Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

docs: update bitwarden documentation for dataFrom field usage (#5196)

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Gergely Brautigam 9 months ago
parent
4bfbac2eb0
commit
046a853d51
1 changed files with 32 additions and 1 deletions
Split View Show Diff Stats
  1. 32 1
      docs/provider/bitwarden-secrets-manager.md

+ 32 - 1
docs/provider/bitwarden-secrets-manager.md
View File 

@@ -11,7 +11,7 @@ This section describes how to set up the Bitwarden Secrets Manager provider for
 
 
 ### Prerequisites
 
 
-In order for the bitwarden provider to work, we need a second service. This service is the [Bitwarden SDK Server](https://github.com/external-secrets/bitwarden-sdk-server).
 
+In order for the Bitwarden provider to work, we need a second service. This service is the [Bitwarden SDK Server](https://github.com/external-secrets/bitwarden-sdk-server).
 
 The Bitwarden SDK is Rust based and requires CGO enabled. In order to not restrict the capabilities of ESO, and the image
 
 size ( the bitwarden Rust SDK libraries are over 150MB in size ) it has been decided to create a soft wrapper
 
 around the SDK that runs as a separate service providing ESO with a light REST API to pull secrets through.
 
@@ -109,6 +109,37 @@ spec:
 
       key: "secret-name"
 
 ```
 
 
+#### DataFrom
 
+
 
+When using dataFrom like this:
 
+
 
+```yaml
 
+  dataFrom:
 
+  - find:
 
+      conversionStrategy: Default
 
+      decodingStrategy: None
 
+      name:
 
+        regexp: db_
 
+```
 
+
 
+Note that the secrets in the map will end up something like this:
 
+
 
+```
 
+$ kubectl get secret secret-to-be-created -o jsonpath='{.data}'|jq
 
+{
 
+"2989464a-03c2-4ced-9fe2-b34400aca42d": "bG9jYWxob3N0OjEyMzQ1",
 
+"98c18ddb-314e-463c-97c3-b34400ac6593": "dWFzZXJuYW1lMQ==",
 
+"c917a790-76bc-49ca-b303-b34400ac8035": "UGFzc1dvcmQx",
 
+}
 
+```
 
+
 
+The finder uses the ID of the key instead of the name because in Bitwarden, having the same key/name for a secret inside the same project
 
+is a _VALID_ option. Meaning, potentially, a secret could overwrite another secret in the secret data map.
 
+
 
+Hence, the ID of the secret is used when listing all secrets. This is inconvenient because now we can hardly
 
+refer to these secrets anymore from code. Hence, it is advised to use a rewrite rule with templates or
 
+to avoid using dataFrom field.
 
+
 
 ### Push Secret
 
 
 Pushing a secret is also implemented. Pushing a secret requires even more restrictions because Bitwarden Secrets Manager