| `--enable-cluster-store-reconciler` | boolean | true | Enables the cluster store reconciler. |
| `--enable-secrets-caching` | boolean | false | Enables the secrets caching for external-secrets pod. |
| `--enable-configmaps-caching` | boolean | false | Enables the ConfigMap caching for external-secrets pod. |
| `--enable-flood-gate` | boolean | true | Enable flood gate. External secret will be reconciled only if the ClusterStore or Store have an healthy or unknown state. |
| `--enable-leader-election` | boolean | false | Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager. |
| `--experimental-enable-aws-session-cache` | boolean | false | Enable experimental AWS session cache. External secret will reuse the AWS session without creating a new one on each request. |
| `--help` | | | help for external-secrets |
| `--loglevel` | string | info | loglevel to use, one of: debug, info, warn, error, dpanic, panic, fatal |
| `--metrics-addr` | string | :8080 | The address the metric endpoint binds to. |
| `--namespace` | string | - | watch external secrets scoped in the provided namespace only. ClusterSecretStore can be used but only work if it doesn't reference resources from other namespaces |
| `--store-requeue-interval` | duration | 5m0s | Default Time duration between reconciling (Cluster)SecretStores |
| `--crd-requeue-interval` | duration | 5m0s | Time duration between reconciling CRDs for new certs |
| `--enable-leader-election` | boolean | false | Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager. |
| `--healthz-addr` | string | :8081 | The address the health endpoint binds to. |
| `--help` | | | help for certcontroller |
| `--loglevel` | string | info | loglevel to use, one of: debug, info, warn, error, dpanic, panic, fatal |
| `--metrics-addr` | string | :8080 | The address the metric endpoint binds to. |
| `--secret-name` | string | external-secrets-webhook | Secret to store certs for webhook |
| `--secret-namespace` | string | default | namespace of the secret to store certs |
| `--service-name` | string | external-secrets-webhook | Webhook service name |
| `--metrics-addr` | string | :8080 | The address the metric endpoint binds to. |
| `--port` | number | 10250 | Port number that the webhook server will serve. |
| `--tls-ciphers` | string | | comma separated list of tls ciphers allowed. This does not apply to TLS 1.3 as the ciphers are selected automatically. The order of this list does not give preference to the ciphers, the ordering is done automatically. Full lists of available ciphers can be found at https://pkg.go.dev/crypto/tls#pkg-constants. E.g. 'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256' |
| `--tls-min-version` | string | 1.2 | minimum version of TLS supported. |