Browse Source

Deployed d42e19dc to main with MkDocs 1.4.3 and mike 1.2.0.dev0

gusfcarvalho 2 years ago
parent
commit
0791f8e94a

+ 73 - 5
main/api/spec/index.html

@@ -2315,7 +2315,7 @@ string
 </td>
 </td>
 <td>
 <td>
 <em>(Optional)</em>
 <em>(Optional)</em>
-<p>Role is a Role ARN which the SecretManager provider will assume</p>
+<p>Role is a Role ARN which the provider will assume</p>
 </td>
 </td>
 </tr>
 </tr>
 <tr>
 <tr>
@@ -2338,7 +2338,7 @@ string
 </td>
 </td>
 <td>
 <td>
 <em>(Optional)</em>
 <em>(Optional)</em>
-<p>AdditionalRoles is a chained list of Role ARNs which the SecretManager provider will sequentially assume before assuming Role</p>
+<p>AdditionalRoles is a chained list of Role ARNs which the provider will sequentially assume before assuming the Role</p>
 </td>
 </td>
 </tr>
 </tr>
 <tr>
 <tr>
@@ -2368,6 +2368,20 @@ string
 </tr>
 </tr>
 <tr>
 <tr>
 <td>
 <td>
+<code>secretsManager</code></br>
+<em>
+<a href="#external-secrets.io/v1beta1.SecretsManager">
+SecretsManager
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>SecretsManager defines how the provider behaves when interacting with AWS SecretsManager</p>
+</td>
+</tr>
+<tr>
+<td>
 <code>transitiveTagKeys</code></br>
 <code>transitiveTagKeys</code></br>
 <em>
 <em>
 []*string
 []*string
@@ -2375,7 +2389,7 @@ string
 </td>
 </td>
 <td>
 <td>
 <em>(Optional)</em>
 <em>(Optional)</em>
-<p>AWS STS assume role transitive session tags. Required when multiple rules are used with SecretStore</p>
+<p>AWS STS assume role transitive session tags. Required when multiple rules are used with the provider</p>
 </td>
 </td>
 </tr>
 </tr>
 </tbody>
 </tbody>
@@ -2397,11 +2411,11 @@ string
 </tr>
 </tr>
 </thead>
 </thead>
 <tbody><tr><td><p>&#34;ParameterStore&#34;</p></td>
 <tbody><tr><td><p>&#34;ParameterStore&#34;</p></td>
-<td><p>AWSServiceParameterStore is the AWS SystemsManager ParameterStore.
+<td><p>AWSServiceParameterStore is the AWS SystemsManager ParameterStore service.
 see: <a href="https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html">https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html</a></p>
 see: <a href="https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html">https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html</a></p>
 </td>
 </td>
 </tr><tr><td><p>&#34;SecretsManager&#34;</p></td>
 </tr><tr><td><p>&#34;SecretsManager&#34;</p></td>
-<td><p>AWSServiceSecretsManager is the AWS SecretsManager.
+<td><p>AWSServiceSecretsManager is the AWS SecretsManager service.
 see: <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html">https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html</a></p>
 see: <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html">https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html</a></p>
 </td>
 </td>
 </tr></tbody>
 </tr></tbody>
@@ -7684,6 +7698,60 @@ Kubernetes meta/v1.Time
 <p>
 <p>
 <p>SecretsClient provides access to secrets.</p>
 <p>SecretsClient provides access to secrets.</p>
 </p>
 </p>
+<h3 id="external-secrets.io/v1beta1.SecretsManager">SecretsManager
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#external-secrets.io/v1beta1.AWSProvider">AWSProvider</a>)
+</p>
+<p>
+<p>SecretsManager defines how the provider behaves when interacting with AWS
+SecretsManager. Some of these settings are only applicable to controlling how
+secrets are deleted, and hence only apply to PushSecret (and only when
+deletionPolicy is set to Delete).</p>
+</p>
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>forceDeleteWithoutRecovery</code></br>
+<em>
+bool
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Specifies whether to delete the secret without any recovery window. You
+can&rsquo;t use both this parameter and RecoveryWindowInDays in the same call.
+If you don&rsquo;t use either, then by default Secrets Manager uses a 30 day
+recovery window.
+see: <a href="https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-ForceDeleteWithoutRecovery">https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-ForceDeleteWithoutRecovery</a></p>
+</td>
+</tr>
+<tr>
+<td>
+<code>recoveryWindowInDays</code></br>
+<em>
+int64
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>The number of days from 7 to 30 that Secrets Manager waits before
+permanently deleting the secret. You can&rsquo;t use both this parameter and
+ForceDeleteWithoutRecovery in the same call. If you don&rsquo;t use either,
+then by default Secrets Manager uses a 30 day recovery window.
+see: <a href="https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-RecoveryWindowInDays">https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-RecoveryWindowInDays</a></p>
+</td>
+</tr>
+</tbody>
+</table>
 <h3 id="external-secrets.io/v1beta1.SenhaseguraAuth">SenhaseguraAuth
 <h3 id="external-secrets.io/v1beta1.SenhaseguraAuth">SenhaseguraAuth
 </h3>
 </h3>
 <p>
 <p>

+ 33 - 0
main/provider/aws-secrets-manager/index.html

@@ -1448,6 +1448,13 @@
     Permissions for PushSecret
     Permissions for PushSecret
   </a>
   </a>
   
   
+</li>
+        
+          <li class="md-nav__item">
+  <a href="#additional-settings-for-pushsecret" class="md-nav__link">
+    Additional Settings for PushSecret
+  </a>
+  
 </li>
 </li>
         
         
       </ul>
       </ul>
@@ -2233,6 +2240,13 @@
     Permissions for PushSecret
     Permissions for PushSecret
   </a>
   </a>
   
   
+</li>
+        
+          <li class="md-nav__item">
+  <a href="#additional-settings-for-pushsecret" class="md-nav__link">
+    Additional Settings for PushSecret
+  </a>
+  
 </li>
 </li>
         
         
       </ul>
       </ul>
@@ -2418,6 +2432,25 @@ way users of the <code>SecretStore</code> can only access the secrets necessary.
 <span class="p">}</span>
 <span class="p">}</span>
 </code></pre></div>
 </code></pre></div>
 <p>In this policy, the DeleteSecret action is restricted to secrets that have the specified tag, ensuring that deletion operations are more controlled and in line with the intended management of the secrets.</p>
 <p>In this policy, the DeleteSecret action is restricted to secrets that have the specified tag, ensuring that deletion operations are more controlled and in line with the intended management of the secrets.</p>
+<h4 id="additional-settings-for-pushsecret">Additional Settings for PushSecret</h4>
+<p>Additional settings can be set at the <code>SecretStore</code> level to control the behavior of <code>PushSecret</code> when interacting with AWS Secrets Manager.</p>
+<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span>
+<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
+<span class="nt">metadata</span><span class="p">:</span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">aws-secretsmanager</span>
+<span class="nt">spec</span><span class="p">:</span>
+<span class="w">  </span><span class="nt">provider</span><span class="p">:</span>
+<span class="w">    </span><span class="nt">aws</span><span class="p">:</span>
+<span class="w">      </span><span class="nt">service</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretsManager</span>
+<span class="w">      </span><span class="nt">role</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">arn:aws:iam::123456789012:role/external-secrets</span>
+<span class="w">      </span><span class="nt">region</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">eu-central-1</span>
+<span class="w">      </span><span class="nt">secretsManager</span><span class="p">:</span>
+<span class="w">        </span><span class="c1"># Additional parameters can be added to the AWS Secrets Manager DeleteSecret API call.</span>
+<span class="w">        </span><span class="c1"># These parameters are only relevant when the deletionPolicy is set to Delete.</span>
+<span class="w">        </span><span class="c1"># See: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#API_DeleteSecret_RequestSyntax</span>
+<span class="w">        </span><span class="nt">forceDeleteWithoutRecovery</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
+<span class="w">        </span><span class="c1"># recoveryWindowInDays: 9 (conflicts with forceDeleteWithoutRecovery)</span>
+</code></pre></div>
 <h3 id="json-secret-values">JSON Secret Values</h3>
 <h3 id="json-secret-values">JSON Secret Values</h3>
 <p>SecretsManager supports <em>simple</em> key/value pairs that are stored as json. If you use the API you can store more complex JSON objects. You can access nested values or arrays using <a href="https://github.com/tidwall/gjson/blob/master/SYNTAX.md">gjson syntax</a>:</p>
 <p>SecretsManager supports <em>simple</em> key/value pairs that are stored as json. If you use the API you can store more complex JSON objects. You can access nested values or arrays using <a href="https://github.com/tidwall/gjson/blob/master/SYNTAX.md">gjson syntax</a>:</p>
 <p>Consider the following JSON object that is stored in the SecretsManager key <code>friendslist</code>:
 <p>Consider the following JSON object that is stored in the SecretsManager key <code>friendslist</code>:

File diff suppressed because it is too large
+ 0 - 0
main/search/search_index.json


BIN
main/sitemap.xml.gz


+ 16 - 0
main/snippets/aws-sm-store-secretsmanager-config.yaml

@@ -0,0 +1,16 @@
+apiVersion: external-secrets.io/v1beta1
+kind: SecretStore
+metadata:
+  name: aws-secretsmanager
+spec:
+  provider:
+    aws:
+      service: SecretsManager
+      role: arn:aws:iam::123456789012:role/external-secrets
+      region: eu-central-1
+      secretsManager:
+        # Additional parameters can be added to the AWS Secrets Manager DeleteSecret API call.
+        # These parameters are only relevant when the deletionPolicy is set to Delete.
+        # See: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#API_DeleteSecret_RequestSyntax
+        forceDeleteWithoutRecovery: true
+        # recoveryWindowInDays: 9 (conflicts with forceDeleteWithoutRecovery)

Some files were not shown because too many files changed in this diff