Secrets

Kratix workflows run in Kubernetes and use the native Secret model. If a workflow needs credentials or tokens, create a Kubernetes Secret and reference it as you would for any other Pod. There is no Kratix-specific secret store; workflow Pods inherit whatever access you grant in the cluster.

See the Kubernetes docs for the core concepts and usage:

Secrets
Using Secrets

Integrating external secret stores

There are many ways to source secrets from external systems and sync them into Kubernetes. Common approaches include:

Sealed Secrets for storing encrypted secrets in Git.
External Secrets Operator to pull from cloud secret managers.
HashiCorp Vault via a Kubernetes auth method and sync controller.

Once those tools materialize a Kubernetes Secret, Kratix workflows can use it as-is. This keeps Kratix aligned with the Kubernetes security model and lets you pick the integration that fits your platform.

Integrating external secret stores​

Integrating external secret stores