|
|
@@ -2596,6 +2596,24 @@
|
|
|
</ul>
|
|
|
</nav>
|
|
|
|
|
|
+</li>
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="#pushsecrets" class="md-nav__link">
|
|
|
+ <span class="md-ellipsis">
|
|
|
+ PushSecrets
|
|
|
+ </span>
|
|
|
+ </a>
|
|
|
+
|
|
|
+</li>
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="#limitations" class="md-nav__link">
|
|
|
+ <span class="md-ellipsis">
|
|
|
+ Limitations
|
|
|
+ </span>
|
|
|
+ </a>
|
|
|
+
|
|
|
</li>
|
|
|
|
|
|
</ul>
|
|
|
@@ -3327,6 +3345,24 @@
|
|
|
</ul>
|
|
|
</nav>
|
|
|
|
|
|
+</li>
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="#pushsecrets" class="md-nav__link">
|
|
|
+ <span class="md-ellipsis">
|
|
|
+ PushSecrets
|
|
|
+ </span>
|
|
|
+ </a>
|
|
|
+
|
|
|
+</li>
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="#limitations" class="md-nav__link">
|
|
|
+ <span class="md-ellipsis">
|
|
|
+ Limitations
|
|
|
+ </span>
|
|
|
+ </a>
|
|
|
+
|
|
|
</li>
|
|
|
|
|
|
</ul>
|
|
|
@@ -3374,7 +3410,7 @@
|
|
|
<span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain"><NAME_OF_KUBE_SECRET></span>
|
|
|
<span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain"><KEY_IN_KUBE_SECRET></span>
|
|
|
</code></pre></div>
|
|
|
-<p>If required, the API URL (<code>apiUrl</code>) can be customized as well. If not specified, the default value is <code>https://api.pulumi.com</code>.</p>
|
|
|
+<p>If required, the API URL (<code>apiUrl</code>) can be customized as well. If not specified, the default value is <code>https://api.pulumi.com/api/preview</code>.</p>
|
|
|
<h3 id="referencing-secrets">Referencing Secrets</h3>
|
|
|
<p>Secrets can be referenced by defining the <code>key</code> containing the JSON path to the secret. Pulumi ESC secrets are internally organized as a JSON object.</p>
|
|
|
<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span>
|
|
|
@@ -3413,6 +3449,50 @@
|
|
|
<li>root.array["*"].field</li>
|
|
|
</ul>
|
|
|
<p>See <a href="https://www.pulumi.com/docs/concepts/options/ignorechanges/">Pulumi's documentation</a> for more information.</p>
|
|
|
+<h3 id="pushsecrets">PushSecrets</h3>
|
|
|
+<p>With the latest release of Pulumi ESC, secrets can be pushed to the Pulumi service. This can be done by creating a <code>PushSecrets</code> object.</p>
|
|
|
+<p>Here is a basic example of how to define a <code>PushSecret</code> object:</p>
|
|
|
+<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
|
|
|
+<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">PushSecret</span>
|
|
|
+<span class="nt">metadata</span><span class="p">:</span>
|
|
|
+<span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">push-secret-example</span>
|
|
|
+<span class="nt">spec</span><span class="p">:</span>
|
|
|
+<span class="w"> </span><span class="nt">refreshInterval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">10s</span>
|
|
|
+<span class="w"> </span><span class="nt">selector</span><span class="p">:</span>
|
|
|
+<span class="w"> </span><span class="nt">secret</span><span class="p">:</span>
|
|
|
+<span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain"><NAME_OF_KUBE_SECRET></span>
|
|
|
+<span class="w"> </span><span class="nt">secretStoreRefs</span><span class="p">:</span>
|
|
|
+<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ClusterSecretStore</span>
|
|
|
+<span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret-store</span>
|
|
|
+<span class="w"> </span><span class="nt">data</span><span class="p">:</span>
|
|
|
+<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">match</span><span class="p">:</span>
|
|
|
+<span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain"><KEY_IN_KUBE_SECRET></span>
|
|
|
+<span class="w"> </span><span class="nt">remoteRef</span><span class="p">:</span>
|
|
|
+<span class="w"> </span><span class="nt">remoteKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain"><PULUMI_PATH_SYNTAX></span>
|
|
|
+</code></pre></div>
|
|
|
+<p>This will then push the secret to the Pulumi service. If the secret already exists, it will be updated.</p>
|
|
|
+<h3 id="limitations">Limitations</h3>
|
|
|
+<p>Currently, the Pulumi provider only supports nested objects up to a depth of 1. Any nested objects beyond this depth will be stored as a string with the JSON representation.</p>
|
|
|
+<p>This Pulumi ESC example:</p>
|
|
|
+<div class="highlight"><pre><span></span><code><span class="nt">values</span><span class="p">:</span>
|
|
|
+<span class="w"> </span><span class="nt">backstage</span><span class="p">:</span>
|
|
|
+<span class="w"> </span><span class="nt">my</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">test</span>
|
|
|
+<span class="w"> </span><span class="nt">test</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">hello</span>
|
|
|
+<span class="w"> </span><span class="nt">test22</span><span class="p">:</span>
|
|
|
+<span class="w"> </span><span class="nt">my</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">hello</span>
|
|
|
+<span class="w"> </span><span class="nt">test33</span><span class="p">:</span>
|
|
|
+<span class="w"> </span><span class="nt">world</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
|
|
|
+<span class="w"> </span><span class="nt">x</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
|
|
|
+<span class="w"> </span><span class="nt">num</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">42</span>
|
|
|
+</code></pre></div>
|
|
|
+<p>Will result in the following Kubernetes secret:</p>
|
|
|
+<div class="highlight"><pre><span></span><code><span class="nt">my</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">test</span>
|
|
|
+<span class="nt">num</span><span class="p">:</span><span class="w"> </span><span class="s">"42"</span>
|
|
|
+<span class="nt">test</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">hello</span>
|
|
|
+<span class="nt">test22</span><span class="p">:</span><span class="w"> </span><span class="s">'{"my":{"trace":{"def":{"begin":{"byte":72,"column":11,"line":6},"end":{"byte":77,"column":16,"line":6},"environment":"tgif-demo"}},"value":"hello"}}'</span>
|
|
|
+<span class="nt">test33</span><span class="p">:</span><span class="w"> </span><span class="s">'{"world":{"trace":{"def":{"begin":{"byte":103,"column":14,"line":8},"end":{"byte":107,"column":18,"line":8},"environment":"tgif-demo"}},"value":true}}'</span>
|
|
|
+<span class="nt">x</span><span class="p">:</span><span class="w"> </span><span class="s">"true"</span>
|
|
|
+</code></pre></div>
|
|
|
|
|
|
|
|
|
|
Skarlso