Deployed c54bfc6 to main with MkDocs 1.2.3 and mike 1.1.2

main/provider-aws-parameter-store/index.html

@@ -698,6 +698,13 @@
       </ul>
     </nav>
   
+</li>
+      
+        <li class="md-nav__item">
+  <a href="#custom-endpoints" class="md-nav__link">
+    Custom Endpoints
+  </a>
+  
 </li>
       
     </ul>
@@ -1358,6 +1365,13 @@
       </ul>
     </nav>
   
+</li>
+      
+        <li class="md-nav__item">
+  <a href="#custom-endpoints" class="md-nav__link">
+    Custom Endpoints
+  </a>
+  
 </li>
       
     </ul>
@@ -1478,7 +1492,7 @@ Please estimate your costs before using ESO. Cost depends on the RefreshInterval
 <h3 id="access-key-id-secret-access-key">Access Key ID &amp; Secret Access Key</h3>
 <p><img alt="SecretRef" src="../pictures/diagrams-provider-aws-auth-secret-ref.png" /></p>
 <p>You can store Access Key ID &amp; Secret Access Key in a <code>Kind=Secret</code> and reference it from a SecretStore.</p>
-<p><div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span><span class="w"></span>
+<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span><span class="w"></span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span><span class="w"></span>
 <span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
 <span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">team-b-store</span><span class="w"></span>
@@ -1498,7 +1512,7 @@ Please estimate your costs before using ESO. Cost depends on the RefreshInterval
 <span class="w">            </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">awssm-secret</span><span class="w"></span>
 <span class="w">            </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret-access-key</span><span class="w"></span>
 </code></pre></div>
-<strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> in <code>accessKeyIDSecretRef</code>, <code>secretAccessKeySecretRef</code>  with the namespaces where the secrets reside.</p>
+<p><strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> in <code>accessKeyIDSecretRef</code>, <code>secretAccessKeySecretRef</code> with the namespaces where the secrets reside.</p>
 <h3 id="eks-service-account-credentials">EKS Service Account credentials</h3>
 <p><img alt="Service Account" src="../pictures/diagrams-provider-aws-auth-service-account.png" /></p>
 <p>This feature lets you use short-lived service account tokens to authenticate with AWS.
@@ -1512,7 +1526,7 @@ You must have <a href="https://kubernetes.io/docs/tasks/configure-pod-container/
 <span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-serviceaccount</span><span class="w"></span>
 <span class="w">  </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">default</span><span class="w"></span>
 </code></pre></div>
-<p>Reference the service account from above in the Secret Store:
+<p>Reference the service account from above in the Secret Store:</p>
 <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span><span class="w"></span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span><span class="w"></span>
 <span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
@@ -1527,7 +1541,32 @@ You must have <a href="https://kubernetes.io/docs/tasks/configure-pod-container/
 <span class="w">          </span><span class="nt">serviceAccountRef</span><span class="p">:</span><span class="w"></span>
 <span class="w">            </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-serviceaccount</span><span class="w"></span>
 </code></pre></div>
-<strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> for <code>serviceAccountRef</code> with the namespace where the service account resides.</p>
+<p><strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> for <code>serviceAccountRef</code> with the namespace where the service account resides.</p>
+<h2 id="custom-endpoints">Custom Endpoints</h2>
+<p>You can define custom AWS endpoints if you want to use regional, vpc or custom endpoints. See List of endpoints for <a href="https://docs.aws.amazon.com/general/latest/gr/asm.html">Secrets Manager</a>, <a href="https://docs.aws.amazon.com/general/latest/gr/ssm.html">Secure Systems Manager</a> and <a href="https://docs.aws.amazon.com/general/latest/gr/sts.html">Security Token Service</a>.</p>
+<p>Use the following environment variables to point the controller to your custom endpoints. Note: All resources managed by this controller are affected.</p>
+<table>
+<thead>
+<tr>
+<th>ENV VAR</th>
+<th>DESCRIPTION</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>AWS_SECRETSMANAGER_ENDPOINT</td>
+<td>Endpoint for the Secrets Manager Service. The controller uses this endpoint to fetch secrets from AWS Secrets Manager.</td>
+</tr>
+<tr>
+<td>AWS_SSM_ENDPOINT</td>
+<td>Endpoint for the AWS Secure Systems Manager. The controller uses this endpoint to fetch secrets from SSM Parameter Store.</td>
+</tr>
+<tr>
+<td>AWS_STS_ENDPOINT</td>
+<td>Endpoint for the Security Token Service. The controller uses this endpoint when creating a session and when doing <code>assumeRole</code> or <code>assumeRoleWithWebIdentity</code> calls.</td>
+</tr>
+</tbody>
+</table>
 
               
             </article>

main/provider-aws-secrets-manager/index.html

@@ -684,6 +684,13 @@
       </ul>
     </nav>
   
+</li>
+      
+        <li class="md-nav__item">
+  <a href="#custom-endpoints" class="md-nav__link">
+    Custom Endpoints
+  </a>
+  
 </li>
       
     </ul>
@@ -1358,6 +1365,13 @@
       </ul>
     </nav>
   
+</li>
+      
+        <li class="md-nav__item">
+  <a href="#custom-endpoints" class="md-nav__link">
+    Custom Endpoints
+  </a>
+  
 </li>
       
     </ul>
@@ -1485,7 +1499,7 @@ way users of the <code>SecretStore</code> can only access the secrets necessary.
 <h3 id="access-key-id-secret-access-key">Access Key ID &amp; Secret Access Key</h3>
 <p><img alt="SecretRef" src="../pictures/diagrams-provider-aws-auth-secret-ref.png" /></p>
 <p>You can store Access Key ID &amp; Secret Access Key in a <code>Kind=Secret</code> and reference it from a SecretStore.</p>
-<p><div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span><span class="w"></span>
+<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span><span class="w"></span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span><span class="w"></span>
 <span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
 <span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">team-b-store</span><span class="w"></span>
@@ -1505,7 +1519,7 @@ way users of the <code>SecretStore</code> can only access the secrets necessary.
 <span class="w">            </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">awssm-secret</span><span class="w"></span>
 <span class="w">            </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret-access-key</span><span class="w"></span>
 </code></pre></div>
-<strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> in <code>accessKeyIDSecretRef</code>, <code>secretAccessKeySecretRef</code>  with the namespaces where the secrets reside.</p>
+<p><strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> in <code>accessKeyIDSecretRef</code>, <code>secretAccessKeySecretRef</code> with the namespaces where the secrets reside.</p>
 <h3 id="eks-service-account-credentials">EKS Service Account credentials</h3>
 <p><img alt="Service Account" src="../pictures/diagrams-provider-aws-auth-service-account.png" /></p>
 <p>This feature lets you use short-lived service account tokens to authenticate with AWS.
@@ -1519,7 +1533,7 @@ You must have <a href="https://kubernetes.io/docs/tasks/configure-pod-container/
 <span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-serviceaccount</span><span class="w"></span>
 <span class="w">  </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">default</span><span class="w"></span>
 </code></pre></div>
-<p>Reference the service account from above in the Secret Store:
+<p>Reference the service account from above in the Secret Store:</p>
 <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span><span class="w"></span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span><span class="w"></span>
 <span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
@@ -1534,7 +1548,32 @@ You must have <a href="https://kubernetes.io/docs/tasks/configure-pod-container/
 <span class="w">          </span><span class="nt">serviceAccountRef</span><span class="p">:</span><span class="w"></span>
 <span class="w">            </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-serviceaccount</span><span class="w"></span>
 </code></pre></div>
-<strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> for <code>serviceAccountRef</code> with the namespace where the service account resides.</p>
+<p><strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> for <code>serviceAccountRef</code> with the namespace where the service account resides.</p>
+<h2 id="custom-endpoints">Custom Endpoints</h2>
+<p>You can define custom AWS endpoints if you want to use regional, vpc or custom endpoints. See List of endpoints for <a href="https://docs.aws.amazon.com/general/latest/gr/asm.html">Secrets Manager</a>, <a href="https://docs.aws.amazon.com/general/latest/gr/ssm.html">Secure Systems Manager</a> and <a href="https://docs.aws.amazon.com/general/latest/gr/sts.html">Security Token Service</a>.</p>
+<p>Use the following environment variables to point the controller to your custom endpoints. Note: All resources managed by this controller are affected.</p>
+<table>
+<thead>
+<tr>
+<th>ENV VAR</th>
+<th>DESCRIPTION</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>AWS_SECRETSMANAGER_ENDPOINT</td>
+<td>Endpoint for the Secrets Manager Service. The controller uses this endpoint to fetch secrets from AWS Secrets Manager.</td>
+</tr>
+<tr>
+<td>AWS_SSM_ENDPOINT</td>
+<td>Endpoint for the AWS Secure Systems Manager. The controller uses this endpoint to fetch secrets from SSM Parameter Store.</td>
+</tr>
+<tr>
+<td>AWS_STS_ENDPOINT</td>
+<td>Endpoint for the Security Token Service. The controller uses this endpoint when creating a session and when doing <code>assumeRole</code> or <code>assumeRoleWithWebIdentity</code> calls.</td>
+</tr>
+</tbody>
+</table>
 
               
             </article>

main/sitemap.xml

@@ -2,182 +2,182 @@
 <urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
     <url>
          <loc>None</loc>
-         <lastmod>2022-02-18</lastmod>
+         <lastmod>2022-02-21</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2022-02-18</lastmod>
+         <lastmod>2022-02-21</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2022-02-18</lastmod>
+         <lastmod>2022-02-21</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2022-02-18</lastmod>
+         <lastmod>2022-02-21</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2022-02-18</lastmod>
+         <lastmod>2022-02-21</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2022-02-18</lastmod>
+         <lastmod>2022-02-21</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2022-02-18</lastmod>
+         <lastmod>2022-02-21</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2022-02-18</lastmod>
+         <lastmod>2022-02-21</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2022-02-18</lastmod>
+         <lastmod>2022-02-21</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2022-02-18</lastmod>
+         <lastmod>2022-02-21</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2022-02-18</lastmod>
+         <lastmod>2022-02-21</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2022-02-18</lastmod>
+         <lastmod>2022-02-21</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2022-02-18</lastmod>
+         <lastmod>2022-02-21</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2022-02-18</lastmod>
+         <lastmod>2022-02-21</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2022-02-18</lastmod>
+         <lastmod>2022-02-21</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2022-02-18</lastmod>
+         <lastmod>2022-02-21</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2022-02-18</lastmod>
+         <lastmod>2022-02-21</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2022-02-18</lastmod>
+         <lastmod>2022-02-21</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2022-02-18</lastmod>
+         <lastmod>2022-02-21</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2022-02-18</lastmod>
+         <lastmod>2022-02-21</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2022-02-18</lastmod>
+         <lastmod>2022-02-21</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2022-02-18</lastmod>
+         <lastmod>2022-02-21</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2022-02-18</lastmod>
+         <lastmod>2022-02-21</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2022-02-18</lastmod>
+         <lastmod>2022-02-21</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2022-02-18</lastmod>
+         <lastmod>2022-02-21</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2022-02-18</lastmod>
+         <lastmod>2022-02-21</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2022-02-18</lastmod>
+         <lastmod>2022-02-21</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2022-02-18</lastmod>
+         <lastmod>2022-02-21</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2022-02-18</lastmod>
+         <lastmod>2022-02-21</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2022-02-18</lastmod>
+         <lastmod>2022-02-21</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2022-02-18</lastmod>
+         <lastmod>2022-02-21</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2022-02-18</lastmod>
+         <lastmod>2022-02-21</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2022-02-18</lastmod>
+         <lastmod>2022-02-21</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2022-02-18</lastmod>
+         <lastmod>2022-02-21</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2022-02-18</lastmod>
+         <lastmod>2022-02-21</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2022-02-18</lastmod>
+         <lastmod>2022-02-21</lastmod>
          <changefreq>daily</changefreq>
     </url>
 </urlset>

main/snippets/provider-aws-access/index.html

@@ -1236,6 +1236,13 @@
       </ul>
     </nav>
   
+</li>
+      
+        <li class="md-nav__item">
+  <a href="#custom-endpoints" class="md-nav__link">
+    Custom Endpoints
+  </a>
+  
 </li>
       
     </ul>
@@ -1278,7 +1285,7 @@
 <h3 id="access-key-id-secret-access-key">Access Key ID &amp; Secret Access Key</h3>
 <p><img alt="SecretRef" src="./pictures/diagrams-provider-aws-auth-secret-ref.png" /></p>
 <p>You can store Access Key ID &amp; Secret Access Key in a <code>Kind=Secret</code> and reference it from a SecretStore.</p>
-<p><div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span><span class="w"></span>
+<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span><span class="w"></span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span><span class="w"></span>
 <span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
 <span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">team-b-store</span><span class="w"></span>
@@ -1298,7 +1305,7 @@
 <span class="w">            </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">awssm-secret</span><span class="w"></span>
 <span class="w">            </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret-access-key</span><span class="w"></span>
 </code></pre></div>
-<strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> in <code>accessKeyIDSecretRef</code>, <code>secretAccessKeySecretRef</code>  with the namespaces where the secrets reside.</p>
+<p><strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> in <code>accessKeyIDSecretRef</code>, <code>secretAccessKeySecretRef</code> with the namespaces where the secrets reside.</p>
 <h3 id="eks-service-account-credentials">EKS Service Account credentials</h3>
 <p><img alt="Service Account" src="./pictures/diagrams-provider-aws-auth-service-account.png" /></p>
 <p>This feature lets you use short-lived service account tokens to authenticate with AWS.
@@ -1312,7 +1319,7 @@ You must have <a href="https://kubernetes.io/docs/tasks/configure-pod-container/
 <span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-serviceaccount</span><span class="w"></span>
 <span class="w">  </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">default</span><span class="w"></span>
 </code></pre></div>
-<p>Reference the service account from above in the Secret Store:
+<p>Reference the service account from above in the Secret Store:</p>
 <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span><span class="w"></span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span><span class="w"></span>
 <span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
@@ -1327,7 +1334,32 @@ You must have <a href="https://kubernetes.io/docs/tasks/configure-pod-container/
 <span class="w">          </span><span class="nt">serviceAccountRef</span><span class="p">:</span><span class="w"></span>
 <span class="w">            </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-serviceaccount</span><span class="w"></span>
 </code></pre></div>
-<strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> for <code>serviceAccountRef</code> with the namespace where the service account resides.</p>
+<p><strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> for <code>serviceAccountRef</code> with the namespace where the service account resides.</p>
+<h2 id="custom-endpoints">Custom Endpoints</h2>
+<p>You can define custom AWS endpoints if you want to use regional, vpc or custom endpoints. See List of endpoints for <a href="https://docs.aws.amazon.com/general/latest/gr/asm.html">Secrets Manager</a>, <a href="https://docs.aws.amazon.com/general/latest/gr/ssm.html">Secure Systems Manager</a> and <a href="https://docs.aws.amazon.com/general/latest/gr/sts.html">Security Token Service</a>.</p>
+<p>Use the following environment variables to point the controller to your custom endpoints. Note: All resources managed by this controller are affected.</p>
+<table>
+<thead>
+<tr>
+<th>ENV VAR</th>
+<th>DESCRIPTION</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>AWS_SECRETSMANAGER_ENDPOINT</td>
+<td>Endpoint for the Secrets Manager Service. The controller uses this endpoint to fetch secrets from AWS Secrets Manager.</td>
+</tr>
+<tr>
+<td>AWS_SSM_ENDPOINT</td>
+<td>Endpoint for the AWS Secure Systems Manager. The controller uses this endpoint to fetch secrets from SSM Parameter Store.</td>
+</tr>
+<tr>
+<td>AWS_STS_ENDPOINT</td>
+<td>Endpoint for the Security Token Service. The controller uses this endpoint when creating a session and when doing <code>assumeRole</code> or <code>assumeRoleWithWebIdentity</code> calls.</td>
+</tr>
+</tbody>
+</table>
 
               
             </article>