Things I noticed while exploring #kubernetes:

You can combine this

https://external-secrets.io/latest/api/generator/webhook/

with this:

https://bitwarden.com/help/public-api/ (esp. when using Vaultwarden!)

to effectively use your PW as a secrets store. Annnnnd you can even do that with Vaultwarden being in-cluster, possibly even routing internally with allow-lists and stuff.

Why is cool shit like that not collected anywhere? It's the same with rancher/local-path-provisioner + rclone. I thought Helm's job was to make this stuff easier... but it most certainly did not. :/ You can just barf 100 pods into your cluster and pray it doesnt immediately explode - but if you want the real good stuff you have to do a crapton of legwork. Like, actually, a crapton. x.x