What are some alternatives?

When comparing vault-k8s and external-secrets you can also consider the following projects:

sealed-secrets - A Kubernetes controller and tool for one-way encrypted Secrets

secrets-store-csi-driver - Secrets Store CSI driver for Kubernetes secrets - Integrates secrets stores with Kubernetes via a CSI volume.

kubernetes-external-secrets - Integrate external secret management systems with Kubernetes

kube-score - Kubernetes object analysis with recommendations for improved reliability and security

Reloader - A Kubernetes controller to watch changes in ConfigMap and Secrets and do rolling upgrades on Pods with their associated Deployment, StatefulSet, DaemonSet and DeploymentConfig – [✩Star] if you're using it!

trousseau - Store and access your secrets the Kubernetes native way with any external KMS.

spiffe-vault - Integrates Spiffe and Vault to have secretless authentication

ktunnel - A cli that exposes your local resources to kubernetes

vault-secrets-operator - The Vault Secrets Operator (VSO) allows Pods to consume Vault secrets natively from Kubernetes Secrets.

popeye - 👀 A Kubernetes cluster resource sanitizer

kubectl-debug - This repository is no longer maintained, please checkout