docs: add External Secrets Operator guide with Kubernetes auth

[devin-ai-integration]

Context

A customer was having trouble setting up External Secrets Operator (ESO) with Infisical using Kubernetes Auth. The existing ESO documentation only showed Universal Auth examples, and the customer was confused about the correct YAML structure for Kubernetes Auth (they were trying to use Vault-style fields like mountPath, role, and serviceAccountRef).

This PR adds a comprehensive step-by-step guide for setting up ESO with Infisical, with a focus on Kubernetes Auth. The guide covers:

• Installing ESO
• Setting up RBAC for token review
• Creating a Machine Identity with Kubernetes Auth in Infisical
• Configuring SecretStore and ExternalSecret resources
• ClusterSecretStore usage
• Self-hosted Infisical with custom CA certificates
• Examples for other auth methods (Universal Auth, AWS, GCP, Azure)
• Troubleshooting common issues

The correct ESO configuration for Kubernetes Auth uses kubernetesAuthCredentials with an identityId reference (verified from the ESO Infisical provider source code).

Steps to verify the change

1. Review the YAML examples for correctness against the ESO Infisical provider types
2. Verify the navigation renders correctly in the docs
3. Check that referenced images exist in the repo

Human Review Checklist

• Verify the indentation change in docs/docs.json doesn't break navigation (the diff shows increased indentation)
• Review the kubernetesAuthCredentials YAML structure matches ESO's expected format
• Confirm the step-by-step instructions are accurate for creating Machine Identities with Kubernetes Auth

Type

• Fix
• Feature
• Improvement
• Breaking
• Docs
• Chore

Checklist

• Title follows the conventional commit format: type(scope): short description
• Tested locally
• Updated docs (if needed)
• Read the contributing guide

---

Link to Devin run: https://app.devin.ai/sessions/a7720eb11b9749448addd9f9bfb47a9f
Requested by: ashwin@infisical.com

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[maidul98]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[greptile-apps]

Greptile Overview

Greptile Summary

This PR adds comprehensive documentation for using External Secrets Operator (ESO) with Infisical, focusing on Kubernetes Auth authentication. The guide addresses a customer pain point where they were confused about the correct YAML structure (they were trying to use Vault-style fields instead of the correct kubernetesAuthCredentials with identityId).

Key additions:

• Step-by-step setup guide covering ESO installation, RBAC configuration, Machine Identity creation, and SecretStore/ExternalSecret configuration
• Correct kubernetesAuthCredentials YAML structure verified against ESO source code
• Architecture overview explaining the authentication flow
• Examples for other auth methods (Universal Auth, AWS, GCP, Azure)
• Troubleshooting section for common issues
• Self-hosted Infisical configuration with custom CA certificates
• Complete example YAML for quick start

Issue found:

• The Kubernetes Operator group in docs.json has excessive indentation (20 spaces) that is inconsistent with other sibling groups, which should be fixed to maintain JSON formatting consistency

Confidence Score: 4/5

• Safe to merge after fixing the JSON indentation inconsistency
• The documentation is comprehensive, accurate, and well-structured with correct YAML examples verified against ESO source code. The only issue is a formatting inconsistency in the JSON navigation file that should be corrected before merging to maintain codebase consistency
• docs/docs.json requires fixing the indentation before merge

Important Files Changed

Filename	Overview
docs/docs.json	Adds new ESO doc to navigation with indentation inconsistency that should be fixed
docs/integrations/platforms/kubernetes/external-secrets-operator.mdx	Comprehensive ESO guide with correct YAML examples, clear step-by-step instructions, and helpful troubleshooting

[greptile-apps]

_{1 file reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

Excessive indentation (20 spaces) inconsistent with other groups

The "Kubernetes Operator" group has much more indentation than other sibling groups like "AWS" (line 503-506) and "Agent" (line 520-527), which use 2 spaces per indent level.

Suggested change

	{
	"group": "Kubernetes Operator",
	"pages": [
	"integrations/platforms/kubernetes/overview",
	"integrations/platforms/kubernetes/infisical-secret-crd",
	"integrations/platforms/kubernetes/infisical-push-secret-crd",
	"integrations/platforms/kubernetes/infisical-dynamic-secret-crd",
	"integrations/platforms/kubernetes/external-secrets-operator"
	]
	},
	{
	"group": "Kubernetes Operator",
	"pages": [
	"integrations/platforms/kubernetes/overview",
	"integrations/platforms/kubernetes/infisical-secret-crd",
	"integrations/platforms/kubernetes/infisical-push-secret-crd",
	"integrations/platforms/kubernetes/infisical-dynamic-secret-crd",
	"integrations/platforms/kubernetes/external-secrets-operator"
	]
	},

_{Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!}

[devin-ai-integration]

Closing due to inactivity for more than 7 days. Configure here.