Kubernetes Plugins

Suggest Edit

The Akeyless Kubernetes plugins enable containerized applications to use Static, Dynamic, and Rotated secrets as well as Certificates sourced from the Akeyless Platform.

The following plugins are available for Kubernetes:

📘
Note: The documentation, configuration and examples for Akeyless Kubernetes plugins are also applicable to Red Hat OpenShift environment.

Feature Compatibility Matrix

Akeyless provides multiple ways to consume secrets from Kubernetes. The following matrix compares the most common integrations:

Capability / Feature	External Secrets Operator (ESO)	Akeyless Kubernetes Secrets Injector	Akeyless Secrets Store CSI Provider	Cert Manager (Akeyless issuer)
Primary use case	Sync Akeyless secrets into Kubernetes Secrets	Inject secrets directly into pods at runtime	Mount secrets as volumes in pods	Issue TLS certs from Akeyless
Secret storage in Kubernetes	Yes (Kubernetes Secret objects)	No (file/env in pod only)	No (mounted files only)	Partial (only certificates as Kubernetes secrets)
Secret injection method	Controller reconciles `ExternalSecret` CRDs	Mutating Admission Webhook (init and optional sidecar)	CSI driver mounts secrets into container filesystem	Certificate issuance & renewal
Supported Secret Types	Static, Rotated, Dynamic, Certificates	Static, Rotated, Dynamic, Certificates, USC	Static, Rotated, Certificates	Certificates
Push secrets from Kubernetes to Akeyless	Yes (`PushSecret`)	No	No	No
Native JSON extraction and templating	Yes (`dataFrom.extract`, templating support)	No (app reads raw file/env values)	No	N/A
Ideal for	GitOps, configurations as code, multi-tenant clusters	App-centric injection with no Kubernetes Secret persistence	File-based consumption, legacy apps expecting files	TLS for Ingress and Service objects

Tutorial

Check out our tutorial video on Injecting Secrets into a Kubernetes Cluster.

Updated 4 days ago

What’s Next

Akeyless K8s Secrets Injector