01 / Why it exists
Declarative delivery is only safe when secrets have a lifecycle separate from Git.
Secrets authority
A central authority for sensitive configuration that keeps credentials out of repositories and workload definitions.
01 / Why it exists
Declarative delivery is only safe when secrets have a lifecycle separate from Git.
02 / Architecture
Vault owns secret material; External Secrets projects narrowly scoped values into Kubernetes workloads. Authentication and policy define which workload may read what.
03 / Lessons
Screenshots
Operational captures will be added when they can be safely published.
Source / Config
Public configuration will appear here when the boundary is ready.
Related material
This field note is the first public documentation for this component.