Deployed 242a6ee1 to main with MkDocs 1.2.3 and mike 1.1.2

main/api/externalsecret/index.html

@@ -604,6 +604,13 @@
     Update Behavior
   </a>
   
+</li>
+      
+        <li class="md-nav__item">
+  <a href="#features" class="md-nav__link">
+    Features
+  </a>
+  
 </li>
       
         <li class="md-nav__item">
@@ -1864,6 +1871,13 @@
     Update Behavior
   </a>
   
+</li>
+      
+        <li class="md-nav__item">
+  <a href="#features" class="md-nav__link">
+    Features
+  </a>
+  
 </li>
       
         <li class="md-nav__item">
@@ -1913,6 +1927,16 @@ be transformed and saved as a <code>Kind=Secret</code>:</p>
 <p>You can trigger a secret refresh by using kubectl or any other kubernetes api client:</p>
 <div class="highlight"><pre><span></span><code>kubectl annotate es my-es force-sync=$(date +%s) --overwrite
 </code></pre></div>
+<h2 id="features">Features</h2>
+<p>Individual features are described in the <a href="../guides/">Guides section</a>:</p>
+<ul>
+<li><a href="../../guides/getallsecrets/">Find many secrets / Extract from structured data</a></li>
+<li><a href="../../guides/templating/">Templating</a></li>
+<li><a href="../../guides/generator/">Using Generators</a></li>
+<li><a href="../../guides/ownership-deletion-policy/">Secret Ownership and Deletion</a></li>
+<li><a href="../../guides/datafrom-rewrite/">Key Rewriting</a></li>
+<li><a href="../../guides/decoding-strategy/">Decoding Strategy</a></li>
+</ul>
 <h2 id="example">Example</h2>
 <p>Take a look at an annotated example to understand the design behind the
 <code>ExternalSecret</code>.</p>
@@ -1930,9 +1954,9 @@ be transformed and saved as a <code>Kind=Secret</code>:</p>
 
 <span class="nt">spec</span><span class="p">:</span><span class="w"></span>
 
-<span class="w">  </span><span class="c1"># SecretStoreRef defines which SecretStore to use when fetching the secret data</span><span class="w"></span>
+<span class="w">  </span><span class="c1"># Optional, SecretStoreRef defines the default SecretStore to use when fetching the secret data.</span><span class="w"></span>
 <span class="w">  </span><span class="nt">secretStoreRef</span><span class="p">:</span><span class="w"></span>
-<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret-store-name</span><span class="w"></span>
+<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">aws-store</span><span class="w"></span>
 <span class="w">    </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span><span class="w">  </span><span class="c1"># or ClusterSecretStore</span><span class="w"></span>
 
 <span class="w">  </span><span class="c1"># RefreshInterval is the amount of time before the values reading again from the SecretStore provider</span><span class="w"></span>
@@ -1947,7 +1971,7 @@ be transformed and saved as a <code>Kind=Secret</code>:</p>
 <span class="w">    </span><span class="c1"># The secret name of the resource</span><span class="w"></span>
 <span class="w">    </span><span class="c1"># Defaults to .metadata.name of the ExternalSecret</span><span class="w"></span>
 <span class="w">    </span><span class="c1"># It is immutable</span><span class="w"></span>
-<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-secret</span><span class="w"></span>
+<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">application-config</span><span class="w"></span>
 
 <span class="w">    </span><span class="c1"># Enum with values: &#39;Owner&#39;, &#39;Merge&#39;, or &#39;None&#39;</span><span class="w"></span>
 <span class="w">    </span><span class="c1"># Default value of &#39;Owner&#39;</span><span class="w"></span>
@@ -1972,47 +1996,58 @@ be transformed and saved as a <code>Kind=Secret</code>:</p>
 <span class="w">      </span><span class="c1"># Use inline templates to construct your desired config file that contains your secret</span><span class="w"></span>
 <span class="w">      </span><span class="nt">data</span><span class="p">:</span><span class="w"></span>
 <span class="w">        </span><span class="nt">config.yml</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">|</span><span class="w"></span>
-<span class="w">          </span><span class="no">endpoints:</span><span class="w"></span>
-<span class="w">          </span><span class="no">- https://{{ .data.user }}:{{ .data.password }}@api.exmaple.com</span><span class="w"></span>
+<span class="w">          </span><span class="no">database:</span><span class="w"></span>
+<span class="w">            </span><span class="no">connection: postgres://{{ .username }}:{{ .password }}@{{ .database_host }}:5432/payments</span><span class="w"></span>
 
 <span class="w">      </span><span class="c1"># Uses an existing template from configmap</span><span class="w"></span>
 <span class="w">      </span><span class="c1"># Secret is fetched, merged and templated within the referenced configMap data</span><span class="w"></span>
 <span class="w">      </span><span class="c1"># It does not update the configmap, it creates a secret with: data[&quot;alertmanager.yml&quot;] = ...result...</span><span class="w"></span>
 <span class="w">      </span><span class="nt">templateFrom</span><span class="p">:</span><span class="w"></span>
 <span class="w">      </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">configMap</span><span class="p">:</span><span class="w"></span>
-<span class="w">          </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">alertmanager</span><span class="w"></span>
+<span class="w">          </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">application-config-tmpl</span><span class="w"></span>
 <span class="w">          </span><span class="nt">items</span><span class="p">:</span><span class="w"></span>
-<span class="w">          </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">alertmanager.yaml</span><span class="w"></span>
+<span class="w">          </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">config.yml</span><span class="w"></span>
 
 <span class="w">  </span><span class="c1"># Data defines the connection between the Kubernetes Secret keys and the Provider data</span><span class="w"></span>
 <span class="w">  </span><span class="nt">data</span><span class="p">:</span><span class="w"></span>
-<span class="w">    </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret-key-to-be-managed</span><span class="w"></span>
+<span class="w">    </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">username</span><span class="w"></span>
 <span class="w">      </span><span class="nt">remoteRef</span><span class="p">:</span><span class="w"></span>
-<span class="w">        </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">provider-key</span><span class="w"></span>
-<span class="w">        </span><span class="nt">version</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">provider-key-version</span><span class="w"></span>
-<span class="w">        </span><span class="nt">property</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">provider-key-property</span><span class="w"></span>
+<span class="w">        </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database-credentials</span><span class="w"></span>
+<span class="w">        </span><span class="nt">version</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v1</span><span class="w"></span>
+<span class="w">        </span><span class="nt">property</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">username</span><span class="w"></span>
 <span class="w">        </span><span class="nt">decodingStrategy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">None</span><span class="w"> </span><span class="c1"># can be None, Base64, Base64URL or Auto</span><span class="w"></span>
 
+<span class="w">      </span><span class="c1"># define the source of the secret. Can be a SecretStore or a Generator kind</span><span class="w"></span>
+<span class="w">      </span><span class="nt">sourceRef</span><span class="p">:</span><span class="w"></span>
+<span class="w">        </span><span class="c1"># point to a SecretStore that should be used to fetch a secret.</span><span class="w"></span>
+<span class="w">        </span><span class="c1"># must be defined if no spec.secretStoreRef is defined.</span><span class="w"></span>
+<span class="w">        </span><span class="nt">storeRef</span><span class="p">:</span><span class="w"></span>
+<span class="w">          </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">aws-secretstore</span><span class="w"></span>
+<span class="w">          </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ClusterSecretStore</span><span class="w"></span>
+
+<span class="w">        </span><span class="c1"># point to a generator resource that provides the secret value</span><span class="w"></span>
+<span class="w">        </span><span class="nt">generatorRef</span><span class="p">:</span><span class="w"></span>
+<span class="w">          </span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">generators.external-secrets.io/v1alpha1</span><span class="w"></span>
+<span class="w">          </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Password</span><span class="w"></span>
+<span class="w">          </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">db-password</span><span class="w"></span>
+
 <span class="w">  </span><span class="c1"># Used to fetch all properties from the Provider key</span><span class="w"></span>
 <span class="w">  </span><span class="c1"># If multiple dataFrom are specified, secrets are merged in the specified order</span><span class="w"></span>
 <span class="w">  </span><span class="nt">dataFrom</span><span class="p">:</span><span class="w"></span>
 <span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">extract</span><span class="p">:</span><span class="w"></span>
-<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">provider-key</span><span class="w"></span>
-<span class="w">      </span><span class="nt">version</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">provider-key-version</span><span class="w"></span>
-<span class="w">      </span><span class="nt">property</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">provider-key-property</span><span class="w"></span>
+<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database-credentials</span><span class="w"></span>
+<span class="w">      </span><span class="nt">version</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v1</span><span class="w"></span>
+<span class="w">      </span><span class="nt">property</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">data</span><span class="w"></span>
 <span class="w">      </span><span class="nt">conversionStrategy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Default</span><span class="w"></span>
 <span class="w">      </span><span class="nt">decodingStrategy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Auto</span><span class="w"></span>
 <span class="w">    </span><span class="nt">rewrite</span><span class="p">:</span><span class="w"></span>
 <span class="w">    </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">regexp</span><span class="p">:</span><span class="w"></span>
-<span class="w">        </span><span class="nt">source</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;foo&quot;</span><span class="w"></span>
-<span class="w">        </span><span class="nt">target</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;bar&quot;</span><span class="w"></span>
-<span class="w">    </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">regexp</span><span class="p">:</span><span class="w"></span>
 <span class="w">        </span><span class="nt">source</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;exp-(.*?)-ression&quot;</span><span class="w"></span>
-<span class="w">        </span><span class="nt">target</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;rewriting-$1-with-groups&quot;</span><span class="w"></span>
+<span class="w">        </span><span class="nt">target</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;rewriting-${1}-with-groups&quot;</span><span class="w"></span>
 <span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">find</span><span class="p">:</span><span class="w"></span>
 <span class="w">      </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">path-to-filter</span><span class="w"></span>
 <span class="w">          </span><span class="l l-Scalar l-Scalar-Plain">source</span><span class="p p-Indicator">:</span><span class="w"> </span><span class="s">&quot;exp-(.*?)-ression&quot;</span><span class="w"></span>
-<span class="w">          </span><span class="nt">target</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;rewriting-$1-with-groups&quot;</span><span class="w"></span>
+<span class="w">          </span><span class="nt">target</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;rewriting-${1}-with-groups&quot;</span><span class="w"></span>
 <span class="w">      </span><span class="nt">name</span><span class="p">:</span><span class="w"></span>
 <span class="w">        </span><span class="nt">regexp</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;.*foobar.*&quot;</span><span class="w"></span>
 <span class="w">      </span><span class="nt">tags</span><span class="p">:</span><span class="w"></span>
@@ -2023,7 +2058,6 @@ be transformed and saved as a <code>Kind=Secret</code>:</p>
 <span class="w">    </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">regexp</span><span class="p">:</span><span class="w"></span>
 <span class="w">        </span><span class="nt">source</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;foo&quot;</span><span class="w"></span>
 <span class="w">        </span><span class="nt">target</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;bar&quot;</span><span class="w"></span>
-<span class="w">    </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">regexp</span><span class="p">:</span><span class="w"></span>
 
 <span class="nt">status</span><span class="p">:</span><span class="w"></span>
 <span class="w">  </span><span class="c1"># refreshTime is the time and date the external secret was fetched and</span><span class="w"></span>

main/api/spec/index.html

@@ -1898,6 +1898,19 @@ github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
 <p>The SecretAccessKey is used for authentication</p>
 </td>
 </tr>
+<tr>
+<td>
+<code>sessionTokenSecretRef</code></br>
+<em>
+github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
+</em>
+</td>
+<td>
+<p>The SessionToken used for authentication
+This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
+see: <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html">https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html</a></p>
+</td>
+</tr>
 </tbody>
 </table>
 <h3 id="external-secrets.io/v1beta1.AWSJWTAuth">AWSJWTAuth
@@ -3155,6 +3168,20 @@ int
 <p>Used to configure store refresh interval in seconds. Empty or 0 will default to the controller config.</p>
 </td>
 </tr>
+<tr>
+<td>
+<code>conditions</code></br>
+<em>
+<a href="#external-secrets.io/v1beta1.ClusterSecretStoreCondition">
+[]ClusterSecretStoreCondition
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Used to constraint a ClusterSecretStore to specific namespaces. Relevant only to ClusterSecretStore</p>
+</td>
+</tr>
 </table>
 </td>
 </tr>
@@ -3172,6 +3199,51 @@ SecretStoreStatus
 </tr>
 </tbody>
 </table>
+<h3 id="external-secrets.io/v1beta1.ClusterSecretStoreCondition">ClusterSecretStoreCondition
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#external-secrets.io/v1beta1.SecretStoreSpec">SecretStoreSpec</a>)
+</p>
+<p>
+<p>ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in
+for a ClusterSecretStore instance.</p>
+</p>
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>namespaceSelector</code></br>
+<em>
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#labelselector-v1-meta">
+Kubernetes meta/v1.LabelSelector
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Choose namespace using a labelSelector</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>namespaces</code></br>
+<em>
+[]string
+</em>
+</td>
+<td>
+<p>Choose namespaces by name</p>
+</td>
+</tr>
+</tbody>
+</table>
 <h3 id="external-secrets.io/v1beta1.DopplerAuth">DopplerAuth
 </h3>
 <p>
@@ -3364,6 +3436,7 @@ SecretStoreRef
 </em>
 </td>
 <td>
+<em>(Optional)</em>
 </td>
 </tr>
 <tr>
@@ -3539,6 +3612,8 @@ string
 </em>
 </td>
 <td>
+<p>SecretKey defines the key in which the controller stores
+the value. This is the key in the Kind=Secret</p>
 </td>
 </tr>
 <tr>
@@ -3551,6 +3626,22 @@ ExternalSecretDataRemoteRef
 </em>
 </td>
 <td>
+<p>RemoteRef points to the remote secret and defines
+which secret (version/property/..) to fetch.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>sourceRef</code></br>
+<em>
+<a href="#external-secrets.io/v1beta1.SourceRef">
+SourceRef
+</a>
+</em>
+</td>
+<td>
+<p>SourceRef allows you to override the source
+from which the value will pulled from.</p>
 </td>
 </tr>
 </tbody>
@@ -3582,7 +3673,8 @@ ExternalSecretDataRemoteRef
 </td>
 <td>
 <em>(Optional)</em>
-<p>Used to extract multiple key/value pairs from one secret</p>
+<p>Used to extract multiple key/value pairs from one secret
+Note: Extract does not support sourceRef.Generator or sourceRef.GeneratorRef.</p>
 </td>
 </tr>
 <tr>
@@ -3596,7 +3688,8 @@ ExternalSecretFind
 </td>
 <td>
 <em>(Optional)</em>
-<p>Used to find secrets based on tags or regular expressions</p>
+<p>Used to find secrets based on tags or regular expressions
+Note: Find does not support sourceRef.Generator or sourceRef.GeneratorRef.</p>
 </td>
 </tr>
 <tr>
@@ -3614,6 +3707,24 @@ ExternalSecretFind
 Multiple Rewrite operations can be provided. They are applied in a layered order (first to last)</p>
 </td>
 </tr>
+<tr>
+<td>
+<code>sourceRef</code></br>
+<em>
+<a href="#external-secrets.io/v1beta1.SourceRef">
+SourceRef
+</a>
+</em>
+</td>
+<td>
+<p>SourceRef points to a store or generator
+which contains secret values ready to use.
+Use this in combination with Extract or Find pull values out of
+a specific SecretStore.
+When sourceRef points to a generator Extract or Find is not supported.
+The generator returns a static map of values</p>
+</td>
+</tr>
 </tbody>
 </table>
 <h3 id="external-secrets.io/v1beta1.ExternalSecretDataRemoteRef">ExternalSecretDataRemoteRef
@@ -3980,6 +4091,7 @@ SecretStoreRef
 </em>
 </td>
 <td>
+<em>(Optional)</em>
 </td>
 </tr>
 <tr>
@@ -4686,6 +4798,58 @@ string
 </tr>
 </tbody>
 </table>
+<h3 id="external-secrets.io/v1beta1.GeneratorRef">GeneratorRef
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#external-secrets.io/v1beta1.SourceRef">SourceRef</a>)
+</p>
+<p>
+<p>GeneratorRef points to a generator custom resource.</p>
+</p>
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>apiVersion</code></br>
+<em>
+string
+</em>
+</td>
+<td>
+<p>Specify the apiVersion of the generator resource</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>kind</code></br>
+<em>
+string
+</em>
+</td>
+<td>
+<p>Specify the Kind of the resource, e.g. Password, ACRAccessToken etc.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>name</code></br>
+<em>
+string
+</em>
+</td>
+<td>
+<p>Specify the name of the generator resource</p>
+</td>
+</tr>
+</tbody>
+</table>
 <h3 id="external-secrets.io/v1beta1.GenericStore">GenericStore
 </h3>
 <p>
@@ -4778,6 +4942,39 @@ string
 <p>ProjectID specifies a project where secrets are located.</p>
 </td>
 </tr>
+<tr>
+<td>
+<code>inheritFromGroups</code></br>
+<em>
+bool
+</em>
+</td>
+<td>
+<p>InheritFromGroups specifies whether parent groups should be discovered and checked for secrets.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>groupIDs</code></br>
+<em>
+[]string
+</em>
+</td>
+<td>
+<p>GroupIDs specify, which gitlab groups to pull secrets from. Group secrets are read from left to right followed by the project variables.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>environment</code></br>
+<em>
+string
+</em>
+</td>
+<td>
+<p>Environment environment_scope of gitlab CI/CD variables (Please see <a href="https://docs.gitlab.com/ee/ci/environments/#create-a-static-environment">https://docs.gitlab.com/ee/ci/environments/#create-a-static-environment</a> on how to create environments)</p>
+</td>
+</tr>
 </tbody>
 </table>
 <h3 id="external-secrets.io/v1beta1.GitlabSecretRef">GitlabSecretRef
@@ -5519,6 +5716,20 @@ int
 <p>Used to configure store refresh interval in seconds. Empty or 0 will default to the controller config.</p>
 </td>
 </tr>
+<tr>
+<td>
+<code>conditions</code></br>
+<em>
+<a href="#external-secrets.io/v1beta1.ClusterSecretStoreCondition">
+[]ClusterSecretStoreCondition
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Used to constraint a ClusterSecretStore to specific namespaces. Relevant only to ClusterSecretStore</p>
+</td>
+</tr>
 </table>
 </td>
 </tr>
@@ -5840,7 +6051,8 @@ DopplerProvider
 </h3>
 <p>
 (<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretSpec">ExternalSecretSpec</a>)
+<a href="#external-secrets.io/v1beta1.ExternalSecretSpec">ExternalSecretSpec</a>, 
+<a href="#external-secrets.io/v1beta1.SourceRef">SourceRef</a>)
 </p>
 <p>
 <p>SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.</p>
@@ -5987,6 +6199,20 @@ int
 <p>Used to configure store refresh interval in seconds. Empty or 0 will default to the controller config.</p>
 </td>
 </tr>
+<tr>
+<td>
+<code>conditions</code></br>
+<em>
+<a href="#external-secrets.io/v1beta1.ClusterSecretStoreCondition">
+[]ClusterSecretStoreCondition
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Used to constraint a ClusterSecretStore to specific namespaces. Relevant only to ClusterSecretStore</p>
+</td>
+</tr>
 </tbody>
 </table>
 <h3 id="external-secrets.io/v1beta1.SecretStoreStatus">SecretStoreStatus
@@ -6246,6 +6472,55 @@ bool
 </tr>
 </tbody>
 </table>
+<h3 id="external-secrets.io/v1beta1.SourceRef">SourceRef
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#external-secrets.io/v1beta1.ExternalSecretData">ExternalSecretData</a>, 
+<a href="#external-secrets.io/v1beta1.ExternalSecretDataFromRemoteRef">ExternalSecretDataFromRemoteRef</a>)
+</p>
+<p>
+<p>SourceRef allows you to override the source
+from which the secret will be pulled from.
+You can define at maximum one property.</p>
+</p>
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>storeRef</code></br>
+<em>
+<a href="#external-secrets.io/v1beta1.SecretStoreRef">
+SecretStoreRef
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+</td>
+</tr>
+<tr>
+<td>
+<code>generatorRef</code></br>
+<em>
+<a href="#external-secrets.io/v1beta1.GeneratorRef">
+GeneratorRef
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>GeneratorRef points to a generator custom resource in</p>
+</td>
+</tr>
+</tbody>
+</table>
 <h3 id="external-secrets.io/v1beta1.TemplateEngineVersion">TemplateEngineVersion
 (<code>string</code> alias)</p></h3>
 <p>

main/provider/akeyless/index.html

@@ -2094,7 +2094,7 @@
 <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span><span class="w"></span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span><span class="w"></span>
 <span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">akeyless-external-secret-example</span><span class="w"></span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database-credentials</span><span class="w"></span>
 <span class="nt">spec</span><span class="p">:</span><span class="w"></span>
 <span class="w">  </span><span class="nt">refreshInterval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1h</span><span class="w"></span>
 
@@ -2103,20 +2103,23 @@
 <span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">akeyless-secret-store</span><span class="w"> </span><span class="c1"># Must match SecretStore on the cluster</span><span class="w"></span>
 
 <span class="w">  </span><span class="nt">target</span><span class="p">:</span><span class="w"></span>
-<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">akeyless-secret-to-create</span><span class="w"> </span><span class="c1"># Name for the secret to be created on the cluster</span><span class="w"></span>
+<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database-credentials</span><span class="w"> </span><span class="c1"># Name for the secret to be created on the cluster</span><span class="w"></span>
 <span class="w">    </span><span class="nt">creationPolicy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Owner</span><span class="w"></span>
 
 <span class="w">  </span><span class="nt">data</span><span class="p">:</span><span class="w"></span>
-<span class="w">    </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secretKey</span><span class="w"> </span><span class="c1"># Key given to the secret to be created on the cluster</span><span class="w"></span>
+<span class="w">    </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">username</span><span class="w"> </span><span class="c1"># Key given to the secret to be created on the cluster</span><span class="w"></span>
 <span class="w">      </span><span class="nt">remoteRef</span><span class="p">:</span><span class="w"></span>
-<span class="w">        </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret-name</span><span class="w"> </span><span class="c1"># Full path of the secret on Akeyless</span><span class="w"></span>
+<span class="w">        </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">db-username</span><span class="w">  </span><span class="c1"># Full path of the secret on Akeyless</span><span class="w"></span>
+<span class="w">    </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">password</span><span class="w"> </span><span class="c1"># Key given to the secret to be created on the cluster</span><span class="w"></span>
+<span class="w">      </span><span class="nt">remoteRef</span><span class="p">:</span><span class="w"></span>
+<span class="w">        </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">db-password</span><span class="w">  </span><span class="c1"># Full path of the secret on Akeyless</span><span class="w"></span>
 </code></pre></div>
 <h4 id="using-datafrom">Using DataFrom</h4>
 <p>DataFrom can be used to get a secret as a JSON string and attempt to parse it.</p>
 <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span><span class="w"></span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span><span class="w"></span>
 <span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">akeyless-external-secret-example-json</span><span class="w"></span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database-credentials</span><span class="w"></span>
 <span class="nt">spec</span><span class="p">:</span><span class="w"></span>
 <span class="w">  </span><span class="nt">refreshInterval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1h</span><span class="w"></span>
 
@@ -2125,13 +2128,13 @@
 <span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">akeyless-secret-store</span><span class="w"> </span><span class="c1"># Must match SecretStore on the cluster</span><span class="w"></span>
 
 <span class="w">  </span><span class="nt">target</span><span class="p">:</span><span class="w"></span>
-<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">akeyless-secret-to-create-json</span><span class="w"> </span><span class="c1"># Name for the secret to be created on the cluster</span><span class="w"></span>
+<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database-credentials</span><span class="w"> </span><span class="c1"># Name for the secret to be created on the cluster</span><span class="w"></span>
 <span class="w">    </span><span class="nt">creationPolicy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Owner</span><span class="w"></span>
 
 <span class="w">  </span><span class="c1"># for json formatted secrets: each key in the json will be used as the secret key in the SECRET k8s target object</span><span class="w"></span>
 <span class="w">  </span><span class="nt">dataFrom</span><span class="p">:</span><span class="w"></span>
 <span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">extract</span><span class="p">:</span><span class="w"></span>
-<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret-name</span><span class="w"> </span><span class="c1"># Full path of the secret on Akeyless</span><span class="w"></span>
+<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database-credentials</span><span class="w"> </span><span class="c1"># Full path of the secret on Akeyless</span><span class="w"></span>
 </code></pre></div>
 <h3 id="getting-the-kubernetes-secret">Getting the Kubernetes Secret</h3>
 <p>The operator will fetch the secret and inject it as a <code>Kind=Secret</code>.

main/provider/aws-parameter-store/index.html

@@ -2084,17 +2084,17 @@
 defined region. You should define Roles that define fine-grained access to
 individual secrets and pass them to ESO using <code>spec.provider.aws.role</code>. This
 way users of the <code>SecretStore</code> can only access the secrets necessary.</p>
-<p><div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span><span class="w"></span>
+<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span><span class="w"></span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span><span class="w"></span>
 <span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secretstore-sample</span><span class="w"></span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">parameterstore</span><span class="w"></span>
 <span class="nt">spec</span><span class="p">:</span><span class="w"></span>
 <span class="w">  </span><span class="nt">provider</span><span class="p">:</span><span class="w"></span>
 <span class="w">    </span><span class="nt">aws</span><span class="p">:</span><span class="w"></span>
 <span class="w">      </span><span class="nt">service</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ParameterStore</span><span class="w"></span>
 <span class="w">      </span><span class="c1"># define a specific role to limit access</span><span class="w"></span>
 <span class="w">      </span><span class="c1"># to certain secrets</span><span class="w"></span>
-<span class="w">      </span><span class="nt">role</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">iam-role</span><span class="w"></span>
+<span class="w">      </span><span class="nt">role</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">arn:aws:iam::123456789012:role/external-secrets</span><span class="w"></span>
 <span class="w">      </span><span class="nt">region</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">eu-central-1</span><span class="w"></span>
 <span class="w">      </span><span class="nt">auth</span><span class="p">:</span><span class="w"></span>
 <span class="w">        </span><span class="nt">secretRef</span><span class="p">:</span><span class="w"></span>
@@ -2105,7 +2105,7 @@ way users of the <code>SecretStore</code> can only access the secrets necessary.
 <span class="w">            </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">awssm-secret</span><span class="w"></span>
 <span class="w">            </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret-access-key</span><span class="w"></span>
 </code></pre></div>
-<strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> in <code>accessKeyIDSecretRef</code> and <code>secretAccessKeySecretRef</code>  with the namespaces where the secrets reside.</p>
+<p><strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> in <code>accessKeyIDSecretRef</code> and <code>secretAccessKeySecretRef</code>  with the namespaces where the secrets reside.</p>
 <div class="admonition warning">
 <p class="admonition-title">API Pricing &amp; Throttling</p>
 <p>The SSM Parameter Store API is charged by throughput and
@@ -2131,7 +2131,7 @@ Please estimate your costs before using ESO. Cost depends on the RefreshInterval
 </code></pre></div>
 <h3 id="json-secret-values">JSON Secret Values</h3>
 <p>You can store JSON objects in a parameter. You can access nested values or arrays using <a href="https://github.com/tidwall/gjson/blob/master/SYNTAX.md">gjson syntax</a>:</p>
-<p>Consider the following JSON object that is stored in the Parameter Store key <code>my-json-secret</code>:
+<p>Consider the following JSON object that is stored in the Parameter Store key <code>friendslist</code>:
 <div class="highlight"><pre><span></span><code><span class="p">{</span><span class="w"></span>
 <span class="w">  </span><span class="nt">&quot;name&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="nt">&quot;first&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;Tom&quot;</span><span class="p">,</span><span class="w"> </span><span class="nt">&quot;last&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;Anderson&quot;</span><span class="p">},</span><span class="w"></span>
 <span class="w">  </span><span class="nt">&quot;friends&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"></span>
@@ -2145,17 +2145,17 @@ Please estimate your costs before using ESO. Cost depends on the RefreshInterval
 <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span><span class="w"></span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span><span class="w"></span>
 <span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">example</span><span class="w"></span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">extract-data</span><span class="w"></span>
 <span class="nt">spec</span><span class="p">:</span><span class="w"></span>
 <span class="w">  </span><span class="c1"># [omitted for brevity]</span><span class="w"></span>
 <span class="w">  </span><span class="nt">data</span><span class="p">:</span><span class="w"></span>
-<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">firstname</span><span class="w"></span>
+<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my_name</span><span class="w"></span>
 <span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span><span class="w"></span>
-<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-json-secret</span><span class="w"></span>
+<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">friendslist</span><span class="w"></span>
 <span class="w">      </span><span class="nt">property</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">name.first</span><span class="w"> </span><span class="c1"># Tom</span><span class="w"></span>
 <span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">first_friend</span><span class="w"></span>
 <span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span><span class="w"></span>
-<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-json-secret</span><span class="w"></span>
+<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">friendslist</span><span class="w"></span>
 <span class="w">      </span><span class="nt">property</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">friends.1.first</span><span class="w"> </span><span class="c1"># Roger</span><span class="w"></span>
 </code></pre></div></p>
 <h3 id="parameter-versions">Parameter Versions</h3>

main/provider/aws-secrets-manager/index.html

@@ -2007,16 +2007,16 @@ way users of the <code>SecretStore</code> can only access the secrets necessary.
 <p><div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span><span class="w"></span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span><span class="w"></span>
 <span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secretstore-sample</span><span class="w"></span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">aws-secretsmanager</span><span class="w"></span>
 <span class="nt">spec</span><span class="p">:</span><span class="w"></span>
 <span class="w">  </span><span class="nt">provider</span><span class="p">:</span><span class="w"></span>
 <span class="w">    </span><span class="nt">aws</span><span class="p">:</span><span class="w"></span>
 <span class="w">      </span><span class="nt">service</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretsManager</span><span class="w"></span>
 <span class="w">      </span><span class="c1"># define a specific role to limit access</span><span class="w"></span>
 <span class="w">      </span><span class="c1"># to certain secrets.</span><span class="w"></span>
-<span class="w">      </span><span class="c1"># role is a optional field that </span><span class="w"></span>
+<span class="w">      </span><span class="c1"># role is a optional field that</span><span class="w"></span>
 <span class="w">      </span><span class="c1"># can be omitted for test purposes</span><span class="w"></span>
-<span class="w">      </span><span class="nt">role</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">iam-role</span><span class="w"></span>
+<span class="w">      </span><span class="nt">role</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">arn:aws:iam::123456789012:role/external-secrets</span><span class="w"></span>
 <span class="w">      </span><span class="nt">region</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">eu-central-1</span><span class="w"></span>
 <span class="w">      </span><span class="nt">auth</span><span class="p">:</span><span class="w"></span>
 <span class="w">        </span><span class="nt">secretRef</span><span class="p">:</span><span class="w"></span>
@@ -2050,7 +2050,7 @@ way users of the <code>SecretStore</code> can only access the secrets necessary.
 </code></pre></div>
 <h3 id="json-secret-values">JSON Secret Values</h3>
 <p>SecretsManager supports <em>simple</em> key/value pairs that are stored as json. If you use the API you can store more complex JSON objects. You can access nested values or arrays using <a href="https://github.com/tidwall/gjson/blob/master/SYNTAX.md">gjson syntax</a>:</p>
-<p>Consider the following JSON object that is stored in the SecretsManager key <code>my-json-secret</code>:
+<p>Consider the following JSON object that is stored in the SecretsManager key <code>friendslist</code>:
 <div class="highlight"><pre><span></span><code><span class="p">{</span><span class="w"></span>
 <span class="w">  </span><span class="nt">&quot;name&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="nt">&quot;first&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;Tom&quot;</span><span class="p">,</span><span class="w"> </span><span class="nt">&quot;last&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;Anderson&quot;</span><span class="p">},</span><span class="w"></span>
 <span class="w">  </span><span class="nt">&quot;friends&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"></span>
@@ -2068,61 +2068,65 @@ way users of the <code>SecretStore</code> can only access the secrets necessary.
 <span class="nt">spec</span><span class="p">:</span><span class="w"></span>
 <span class="w">  </span><span class="nt">refreshInterval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1m</span><span class="w"></span>
 <span class="w">  </span><span class="nt">secretStoreRef</span><span class="p">:</span><span class="w"></span>
-<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secretstore-sample</span><span class="w"></span>
+<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">aws-secretsmanager</span><span class="w"></span>
 <span class="w">    </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span><span class="w"></span>
 <span class="w">  </span><span class="nt">target</span><span class="p">:</span><span class="w"></span>
-<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret-to-be-created</span><span class="w"></span>
+<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">friends</span><span class="w"></span>
 <span class="w">    </span><span class="nt">creationPolicy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Owner</span><span class="w"></span>
 <span class="w">  </span><span class="nt">data</span><span class="p">:</span><span class="w"></span>
-<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">firstname</span><span class="w"></span>
+<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my_name</span><span class="w"></span>
 <span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span><span class="w"></span>
-<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-json-secret</span><span class="w"></span>
+<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">friendslist</span><span class="w"></span>
 <span class="w">      </span><span class="nt">property</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">name.first</span><span class="w"> </span><span class="c1"># Tom</span><span class="w"></span>
 <span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">first_friend</span><span class="w"></span>
 <span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span><span class="w"></span>
-<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-json-secret</span><span class="w"></span>
+<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">friendslist</span><span class="w"></span>
 <span class="w">      </span><span class="nt">property</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">friends.1.first</span><span class="w"> </span><span class="c1"># Roger</span><span class="w"></span>
 </code></pre></div>
 <h3 id="secret-versions">Secret Versions</h3>
 <p>SecretsManager creates a new version of a secret every time it is updated. The secret version can be reference in two ways, the <code>VersionStage</code> and the <code>VersionId</code>. The <code>VersionId</code> is a unique uuid which is generated every time the secret changes. This id is immutable and will always refer to the same secret data. The <code>VersionStage</code> is an alias to a <code>VersionId</code>, and can refer to different secret data as the secret is updated. By default, SecretsManager will add the version stages <code>AWSCURRENT</code> and <code>AWSPREVIOUS</code> to every secret, but other stages can be created via the <a href="https://docs.aws.amazon.com/cli/latest/reference/secretsmanager/update-secret-version-stage.html">update-secret-version-stage</a> api.</p>
 <p>The <code>version</code> field on the <code>remoteRef</code> of the ExternalSecret will normally consider the version to be a <code>VersionStage</code>, but if the field is prefixed with <code>uuid/</code>, then the version will be considered a <code>VersionId</code>.</p>
-<p>So in this example, the operator will request the secret with <code>VersionStage</code> as <code>AWSPREVIOUS</code>:</p>
+<p>So in this example, the operator will request the same secret with different versions: <code>AWSCURRENT</code> and <code>AWSPREVIOUS</code>:</p>
 <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span><span class="w"></span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span><span class="w"></span>
 <span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">example</span><span class="w"></span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">versioned-api-key</span><span class="w"></span>
 <span class="nt">spec</span><span class="p">:</span><span class="w"></span>
 <span class="w">  </span><span class="nt">refreshInterval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1h</span><span class="w"></span>
 <span class="w">  </span><span class="nt">secretStoreRef</span><span class="p">:</span><span class="w"></span>
-<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secretstore-sample</span><span class="w"></span>
+<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">aws-secretsmanager</span><span class="w"></span>
 <span class="w">    </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span><span class="w"></span>
 <span class="w">  </span><span class="nt">target</span><span class="p">:</span><span class="w"></span>
-<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret-to-be-created</span><span class="w"></span>
+<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">versioned-api-key</span><span class="w"></span>
 <span class="w">    </span><span class="nt">creationPolicy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Owner</span><span class="w"></span>
 <span class="w">  </span><span class="nt">data</span><span class="p">:</span><span class="w"></span>
-<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret-key-to-be-managed</span><span class="w"></span>
+<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">previous-api-key</span><span class="w"></span>
 <span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span><span class="w"></span>
-<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;example/secret&quot;</span><span class="w"></span>
+<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;production/api-key&quot;</span><span class="w"></span>
 <span class="w">      </span><span class="nt">version</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;AWSPREVIOUS&quot;</span><span class="w"></span>
+<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">current-api-key</span><span class="w"></span>
+<span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span><span class="w"></span>
+<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;production/api-key&quot;</span><span class="w"></span>
+<span class="w">      </span><span class="nt">version</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;AWSCURRENT&quot;</span><span class="w"></span>
 </code></pre></div>
 <p>While in this example, the operator will request the secret with <code>VersionId</code> as <code>abcd-1234</code></p>
 <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span><span class="w"></span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span><span class="w"></span>
 <span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">example</span><span class="w"></span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">versioned-api-key</span><span class="w"></span>
 <span class="nt">spec</span><span class="p">:</span><span class="w"></span>
 <span class="w">  </span><span class="nt">refreshInterval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1h</span><span class="w"></span>
 <span class="w">  </span><span class="nt">secretStoreRef</span><span class="p">:</span><span class="w"></span>
-<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secretstore-sample</span><span class="w"></span>
+<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">aws-secretsmanager</span><span class="w"></span>
 <span class="w">    </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span><span class="w"></span>
 <span class="w">  </span><span class="nt">target</span><span class="p">:</span><span class="w"></span>
-<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret-to-be-created</span><span class="w"></span>
+<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">versioned-api-key</span><span class="w"></span>
 <span class="w">    </span><span class="nt">creationPolicy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Owner</span><span class="w"></span>
 <span class="w">  </span><span class="nt">data</span><span class="p">:</span><span class="w"></span>
-<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret-key-to-be-managed</span><span class="w"></span>
+<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">api-key</span><span class="w"></span>
 <span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span><span class="w"></span>
-<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;example/secret&quot;</span><span class="w"></span>
-<span class="w">      </span><span class="nt">version</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;uuid/abcd-1234&quot;</span><span class="w"></span>
+<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;production/api-key&quot;</span><span class="w"></span>
+<span class="w">      </span><span class="nt">version</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;uuid/123e4567-e89b-12d3-a456-426614174000&quot;</span><span class="w"></span>
 </code></pre></div>
 <h2 id="aws-authentication">AWS Authentication</h2>
 <h3 id="controllers-pod-identity">Controller's Pod Identity</h3>

main/provider/azure-key-vault/index.html

@@ -2031,15 +2031,15 @@
 <p>We support Service Principals, Managed Identity and Workload Identity authentication.</p>
 <p>To use Managed Identity authentication, you should use <a href="https://azure.github.io/aad-pod-identity/docs/">aad-pod-identity</a> to assign the identity to external-secrets operator. To add the selector to external-secrets operator, use <code>podLabels</code> in your values.yaml in case of Helm installation of external-secrets.</p>
 <p>We support connecting to different cloud flavours azure supports: <code>PublicCloud</code>, <code>USGovernmentCloud</code>, <code>ChinaCloud</code> and <code>GermanCloud</code>. You have to specify the <code>environmentType</code> and point to the correct cloud flavour. This defaults to <code>PublicCloud</code>.</p>
-<div class="highlight"><pre><span></span><code>apiVersion: external-secrets.io/v1beta1
-kind: SecretStore
-metadata:
-  name: azure-backend
-spec:
-  provider:
-    azurekv:
-      # PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud
-      environmentType: PublicCloud # default
+<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span><span class="w"></span>
+<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span><span class="w"></span>
+<span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">azure-backend</span><span class="w"></span>
+<span class="nt">spec</span><span class="p">:</span><span class="w"></span>
+<span class="w">  </span><span class="nt">provider</span><span class="p">:</span><span class="w"></span>
+<span class="w">    </span><span class="nt">azurekv</span><span class="p">:</span><span class="w"></span>
+<span class="w">      </span><span class="c1"># PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud</span><span class="w"></span>
+<span class="w">      </span><span class="nt">environmentType</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">PublicCloud</span><span class="w"> </span><span class="c1"># default</span><span class="w"></span>
 </code></pre></div>
 <p>Minimum required permissions are <code>Get</code> over secret and certificate permissions. This can be done by adding a Key Vault access policy:</p>
 <div class="highlight"><pre><span></span><code><span class="nv">KUBELET_IDENTITY_OBJECT_ID</span><span class="o">=</span><span class="k">$(</span>az aks show --resource-group &lt;AKS_CLUSTER_RG_NAME&gt; --name &lt;AKS_CLUSTER_NAME&gt; --query <span class="s1">&#39;identityProfile.kubeletidentity.objectId&#39;</span> -o tsv<span class="k">)</span>
@@ -2053,7 +2053,7 @@ az keyvault set-policy --name kv-name-with-certs --object-id <span class="s2">&q
 <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span><span class="w"></span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span><span class="w"></span>
 <span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">example-secret-store</span><span class="w"></span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">azure-store</span><span class="w"></span>
 <span class="nt">spec</span><span class="p">:</span><span class="w"></span>
 <span class="w">  </span><span class="nt">provider</span><span class="p">:</span><span class="w"></span>
 <span class="w">    </span><span class="c1"># provider type: azure keyvault</span><span class="w"></span>
@@ -2097,7 +2097,7 @@ az keyvault set-policy --name kv-name-with-certs --object-id <span class="s2">&q
 <span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span><span class="w"></span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span><span class="w"></span>
 <span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">example-secret-store</span><span class="w"></span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">azure-store</span><span class="w"></span>
 <span class="nt">spec</span><span class="p">:</span><span class="w"></span>
 <span class="w">  </span><span class="nt">provider</span><span class="p">:</span><span class="w"></span>
 <span class="w">    </span><span class="nt">azurekv</span><span class="p">:</span><span class="w"></span>
@@ -2119,7 +2119,7 @@ az keyvault set-policy --name kv-name-with-certs --object-id <span class="s2">&q
 <span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span><span class="w"></span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span><span class="w"></span>
 <span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">example-secret-store</span><span class="w"></span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">azure-store</span><span class="w"></span>
 <span class="nt">spec</span><span class="p">:</span><span class="w"></span>
 <span class="w">  </span><span class="nt">provider</span><span class="p">:</span><span class="w"></span>
 <span class="w">    </span><span class="nt">azurekv</span><span class="p">:</span><span class="w"></span>
@@ -2133,7 +2133,7 @@ az keyvault set-policy --name kv-name-with-certs --object-id <span class="s2">&q
 <p><div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span><span class="w"></span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span><span class="w"></span>
 <span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">example-secret-store</span><span class="w"></span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">azure-store</span><span class="w"></span>
 <span class="nt">spec</span><span class="p">:</span><span class="w"></span>
 <span class="w">  </span><span class="nt">provider</span><span class="p">:</span><span class="w"></span>
 <span class="w">    </span><span class="c1"># provider type: azure keyvault</span><span class="w"></span>
@@ -2157,7 +2157,7 @@ az keyvault set-policy --name kv-name-with-certs --object-id <span class="s2">&q
 <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span><span class="w"></span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span><span class="w"></span>
 <span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">example-secret-store</span><span class="w"></span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">azure-store</span><span class="w"></span>
 <span class="nt">spec</span><span class="p">:</span><span class="w"></span>
 <span class="w">  </span><span class="nt">provider</span><span class="p">:</span><span class="w"></span>
 <span class="w">    </span><span class="c1"># provider type: azure keyvault</span><span class="w"></span>
@@ -2198,52 +2198,52 @@ az keyvault set-policy --name kv-name-with-certs --object-id <span class="s2">&q
 <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span><span class="w"></span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span><span class="w"></span>
 <span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">example-external-secret</span><span class="w"></span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database-credentials</span><span class="w"></span>
 <span class="nt">spec</span><span class="p">:</span><span class="w"></span>
 <span class="w">  </span><span class="nt">refreshInterval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1h</span><span class="w"></span>
 <span class="w">  </span><span class="nt">secretStoreRef</span><span class="p">:</span><span class="w"></span>
 <span class="w">    </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span><span class="w"></span>
-<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">example-secret-store</span><span class="w"></span>
+<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">azure-store</span><span class="w"></span>
 
 <span class="w">  </span><span class="nt">target</span><span class="p">:</span><span class="w"></span>
-<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret-to-be-created</span><span class="w"></span>
+<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database-credentials</span><span class="w"></span>
 <span class="w">    </span><span class="nt">creationPolicy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Owner</span><span class="w"></span>
 
 <span class="w">  </span><span class="nt">data</span><span class="p">:</span><span class="w"></span>
 <span class="w">  </span><span class="c1"># name of the SECRET in the Azure KV (no prefix is by default a SECRET)</span><span class="w"></span>
-<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">dev-secret-test</span><span class="w"></span>
+<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database-username</span><span class="w"></span>
 <span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span><span class="w"></span>
-<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">dev-secret-test</span><span class="w"></span>
+<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database-username</span><span class="w"></span>
 
 <span class="w">  </span><span class="c1"># explicit type and name of secret in the Azure KV</span><span class="w"></span>
-<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">dev-another-secret-test</span><span class="w"></span>
+<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database-password</span><span class="w"></span>
 <span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span><span class="w"></span>
-<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret/dev-secret-test</span><span class="w"></span>
+<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret/database-password</span><span class="w"></span>
 
 <span class="w">  </span><span class="c1"># metadataPolicy to fetch all the tags in JSON format</span><span class="w"></span>
-<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">dev-secret-test</span><span class="w"></span>
+<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database-credentials-metadata</span><span class="w"></span>
 <span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span><span class="w"></span>
-<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">dev-secret-test</span><span class="w"></span>
+<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database-credentials</span><span class="w"></span>
 <span class="w">      </span><span class="nt">metadataPolicy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Fetch</span><span class="w"></span>
 
 <span class="w">  </span><span class="c1"># metadataPolicy to fetch a specific tag which name must be in property</span><span class="w"></span>
-<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">dev-secret-test</span><span class="w"></span>
+<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database-credentials</span><span class="w"></span>
 <span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span><span class="w"></span>
-<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">dev-secret-test</span><span class="w"></span>
+<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database-credentials</span><span class="w"></span>
 <span class="w">      </span><span class="nt">metadataPolicy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Fetch</span><span class="w"></span>
-<span class="w">      </span><span class="nt">property</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">tagname</span><span class="w"></span>
+<span class="w">      </span><span class="nt">property</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">environment</span><span class="w"></span>
 
 <span class="w">  </span><span class="c1"># type/name of certificate in the Azure KV</span><span class="w"></span>
 <span class="w">  </span><span class="c1"># raw value will be returned, use templating features for data processing</span><span class="w"></span>
-<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">dev-cert-test</span><span class="w"></span>
+<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">db-client-cert</span><span class="w"></span>
 <span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span><span class="w"></span>
-<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">cert/dev-cert-test</span><span class="w"></span>
+<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">cert/db-client-cert</span><span class="w"></span>
 
 <span class="w">  </span><span class="c1"># type/name of the public key in the Azure KV</span><span class="w"></span>
 <span class="w">  </span><span class="c1"># the key is returned PEM encoded</span><span class="w"></span>
-<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">dev-key-test</span><span class="w"></span>
+<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">encryption-pubkey</span><span class="w"></span>
 <span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span><span class="w"></span>
-<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">key/dev-key-test</span><span class="w"></span>
+<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">key/encryption-pubkey</span><span class="w"></span>
 </code></pre></div>
 <p>The operator will fetch the Azure Key vault secret and inject it as a <code>Kind=Secret</code>. Then the Kubernetes secret can be fetched by issuing:</p>
 <div class="highlight"><pre><span></span><code>kubectl get secret secret-to-be-created -n &lt;namespace&gt; <span class="p">|</span> -o <span class="nv">jsonpath</span><span class="o">=</span><span class="s1">&#39;{.data.dev-secret-test}&#39;</span> <span class="p">|</span> base64 -d
@@ -2252,53 +2252,57 @@ az keyvault set-policy --name kv-name-with-certs --object-id <span class="s2">&q
 <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span><span class="w"></span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span><span class="w"></span>
 <span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">example</span><span class="w"></span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">all-secrets</span><span class="w"></span>
 <span class="nt">spec</span><span class="p">:</span><span class="w"></span>
-<span class="w">  </span><span class="nt">refreshInterval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1h</span><span class="w">           </span><span class="c1"># rate SecretManager pulls Azure Key Vault</span><span class="w"></span>
+<span class="w">  </span><span class="nt">refreshInterval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1h</span><span class="w">           </span><span class="c1"># rate ESO pulls Azure Key Vault</span><span class="w"></span>
 <span class="w">  </span><span class="nt">secretStoreRef</span><span class="p">:</span><span class="w"></span>
 <span class="w">    </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span><span class="w"></span>
-<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">example</span><span class="w">               </span><span class="c1"># name of the SecretStore (or kind specified)</span><span class="w"></span>
+<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">azure-store</span><span class="w">           </span><span class="c1"># name of the SecretStore (or kind specified)</span><span class="w"></span>
 <span class="w">  </span><span class="nt">target</span><span class="p">:</span><span class="w"></span>
-<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret-to-be-created</span><span class="w">  </span><span class="c1"># name of the k8s Secret to be created</span><span class="w"></span>
+<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">all-secrets</span><span class="w">           </span><span class="c1"># name of the k8s Secret to be created</span><span class="w"></span>
 <span class="w">    </span><span class="nt">creationPolicy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Owner</span><span class="w"></span>
 <span class="w">  </span><span class="nt">dataFrom</span><span class="p">:</span><span class="w"></span>
+<span class="w">  </span><span class="c1"># find all secrets starting with dev-</span><span class="w"></span>
 <span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">find</span><span class="p">:</span><span class="w"></span>
 <span class="w">      </span><span class="nt">name</span><span class="p">:</span><span class="w"></span>
-<span class="w">        </span><span class="nt">regexp</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;^example&quot;</span><span class="w"></span>
+<span class="w">        </span><span class="nt">regexp</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;^dev&quot;</span><span class="w"></span>
+<span class="w">  </span><span class="c1"># find all secrets with tags</span><span class="w"></span>
 <span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">find</span><span class="p">:</span><span class="w"></span>
 <span class="w">      </span><span class="nt">tags</span><span class="p">:</span><span class="w"></span>
-<span class="w">        </span><span class="nt">author</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">seb</span><span class="w"></span>
 <span class="w">        </span><span class="nt">environment</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">dev</span><span class="w"></span>
-<span class="w">  </span><span class="c1"># secret value is in JSON format and we unmarshall it into multiple key/values in k8s secret</span><span class="w"></span>
-<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">extract</span><span class="p">:</span><span class="w"> </span>
-<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">test</span><span class="w"></span>
-<span class="w">  </span><span class="c1"># get all tags and the tags in JSON format will be unmarshall </span><span class="w"></span>
-<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">extract</span><span class="p">:</span><span class="w"> </span>
-<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">test</span><span class="w"></span>
+
+<span class="w">  </span><span class="c1"># extract data from a json value</span><span class="w"></span>
+<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">extract</span><span class="p">:</span><span class="w"></span>
+<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database-credentials</span><span class="w"></span>
+
+<span class="w">  </span><span class="c1"># fetch tags from `database-credentials`</span><span class="w"></span>
+<span class="w">  </span><span class="c1"># and store them as individual keys in a secret</span><span class="w"></span>
+<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">extract</span><span class="p">:</span><span class="w"></span>
+<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database-credentials</span><span class="w"></span>
 <span class="w">      </span><span class="nt">metadataPolicy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Fetch</span><span class="w"></span>
 </code></pre></div>
 <p>To get a PKCS#12 certificate from Azure Key Vault and inject it as a <code>Kind=Secret</code> of type <code>kubernetes.io/tls</code>:</p>
 <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span><span class="w"></span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span><span class="w"></span>
 <span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">mycert</span><span class="w"></span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">tls-client-credentials</span><span class="w"></span>
 <span class="nt">spec</span><span class="p">:</span><span class="w"></span>
-<span class="w">  </span><span class="nt">refreshInterval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">24h</span><span class="w"></span>
+<span class="w">  </span><span class="nt">refreshInterval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1h</span><span class="w"></span>
 <span class="w">  </span><span class="nt">secretStoreRef</span><span class="p">:</span><span class="w"></span>
-<span class="w">    </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ClusterSecretStore</span><span class="w"></span>
-<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">kv-mycert</span><span class="w"></span>
+<span class="w">    </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span><span class="w"></span>
+<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">azure-store</span><span class="w"></span>
 <span class="w">  </span><span class="nt">target</span><span class="p">:</span><span class="w"></span>
 <span class="w">    </span><span class="nt">template</span><span class="p">:</span><span class="w"></span>
 <span class="w">      </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">kubernetes.io/tls</span><span class="w"></span>
 <span class="w">      </span><span class="nt">engineVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v2</span><span class="w"></span>
 <span class="w">      </span><span class="nt">data</span><span class="p">:</span><span class="w"></span>
-<span class="w">        </span><span class="nt">tls.crt</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">.mycert</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">b64dec</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">pkcs12cert</span><span class="nv"> </span><span class="s">}}&quot;</span><span class="w"></span>
-<span class="w">        </span><span class="nt">tls.key</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">.mycert</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">b64dec</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">pkcs12key</span><span class="nv"> </span><span class="s">}}&quot;</span><span class="w"></span>
+<span class="w">        </span><span class="nt">tls.crt</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">.tls</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">b64dec</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">pkcs12cert</span><span class="nv"> </span><span class="s">}}&quot;</span><span class="w"></span>
+<span class="w">        </span><span class="nt">tls.key</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">.tls</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">b64dec</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">pkcs12key</span><span class="nv"> </span><span class="s">}}&quot;</span><span class="w"></span>
 <span class="w">  </span><span class="nt">data</span><span class="p">:</span><span class="w"></span>
-<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">mycert</span><span class="w"></span>
+<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">tls</span><span class="w"></span>
 <span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span><span class="w"></span>
 <span class="w">      </span><span class="c1"># Azure Key Vault certificates must be fetched as secret/cert-name</span><span class="w"></span>
-<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret/mycert</span><span class="w"></span>
+<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret/tls-client-credentials</span><span class="w"></span>
 </code></pre></div>
 
               

main/provider/google-secrets-manager/index.html

@@ -2017,7 +2017,7 @@
 <p>Your Google Kubernetes Engine (GKE) applications can consume GCP services like Secrets Manager without using static, long-lived authentication tokens. This is our recommended approach of handling credentials in GCP. ESO offers two options for integrating with GKE workload identity: <strong>pod-based workload identity</strong> and <strong>using service accounts directly</strong>. Before using either way you need to create a service account - this is covered below.</p>
 <h4 id="creating-workload-identity-service-accounts">Creating Workload Identity Service Accounts</h4>
 <p>You can find the documentation for Workload Identity <a href="https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity">here</a>. We will walk you through how to navigate it here.</p>
-<p>Search <a href="https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity">the document</a> for this editable values and change them to your values:<br />
+<p>Search <a href="https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity">the document</a> for this editable values and change them to your values:
 <em>Note: If you have installed ESO, a serviceaccount has already been created. You can either patch the existing <code>external-secrets</code> SA or create a new one that fits your needs.</em></p>
 <ul>
 <li><code>CLUSTER_NAME</code>: The name of your cluster</li>
@@ -2041,17 +2041,17 @@
 <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span><span class="w"></span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ClusterSecretStore</span><span class="w"></span>
 <span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">example</span><span class="w"></span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">gcp-store</span><span class="w"></span>
 <span class="nt">spec</span><span class="p">:</span><span class="w"></span>
 <span class="w">  </span><span class="nt">provider</span><span class="p">:</span><span class="w"></span>
 <span class="w">    </span><span class="nt">gcpsm</span><span class="p">:</span><span class="w"></span>
-<span class="w">      </span><span class="nt">projectID</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-project</span><span class="w"></span>
+<span class="w">      </span><span class="nt">projectID</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">alphabet-123</span><span class="w"></span>
 <span class="w">      </span><span class="nt">auth</span><span class="p">:</span><span class="w"></span>
 <span class="w">        </span><span class="nt">workloadIdentity</span><span class="p">:</span><span class="w"></span>
 <span class="w">          </span><span class="c1"># name of the cluster region</span><span class="w"></span>
 <span class="w">          </span><span class="nt">clusterLocation</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">europe-central2</span><span class="w"></span>
 <span class="w">          </span><span class="c1"># name of the GKE cluster</span><span class="w"></span>
-<span class="w">          </span><span class="nt">clusterName</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">example-workload-identity</span><span class="w"></span>
+<span class="w">          </span><span class="nt">clusterName</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">alpha-cluster-42</span><span class="w"></span>
 <span class="w">          </span><span class="c1"># projectID of the cluster (if omitted defaults to spec.provider.gcpsm.projectID)</span><span class="w"></span>
 <span class="w">          </span><span class="nt">clusterProjectID</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-cluster-project</span><span class="w"></span>
 <span class="w">          </span><span class="c1"># reference the sa from above</span><span class="w"></span>
@@ -2083,11 +2083,11 @@ You just need to set the <code>projectID</code>, all other fields can be omitted
 <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span><span class="w"></span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span><span class="w"></span>
 <span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">example</span><span class="w"></span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">gcp-store</span><span class="w"></span>
 <span class="nt">spec</span><span class="p">:</span><span class="w"></span>
 <span class="w">  </span><span class="nt">provider</span><span class="p">:</span><span class="w"></span>
 <span class="w">    </span><span class="nt">gcpsm</span><span class="p">:</span><span class="w"></span>
-<span class="w">      </span><span class="nt">projectID</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">pid</span><span class="w"></span>
+<span class="w">      </span><span class="nt">projectID</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">alphabet-123</span><span class="w"></span>
 </code></pre></div>
 <h3 id="gcp-service-account-authentication">GCP Service Account authentication</h3>
 <p>You can use <a href="https://cloud.google.com/iam/docs/service-accounts">GCP Service Account</a> to authenticate with GCP. These are static, long-lived credentials. A GCP Service Account is a JSON file that needs to be stored in a <code>Kind=Secret</code>. ESO will use that Secret to authenticate with GCP. See here how you <a href="https://cloud.google.com/iam/docs/creating-managing-service-accounts">manage GCP Service Accounts</a>.</p>
@@ -2118,7 +2118,7 @@ You just need to set the <code>projectID</code>, all other fields can be omitted
 <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span><span class="w"></span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span><span class="w"></span>
 <span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">example</span><span class="w"></span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">gcp-store</span><span class="w"></span>
 <span class="nt">spec</span><span class="p">:</span><span class="w"></span>
 <span class="w">  </span><span class="nt">provider</span><span class="p">:</span><span class="w"></span>
 <span class="w">      </span><span class="nt">gcpsm</span><span class="p">:</span><span class="w">                                  </span><span class="c1"># gcpsm provider</span><span class="w"></span>
@@ -2127,7 +2127,7 @@ You just need to set the <code>projectID</code>, all other fields can be omitted
 <span class="w">            </span><span class="nt">secretAccessKeySecretRef</span><span class="p">:</span><span class="w"></span>
 <span class="w">              </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">gcpsm-secret</span><span class="w">              </span><span class="c1"># secret name containing SA key</span><span class="w"></span>
 <span class="w">              </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret-access-credentials</span><span class="w">  </span><span class="c1"># key name containing SA key</span><span class="w"></span>
-<span class="w">        </span><span class="nt">projectID</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">myproject</span><span class="w">                  </span><span class="c1"># name of Google Cloud project</span><span class="w"></span>
+<span class="w">        </span><span class="nt">projectID</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">alphabet-123</span><span class="w">               </span><span class="c1"># name of Google Cloud project</span><span class="w"></span>
 </code></pre></div>
 <p><strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> for <code>SecretAccessKeyRef</code> with the namespace of the secret that we just created.</p>
 <h4 id="creating-external-secret">Creating external secret</h4>
@@ -2135,19 +2135,22 @@ You just need to set the <code>projectID</code>, all other fields can be omitted
 <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span><span class="w"></span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span><span class="w"></span>
 <span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">example</span><span class="w"></span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database-credentials</span><span class="w"></span>
 <span class="nt">spec</span><span class="p">:</span><span class="w"></span>
-<span class="w">  </span><span class="nt">refreshInterval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1h</span><span class="w">           </span><span class="c1"># rate SecretManager pulls GCPSM</span><span class="w"></span>
+<span class="w">  </span><span class="nt">refreshInterval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1h</span><span class="w">             </span><span class="c1"># rate SecretManager pulls GCPSM</span><span class="w"></span>
 <span class="w">  </span><span class="nt">secretStoreRef</span><span class="p">:</span><span class="w"></span>
 <span class="w">    </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span><span class="w"></span>
-<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">example</span><span class="w">               </span><span class="c1"># name of the SecretStore (or kind specified)</span><span class="w"></span>
+<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">gcp-store</span><span class="w">               </span><span class="c1"># name of the SecretStore (or kind specified)</span><span class="w"></span>
 <span class="w">  </span><span class="nt">target</span><span class="p">:</span><span class="w"></span>
-<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret-to-be-created</span><span class="w">  </span><span class="c1"># name of the k8s Secret to be created</span><span class="w"></span>
+<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database-credentials</span><span class="w">    </span><span class="c1"># name of the k8s Secret to be created</span><span class="w"></span>
 <span class="w">    </span><span class="nt">creationPolicy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Owner</span><span class="w"></span>
 <span class="w">  </span><span class="nt">data</span><span class="p">:</span><span class="w"></span>
-<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">dev-secret-test</span><span class="w">  </span><span class="c1"># name of the GCPSM secret key</span><span class="w"></span>
+<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database_username</span><span class="w"></span>
 <span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span><span class="w"></span>
-<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">dev-secret-test</span><span class="w"></span>
+<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database_username</span><span class="w">      </span><span class="c1"># name of the GCPSM secret key</span><span class="w"></span>
+<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database_password</span><span class="w"></span>
+<span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span><span class="w"></span>
+<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database_password</span><span class="w">      </span><span class="c1"># name of the GCPSM secret key</span><span class="w"></span>
 </code></pre></div>
 <p>The operator will fetch the GCP Secret Manager secret and inject it as a <code>Kind=Secret</code>
 <div class="highlight"><pre><span></span><code>kubectl get secret secret-to-be-created -n &lt;namespace&gt; | -o jsonpath=&#39;{.data.dev-secret-test}&#39; | base64 -d

main/provider/ibm-secrets-manager/index.html

@@ -2136,11 +2136,11 @@
 <p><div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span><span class="w"></span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span><span class="w"></span>
 <span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secretstore-sample</span><span class="w"></span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ibm-store</span><span class="w"></span>
 <span class="nt">spec</span><span class="p">:</span><span class="w"></span>
 <span class="w">  </span><span class="nt">provider</span><span class="p">:</span><span class="w"></span>
 <span class="w">    </span><span class="nt">ibm</span><span class="p">:</span><span class="w"></span>
-<span class="w">      </span><span class="nt">serviceUrl</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;https://SECRETS_MANAGER_ID.REGION.secrets-manager.appdomain.cloud&quot;</span><span class="w"></span>
+<span class="w">      </span><span class="nt">serviceUrl</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;https://&lt;SECRETS_MANAGER_ID&gt;.&lt;REGION&gt;.secrets-manager.appdomain.cloud&quot;</span><span class="w"></span>
 <span class="w">      </span><span class="nt">auth</span><span class="p">:</span><span class="w"></span>
 <span class="w">        </span><span class="nt">containerAuth</span><span class="p">:</span><span class="w"></span>
 <span class="w">          </span><span class="nt">profile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;test</span><span class="nv"> </span><span class="s">container</span><span class="nv"> </span><span class="s">auth</span><span class="nv"> </span><span class="s">profile&quot;</span><span class="w"></span>
@@ -2195,9 +2195,9 @@
 <span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">public_cert/zzzzzzz-zzzz-zzzz-zzzz-zzzzzzzzzzzz</span><span class="w"></span>
 <span class="w">      </span><span class="nt">property</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">certificate</span><span class="w"></span>
 <span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">prvt_cert</span><span class="w"></span>
-<span class="w">      </span><span class="l l-Scalar l-Scalar-Plain">remoteRef</span><span class="p p-Indicator">:</span><span class="w"></span>
-<span class="w">        </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">private_cert/zzzzzzz-zzzz-zzzz-zzzz-zzzzzzzzzzzz</span><span class="w"></span>
-<span class="w">        </span><span class="nt">property</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">certificate</span><span class="w"></span>
+<span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span><span class="w"></span>
+<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">private_cert/zzzzzzz-zzzz-zzzz-zzzz-zzzzzzzzzzzz</span><span class="w"></span>
+<span class="w">      </span><span class="nt">property</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">certificate</span><span class="w"></span>
 <span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">kv_without_key</span><span class="w"></span>
 <span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span><span class="w"></span>
 <span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">kv/zzzzzzz-zzzz-zzzz-zzzz-zzzzzzzzzzzz</span><span class="w"></span>
@@ -2209,7 +2209,6 @@
 <span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span><span class="w"></span>
 <span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">kv/zzzzzzz-zzzz-zzzz-zzzz-zzzzzzzzzzzz</span><span class="w"></span>
 <span class="w">      </span><span class="nt">property</span><span class="p">:</span><span class="w"> </span><span class="s">&#39;key.path&#39;</span><span class="w"></span>
-<span class="w">  </span><span class="nt">dataFrom</span><span class="p">:</span><span class="w"></span>
 </code></pre></div>
 <p>The behavior for the different secret types is as following:</p>
 <h4 id="arbitrary">arbitrary</h4>
@@ -2280,19 +2279,22 @@
 <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span><span class="w"></span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span><span class="w"></span>
 <span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secret-sample</span><span class="w"></span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database-credentials</span><span class="w"></span>
 <span class="nt">spec</span><span class="p">:</span><span class="w"></span>
 <span class="w">  </span><span class="nt">refreshInterval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">60m</span><span class="w"></span>
 <span class="w">  </span><span class="nt">secretStoreRef</span><span class="p">:</span><span class="w"></span>
-<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secretstore-sample</span><span class="w"></span>
+<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ibm-store</span><span class="w"></span>
 <span class="w">    </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span><span class="w"></span>
 <span class="w">  </span><span class="nt">target</span><span class="p">:</span><span class="w"></span>
-<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret-to-be-created</span><span class="w"></span>
+<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database-credentials</span><span class="w"></span>
 <span class="w">    </span><span class="nt">creationPolicy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Owner</span><span class="w"></span>
 <span class="w">  </span><span class="nt">data</span><span class="p">:</span><span class="w"></span>
-<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">test</span><span class="w"></span>
+<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">username</span><span class="w"></span>
 <span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span><span class="w"></span>
-<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx</span><span class="w"></span>
+<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database_user</span><span class="w"></span>
+<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">password</span><span class="w"></span>
+<span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span><span class="w"></span>
+<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database_password</span><span class="w"></span>
 </code></pre></div>
 <p>Currently we can only get the secret by its id and not its name, so something like <code>565287ce-578f-8d96-a746-9409d531fe2a</code>.</p>
 <h3 id="getting-the-kubernetes-secret">Getting the Kubernetes secret</h3>

main/provider/kubernetes/index.html

@@ -1970,7 +1970,7 @@
 
   <h1>Kubernetes</h1>
 
-<p>External Secrets Operator allows to retrieve secrets from a Kubernetes Cluster - this can be either a remote cluster or the local where the operator runs in.</p>
+<p>External Secrets Operator allows to retrieve secrets from a Kubernetes Cluster - this can be either a remote cluster or the local one where the operator runs in.</p>
 <p>A <code>SecretStore</code> points to a <strong>specific namespace</strong> in the target Kubernetes Cluster. You are able to retrieve all secrets from that particular namespace given you have the correct set of RBAC permissions.</p>
 <p>The <code>SecretStore</code> reconciler checks if you have read access for secrets in that namespace using <code>SelfSubjectRulesReview</code>. See below on how to set that up properly.</p>
 <h3 id="external-secret-spec">External Secret Spec</h3>
@@ -1978,38 +1978,43 @@
 <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span><span class="w"></span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span><span class="w"></span>
 <span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">example</span><span class="w"></span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database-credentials</span><span class="w"></span>
 <span class="nt">spec</span><span class="p">:</span><span class="w"></span>
 <span class="w">  </span><span class="nt">refreshInterval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1h</span><span class="w"></span>
 <span class="w">  </span><span class="nt">secretStoreRef</span><span class="p">:</span><span class="w"></span>
 <span class="w">    </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span><span class="w"></span>
-<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">example</span><span class="w">               </span><span class="c1"># name of the SecretStore (or kind specified)</span><span class="w"></span>
+<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">k8s-store</span><span class="w">             </span><span class="c1"># name of the SecretStore (or kind specified)</span><span class="w"></span>
 <span class="w">  </span><span class="nt">target</span><span class="p">:</span><span class="w"></span>
-<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret-to-be-created</span><span class="w">  </span><span class="c1"># name of the k8s Secret to be created</span><span class="w"></span>
+<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database-credentials</span><span class="w">  </span><span class="c1"># name of the k8s Secret to be created</span><span class="w"></span>
 <span class="w">  </span><span class="nt">data</span><span class="p">:</span><span class="w"></span>
-<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">extra</span><span class="w"></span>
+<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">username</span><span class="w"></span>
 <span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span><span class="w"></span>
-<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret-example</span><span class="w"></span>
-<span class="w">      </span><span class="nt">property</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">extra</span><span class="w"></span>
+<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database-credentials</span><span class="w"></span>
+<span class="w">      </span><span class="nt">property</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">username</span><span class="w"></span>
+
+<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">password</span><span class="w"></span>
+<span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span><span class="w"></span>
+<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database-credentials</span><span class="w"></span>
+<span class="w">      </span><span class="nt">property</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">password</span><span class="w"></span>
 </code></pre></div>
 <h4 id="find-by-tag-name">find by tag &amp; name</h4>
 <p>You can fetch secrets based on labels or names matching a regexp:</p>
 <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span><span class="w"></span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span><span class="w"></span>
 <span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">example</span><span class="w"></span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">fetch-tls-and-nginx</span><span class="w"></span>
 <span class="nt">spec</span><span class="p">:</span><span class="w"></span>
 <span class="w">  </span><span class="nt">refreshInterval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1h</span><span class="w"></span>
 <span class="w">  </span><span class="nt">secretStoreRef</span><span class="p">:</span><span class="w"></span>
 <span class="w">    </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span><span class="w"></span>
-<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">example</span><span class="w"></span>
+<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">k8s-store</span><span class="w"></span>
 <span class="w">  </span><span class="nt">target</span><span class="p">:</span><span class="w"></span>
-<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret-to-be-created</span><span class="w"></span>
+<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">fetch-tls-and-nginx</span><span class="w"></span>
 <span class="w">  </span><span class="nt">dataFrom</span><span class="p">:</span><span class="w"></span>
 <span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">find</span><span class="p">:</span><span class="w"></span>
 <span class="w">      </span><span class="nt">name</span><span class="p">:</span><span class="w"></span>
 <span class="w">        </span><span class="c1"># match secret name with regexp</span><span class="w"></span>
-<span class="w">        </span><span class="nt">regexp</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;key-.*&quot;</span><span class="w"></span>
+<span class="w">        </span><span class="nt">regexp</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;tls-.*&quot;</span><span class="w"></span>
 <span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">find</span><span class="p">:</span><span class="w"></span>
 <span class="w">      </span><span class="nt">tags</span><span class="p">:</span><span class="w"></span>
 <span class="w">        </span><span class="c1"># fetch secrets based on label combination</span><span class="w"></span>
@@ -2024,10 +2029,11 @@ You may also define it inline as base64 encoded value using the <code>caBundle</
 <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span><span class="w"></span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span><span class="w"></span>
 <span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">example</span><span class="w"></span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">k8s-store-default-ns</span><span class="w"></span>
 <span class="nt">spec</span><span class="p">:</span><span class="w"></span>
 <span class="w">  </span><span class="nt">provider</span><span class="p">:</span><span class="w"></span>
 <span class="w">    </span><span class="nt">kubernetes</span><span class="p">:</span><span class="w"></span>
+<span class="w">      </span><span class="c1"># with this, the store is able to pull only from `default` namespace</span><span class="w"></span>
 <span class="w">      </span><span class="nt">remoteNamespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">default</span><span class="w"></span>
 <span class="w">      </span><span class="nt">server</span><span class="p">:</span><span class="w"></span>
 <span class="w">        </span><span class="nt">url</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;https://myapiserver.tld&quot;</span><span class="w"></span>
@@ -2064,7 +2070,7 @@ You may also define it inline as base64 encoded value using the <code>caBundle</
 <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v1</span><span class="w"></span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Secret</span><span class="w"></span>
 <span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">mydefaulttoken</span><span class="w"></span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-token</span><span class="w"></span>
 <span class="nt">data</span><span class="p">:</span><span class="w"></span>
 <span class="w">  </span><span class="nt">token</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;....&quot;</span><span class="w"></span>
 </code></pre></div>
@@ -2072,18 +2078,19 @@ You may also define it inline as base64 encoded value using the <code>caBundle</
 <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span><span class="w"></span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span><span class="w"></span>
 <span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">example</span><span class="w"></span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">k8s-store-token-auth</span><span class="w"></span>
 <span class="nt">spec</span><span class="p">:</span><span class="w"></span>
 <span class="w">  </span><span class="nt">provider</span><span class="p">:</span><span class="w"></span>
 <span class="w">    </span><span class="nt">kubernetes</span><span class="p">:</span><span class="w"></span>
+<span class="w">      </span><span class="c1"># with this, the store is able to pull only from `default` namespace</span><span class="w"></span>
+<span class="w">      </span><span class="nt">remoteNamespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">default</span><span class="w"></span>
 <span class="w">      </span><span class="nt">server</span><span class="p">:</span><span class="w"></span>
 <span class="w">        </span><span class="c1"># ...</span><span class="w"></span>
 <span class="w">      </span><span class="nt">auth</span><span class="p">:</span><span class="w"></span>
 <span class="w">        </span><span class="nt">token</span><span class="p">:</span><span class="w"></span>
 <span class="w">          </span><span class="nt">bearerToken</span><span class="p">:</span><span class="w"></span>
-<span class="w">            </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">mydefaulttoken</span><span class="w"></span>
+<span class="w">            </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-token</span><span class="w"></span>
 <span class="w">            </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">token</span><span class="w"></span>
-<span class="w">      </span><span class="nt">remoteNamespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">default</span><span class="w"></span>
 </code></pre></div>
 <h4 id="authenticating-with-serviceaccount">Authenticating with ServiceAccount</h4>
 <p>Create a Kubernetes Service Account, please refer to the <a href="https://kubernetes.io/docs/reference/access-authn-authz/authentication/#service-account-tokens">Service Account Tokens Documentation</a> on how they work and how to create them.</p>
@@ -2096,16 +2103,17 @@ You may also define it inline as base64 encoded value using the <code>caBundle</
 <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span><span class="w"></span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span><span class="w"></span>
 <span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">example</span><span class="w"></span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">k8s-store-sa-auth</span><span class="w"></span>
 <span class="nt">spec</span><span class="p">:</span><span class="w"></span>
 <span class="w">  </span><span class="nt">provider</span><span class="p">:</span><span class="w"></span>
 <span class="w">    </span><span class="nt">kubernetes</span><span class="p">:</span><span class="w"></span>
+<span class="w">      </span><span class="c1"># with this, the store is able to pull only from `default` namespace</span><span class="w"></span>
+<span class="w">      </span><span class="nt">remoteNamespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">default</span><span class="w"></span>
 <span class="w">      </span><span class="nt">server</span><span class="p">:</span><span class="w"></span>
 <span class="w">        </span><span class="c1"># ...</span><span class="w"></span>
 <span class="w">      </span><span class="nt">auth</span><span class="p">:</span><span class="w"></span>
 <span class="w">        </span><span class="nt">serviceAccount</span><span class="p">:</span><span class="w"></span>
 <span class="w">          </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;my-store&quot;</span><span class="w"></span>
-<span class="w">      </span><span class="nt">remoteNamespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">default</span><span class="w"></span>
 </code></pre></div>
 <h4 id="authenticating-with-client-certificates">Authenticating with Client Certificates</h4>
 <p>Create a Kubernetes secret which contains the client key and certificate. See <a href="https://kubernetes.io/docs/tasks/administer-cluster/certificates/">Generate Certificates Documentations</a> on how to create them.</p>
@@ -2115,10 +2123,12 @@ You may also define it inline as base64 encoded value using the <code>caBundle</
 <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span><span class="w"></span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span><span class="w"></span>
 <span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">example</span><span class="w"></span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">k8s-store-cert-auth</span><span class="w"></span>
 <span class="nt">spec</span><span class="p">:</span><span class="w"></span>
 <span class="w">  </span><span class="nt">provider</span><span class="p">:</span><span class="w"></span>
 <span class="w">    </span><span class="nt">kubernetes</span><span class="p">:</span><span class="w"></span>
+<span class="w">      </span><span class="c1"># with this, the store is able to pull only from `default` namespace</span><span class="w"></span>
+<span class="w">      </span><span class="nt">remoteNamespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">default</span><span class="w"></span>
 <span class="w">      </span><span class="nt">server</span><span class="p">:</span><span class="w"></span>
 <span class="w">        </span><span class="c1"># ...</span><span class="w"></span>
 <span class="w">      </span><span class="nt">auth</span><span class="p">:</span><span class="w"></span>
@@ -2129,7 +2139,6 @@ You may also define it inline as base64 encoded value using the <code>caBundle</
 <span class="w">          </span><span class="nt">clientKey</span><span class="p">:</span><span class="w"></span>
 <span class="w">            </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;tls-secret&quot;</span><span class="w"></span>
 <span class="w">            </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;tls.key&quot;</span><span class="w"></span>
-<span class="w">      </span><span class="nt">remoteNamespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">default</span><span class="w"></span>
 </code></pre></div>
 
               

main/sitemap.xml

@@ -325,9 +325,4 @@
          <lastmod>2022-11-30</lastmod>
          <changefreq>daily</changefreq>
     </url>
-    <url>
-         <loc>None</loc>
-         <lastmod>2022-11-30</lastmod>
-         <changefreq>daily</changefreq>
-    </url>
 </urlset>

main/snippets/akeyless-external-secret-json.yaml

@@ -1,7 +1,7 @@
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
-  name: akeyless-external-secret-example-json
+  name: database-credentials
 spec:
   refreshInterval: 1h
 
@@ -10,10 +10,10 @@ spec:
     name: akeyless-secret-store # Must match SecretStore on the cluster
 
   target:
-    name: akeyless-secret-to-create-json # Name for the secret to be created on the cluster
+    name: database-credentials # Name for the secret to be created on the cluster
     creationPolicy: Owner
 
   # for json formatted secrets: each key in the json will be used as the secret key in the SECRET k8s target object
   dataFrom:
   - extract:
-      key: secret-name # Full path of the secret on Akeyless
+      key: database-credentials # Full path of the secret on Akeyless

main/snippets/akeyless-external-secret.yaml

@@ -1,7 +1,7 @@
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
-  name: akeyless-external-secret-example
+  name: database-credentials
 spec:
   refreshInterval: 1h
 
@@ -10,10 +10,13 @@ spec:
     name: akeyless-secret-store # Must match SecretStore on the cluster
 
   target:
-    name: akeyless-secret-to-create # Name for the secret to be created on the cluster
+    name: database-credentials # Name for the secret to be created on the cluster
     creationPolicy: Owner
 
   data:
-    - secretKey: secretKey # Key given to the secret to be created on the cluster
+    - secretKey: username # Key given to the secret to be created on the cluster
       remoteRef:
-        key: secret-name # Full path of the secret on Akeyless
+        key: db-username  # Full path of the secret on Akeyless
+    - secretKey: password # Key given to the secret to be created on the cluster
+      remoteRef:
+        key: db-password  # Full path of the secret on Akeyless

main/snippets/aws-parameter-store.yaml

@@ -1,14 +1,14 @@
 apiVersion: external-secrets.io/v1beta1
 kind: SecretStore
 metadata:
-  name: secretstore-sample
+  name: parameterstore
 spec:
   provider:
     aws:
       service: ParameterStore
       # define a specific role to limit access
       # to certain secrets
-      role: iam-role
+      role: arn:aws:iam::123456789012:role/external-secrets
       region: eu-central-1
       auth:
         secretRef:

main/snippets/aws-sm-external-secret.yaml

@@ -5,17 +5,17 @@ metadata:
 spec:
   refreshInterval: 1m
   secretStoreRef:
-    name: secretstore-sample
+    name: aws-secretsmanager
     kind: SecretStore
   target:
-    name: secret-to-be-created
+    name: friends
     creationPolicy: Owner
   data:
-  - secretKey: firstname
+  - secretKey: my_name
     remoteRef:
-      key: my-json-secret
+      key: friendslist
       property: name.first # Tom
   - secretKey: first_friend
     remoteRef:
-      key: my-json-secret
+      key: friendslist
       property: friends.1.first # Roger

main/snippets/aws-sm-store.yaml

@@ -1,16 +1,16 @@
 apiVersion: external-secrets.io/v1beta1
 kind: SecretStore
 metadata:
-  name: secretstore-sample
+  name: aws-secretsmanager
 spec:
   provider:
     aws:
       service: SecretsManager
       # define a specific role to limit access
       # to certain secrets.
-      # role is a optional field that 
+      # role is a optional field that
       # can be omitted for test purposes
-      role: iam-role
+      role: arn:aws:iam::123456789012:role/external-secrets
       region: eu-central-1
       auth:
         secretRef:

main/snippets/azkv-datafrom-external-secret.yaml

@@ -1,27 +1,31 @@
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
-  name: example
+  name: all-secrets
 spec:
-  refreshInterval: 1h           # rate SecretManager pulls Azure Key Vault
+  refreshInterval: 1h           # rate ESO pulls Azure Key Vault
   secretStoreRef:
     kind: SecretStore
-    name: example               # name of the SecretStore (or kind specified)
+    name: azure-store           # name of the SecretStore (or kind specified)
   target:
-    name: secret-to-be-created  # name of the k8s Secret to be created
+    name: all-secrets           # name of the k8s Secret to be created
     creationPolicy: Owner
   dataFrom:
+  # find all secrets starting with dev-
   - find:
       name:
-        regexp: "^example"
+        regexp: "^dev"
+  # find all secrets with tags
   - find:
       tags:
-        author: seb
         environment: dev
-  # secret value is in JSON format and we unmarshall it into multiple key/values in k8s secret
-  - extract: 
-      key: test
-  # get all tags and the tags in JSON format will be unmarshall 
-  - extract: 
-      key: test
+
+  # extract data from a json value
+  - extract:
+      key: database-credentials
+
+  # fetch tags from `database-credentials`
+  # and store them as individual keys in a secret
+  - extract:
+      key: database-credentials
       metadataPolicy: Fetch

main/snippets/azkv-external-secret.yaml

@@ -1,49 +1,49 @@
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
-  name: example-external-secret
+  name: database-credentials
 spec:
   refreshInterval: 1h
   secretStoreRef:
     kind: SecretStore
-    name: example-secret-store
+    name: azure-store
 
   target:
-    name: secret-to-be-created
+    name: database-credentials
     creationPolicy: Owner
 
   data:
   # name of the SECRET in the Azure KV (no prefix is by default a SECRET)
-  - secretKey: dev-secret-test
+  - secretKey: database-username
     remoteRef:
-      key: dev-secret-test
+      key: database-username
 
   # explicit type and name of secret in the Azure KV
-  - secretKey: dev-another-secret-test
+  - secretKey: database-password
     remoteRef:
-      key: secret/dev-secret-test
+      key: secret/database-password
 
   # metadataPolicy to fetch all the tags in JSON format
-  - secretKey: dev-secret-test
+  - secretKey: database-credentials-metadata
     remoteRef:
-      key: dev-secret-test
+      key: database-credentials
       metadataPolicy: Fetch
 
   # metadataPolicy to fetch a specific tag which name must be in property
-  - secretKey: dev-secret-test
+  - secretKey: database-credentials
     remoteRef:
-      key: dev-secret-test
+      key: database-credentials
       metadataPolicy: Fetch
-      property: tagname
+      property: environment
 
   # type/name of certificate in the Azure KV
   # raw value will be returned, use templating features for data processing
-  - secretKey: dev-cert-test
+  - secretKey: db-client-cert
     remoteRef:
-      key: cert/dev-cert-test
+      key: cert/db-client-cert
 
   # type/name of the public key in the Azure KV
   # the key is returned PEM encoded
-  - secretKey: dev-key-test
+  - secretKey: encryption-pubkey
     remoteRef:
-      key: key/dev-key-test
+      key: key/encryption-pubkey

main/snippets/azkv-pkcs12-cert-external-secret.yaml

@@ -2,23 +2,23 @@
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
-  name: mycert
+  name: tls-client-credentials
 spec:
-  refreshInterval: 24h
+  refreshInterval: 1h
   secretStoreRef:
-    kind: ClusterSecretStore
-    name: kv-mycert
+    kind: SecretStore
+    name: azure-store
   target:
     template:
       type: kubernetes.io/tls
       engineVersion: v2
       data:
-        tls.crt: "{{ .mycert | b64dec | pkcs12cert }}"
-        tls.key: "{{ .mycert | b64dec | pkcs12key }}"
+        tls.crt: "{{ .tls | b64dec | pkcs12cert }}"
+        tls.key: "{{ .tls | b64dec | pkcs12key }}"
   data:
-  - secretKey: mycert
+  - secretKey: tls
     remoteRef:
       # Azure Key Vault certificates must be fetched as secret/cert-name
-      key: secret/mycert
+      key: secret/tls-client-credentials
 
 {% endraw %}

main/snippets/azkv-secret-store-mi.yaml

@@ -1,7 +1,7 @@
 apiVersion: external-secrets.io/v1beta1
 kind: SecretStore
 metadata:
-  name: example-secret-store
+  name: azure-store
 spec:
   provider:
     # provider type: azure keyvault

main/snippets/azkv-secret-store.yaml

@@ -1,7 +1,7 @@
 apiVersion: external-secrets.io/v1beta1
 kind: SecretStore
 metadata:
-  name: example-secret-store
+  name: azure-store
 spec:
   provider:
     # provider type: azure keyvault

main/snippets/azkv-workload-identity-mounted.yaml

@@ -10,7 +10,7 @@ metadata:
 apiVersion: external-secrets.io/v1beta1
 kind: SecretStore
 metadata:
-  name: example-secret-store
+  name: azure-store
 spec:
   provider:
     azurekv:

main/snippets/azkv-workload-identity.yaml

@@ -10,7 +10,7 @@ metadata:
 apiVersion: external-secrets.io/v1beta1
 kind: SecretStore
 metadata:
-  name: example-secret-store
+  name: azure-store
 spec:
   provider:
     azurekv:

main/snippets/full-external-secret.yaml

@@ -13,9 +13,9 @@ metadata:
 
 spec:
 
-  # SecretStoreRef defines which SecretStore to use when fetching the secret data
+  # Optional, SecretStoreRef defines the default SecretStore to use when fetching the secret data.
   secretStoreRef:
-    name: secret-store-name
+    name: aws-store
     kind: SecretStore  # or ClusterSecretStore
 
   # RefreshInterval is the amount of time before the values reading again from the SecretStore provider
@@ -30,7 +30,7 @@ spec:
     # The secret name of the resource
     # Defaults to .metadata.name of the ExternalSecret
     # It is immutable
-    name: my-secret
+    name: application-config
 
     # Enum with values: 'Owner', 'Merge', or 'None'
     # Default value of 'Owner'
@@ -55,47 +55,58 @@ spec:
       # Use inline templates to construct your desired config file that contains your secret
       data:
         config.yml: |
-          endpoints:
-          - https://{{ .data.user }}:{{ .data.password }}@api.exmaple.com
+          database:
+            connection: postgres://{{ .username }}:{{ .password }}@{{ .database_host }}:5432/payments
 
       # Uses an existing template from configmap
       # Secret is fetched, merged and templated within the referenced configMap data
       # It does not update the configmap, it creates a secret with: data["alertmanager.yml"] = ...result...
       templateFrom:
       - configMap:
-          name: alertmanager
+          name: application-config-tmpl
           items:
-          - key: alertmanager.yaml
+          - key: config.yml
 
   # Data defines the connection between the Kubernetes Secret keys and the Provider data
   data:
-    - secretKey: secret-key-to-be-managed
+    - secretKey: username
       remoteRef:
-        key: provider-key
-        version: provider-key-version
-        property: provider-key-property
+        key: database-credentials
+        version: v1
+        property: username
         decodingStrategy: None # can be None, Base64, Base64URL or Auto
 
+      # define the source of the secret. Can be a SecretStore or a Generator kind
+      sourceRef:
+        # point to a SecretStore that should be used to fetch a secret.
+        # must be defined if no spec.secretStoreRef is defined.
+        storeRef:
+          name: aws-secretstore
+          kind: ClusterSecretStore
+
+        # point to a generator resource that provides the secret value
+        generatorRef:
+          apiVersion: generators.external-secrets.io/v1alpha1
+          kind: Password
+          name: db-password
+
   # Used to fetch all properties from the Provider key
   # If multiple dataFrom are specified, secrets are merged in the specified order
   dataFrom:
   - extract:
-      key: provider-key
-      version: provider-key-version
-      property: provider-key-property
+      key: database-credentials
+      version: v1
+      property: data
       conversionStrategy: Default
       decodingStrategy: Auto
     rewrite:
-    - regexp:
-        source: "foo"
-        target: "bar"
     - regexp:
         source: "exp-(.*?)-ression"
-        target: "rewriting-$1-with-groups"
+        target: "rewriting-${1}-with-groups"
   - find:
       path: path-to-filter
           source: "exp-(.*?)-ression"
-          target: "rewriting-$1-with-groups"
+          target: "rewriting-${1}-with-groups"
       name:
         regexp: ".*foobar.*"
       tags:
@@ -106,7 +117,6 @@ spec:
     - regexp:
         source: "foo"
         target: "bar"
-    - regexp:
 
 status:
   # refreshTime is the time and date the external secret was fetched and

main/snippets/gcpsm-external-secret.yaml

@@ -1,16 +1,19 @@
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
-  name: example
+  name: database-credentials
 spec:
-  refreshInterval: 1h           # rate SecretManager pulls GCPSM
+  refreshInterval: 1h             # rate SecretManager pulls GCPSM
   secretStoreRef:
     kind: SecretStore
-    name: example               # name of the SecretStore (or kind specified)
+    name: gcp-store               # name of the SecretStore (or kind specified)
   target:
-    name: secret-to-be-created  # name of the k8s Secret to be created
+    name: database-credentials    # name of the k8s Secret to be created
     creationPolicy: Owner
   data:
-  - secretKey: dev-secret-test  # name of the GCPSM secret key
+  - secretKey: database_username
     remoteRef:
-      key: dev-secret-test
+      key: database_username      # name of the GCPSM secret key
+  - secretKey: database_password
+    remoteRef:
+      key: database_password      # name of the GCPSM secret key

main/snippets/gcpsm-pod-wi-secret-store.yaml

@@ -1,8 +1,8 @@
 apiVersion: external-secrets.io/v1beta1
 kind: SecretStore
 metadata:
-  name: example
+  name: gcp-store
 spec:
   provider:
     gcpsm:
-      projectID: pid
+      projectID: alphabet-123

main/snippets/gcpsm-secret-store.yaml

@@ -1,7 +1,7 @@
 apiVersion: external-secrets.io/v1beta1
 kind: SecretStore
 metadata:
-  name: example
+  name: gcp-store
 spec:
   provider:
       gcpsm:                                  # gcpsm provider
@@ -10,4 +10,4 @@ spec:
             secretAccessKeySecretRef:
               name: gcpsm-secret              # secret name containing SA key
               key: secret-access-credentials  # key name containing SA key
-        projectID: myproject                  # name of Google Cloud project
+        projectID: alphabet-123               # name of Google Cloud project

main/snippets/gcpsm-wi-secret-store.yaml

@@ -1,17 +1,17 @@
 apiVersion: external-secrets.io/v1beta1
 kind: ClusterSecretStore
 metadata:
-  name: example
+  name: gcp-store
 spec:
   provider:
     gcpsm:
-      projectID: my-project
+      projectID: alphabet-123
       auth:
         workloadIdentity:
           # name of the cluster region
           clusterLocation: europe-central2
           # name of the GKE cluster
-          clusterName: example-workload-identity
+          clusterName: alpha-cluster-42
           # projectID of the cluster (if omitted defaults to spec.provider.gcpsm.projectID)
           clusterProjectID: my-cluster-project
           # reference the sa from above

main/snippets/ibm-es-types.yaml

@@ -25,9 +25,9 @@ spec:
       key: public_cert/zzzzzzz-zzzz-zzzz-zzzz-zzzzzzzzzzzz
       property: certificate
   - secretKey: prvt_cert
-      remoteRef:
-        key: private_cert/zzzzzzz-zzzz-zzzz-zzzz-zzzzzzzzzzzz
-        property: certificate
+    remoteRef:
+      key: private_cert/zzzzzzz-zzzz-zzzz-zzzz-zzzzzzzzzzzz
+      property: certificate
   - secretKey: kv_without_key
     remoteRef:
       key: kv/zzzzzzz-zzzz-zzzz-zzzz-zzzzzzzzzzzz
@@ -39,5 +39,3 @@ spec:
     remoteRef:
       key: kv/zzzzzzz-zzzz-zzzz-zzzz-zzzzzzzzzzzz
       property: 'key.path'
-  dataFrom:
-

main/snippets/ibm-external-secret.yaml

@@ -1,16 +1,19 @@
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
-  name: external-secret-sample
+  name: database-credentials
 spec:
   refreshInterval: 60m
   secretStoreRef:
-    name: secretstore-sample
+    name: ibm-store
     kind: SecretStore
   target:
-    name: secret-to-be-created
+    name: database-credentials
     creationPolicy: Owner
   data:
-  - secretKey: test
+  - secretKey: username
     remoteRef:
-      key: xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+      key: database_user
+  - secretKey: password
+    remoteRef:
+      key: database_password

main/snippets/ibm-secret-store.yaml

@@ -1,11 +1,11 @@
 apiVersion: external-secrets.io/v1beta1
 kind: SecretStore
 metadata:
-  name: secretstore-sample
+  name: ibm-store
 spec:
   provider:
     ibm:
-      serviceUrl: "https://SECRETS_MANAGER_ID.REGION.secrets-manager.appdomain.cloud"
+      serviceUrl: "https://<SECRETS_MANAGER_ID>.<REGION>.secrets-manager.appdomain.cloud"
       auth:
         containerAuth:
           profile: "test container auth profile"

main/spec/index.html

@@ -1,7912 +0,0 @@
-
-<!doctype html>
-<html lang="en" class="no-js">
-  <head>
-    
-      <meta charset="utf-8">
-      <meta name="viewport" content="width=device-width,initial-scale=1">
-      
-      
-      
-      <link rel="icon" href="../assets/images/favicon.png">
-      <meta name="generator" content="mkdocs-1.2.3, mkdocs-material-8.1.10">
-    
-    
-      
-        <title>Spec - External Secrets Operator</title>
-      
-    
-    
-      <link rel="stylesheet" href="../assets/stylesheets/main.d6be258b.min.css">
-      
-        
-        <link rel="stylesheet" href="../assets/stylesheets/palette.e6a45f82.min.css">
-        
-      
-    
-    
-    
-      
-        
-        <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
-        <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback">
-        <style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
-      
-    
-    
-    <script>__md_scope=new URL("..",location),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
-    
-      
-  
-
-
-  
-  
-
-
-  <script>function gtag(){dataLayer.push(arguments)}window.dataLayer=window.dataLayer||[],gtag("js",new Date),gtag("config","G-QP38TD8K7V"),document.addEventListener("DOMContentLoaded",function(){document.forms.search&&document.forms.search.query.addEventListener("blur",function(){this.value&&gtag("event","search",{search_term:this.value})}),"undefined"!=typeof location$&&location$.subscribe(function(e){gtag("config","G-QP38TD8K7V",{page_path:e.pathname})})})</script>
-  <script async src="https://www.googletagmanager.com/gtag/js?id=G-QP38TD8K7V"></script>
-
-
-    
-    
-  </head>
-  
-  
-    
-    
-    
-    
-    
-    <body dir="ltr" data-md-color-scheme="" data-md-color-primary="none" data-md-color-accent="none">
-  
-    
-    
-    <input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
-    <input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
-    <label class="md-overlay" for="__drawer"></label>
-    <div data-md-component="skip">
-      
-    </div>
-    <div data-md-component="announce">
-      
-    </div>
-    
-      <div data-md-component="outdated" hidden>
-        <aside class="md-banner md-banner--warning">
-          
-            <div class="md-banner__inner md-grid md-typeset">
-              
-  You're not viewing the latest version.
-  <a href="../..">
-    <strong>Click here to go to latest.</strong>
-  </a>
-
-            </div>
-            <script>var el=document.querySelector("[data-md-component=outdated]"),outdated=__md_get("__outdated",sessionStorage);!0===outdated&&el&&(el.hidden=!1)</script>
-          
-        </aside>
-      </div>
-    
-    
-      
-
-<header class="md-header" data-md-component="header">
-  <nav class="md-header__inner md-grid" aria-label="Header">
-    <a href=".." title="External Secrets Operator" class="md-header__button md-logo" aria-label="External Secrets Operator" data-md-component="logo">
-      
-  
-  <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54z"/></svg>
-
-    </a>
-    <label class="md-header__button md-icon" for="__drawer">
-      <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2z"/></svg>
-    </label>
-    <div class="md-header__title" data-md-component="header-title">
-      <div class="md-header__ellipsis">
-        <div class="md-header__topic">
-          <span class="md-ellipsis">
-            External Secrets Operator
-          </span>
-        </div>
-        <div class="md-header__topic" data-md-component="header-topic">
-          <span class="md-ellipsis">
-            
-              Spec
-            
-          </span>
-        </div>
-      </div>
-    </div>
-    
-    
-    
-      <label class="md-header__button md-icon" for="__search">
-        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z"/></svg>
-      </label>
-      <div class="md-search" data-md-component="search" role="dialog">
-  <label class="md-search__overlay" for="__search"></label>
-  <div class="md-search__inner" role="search">
-    <form class="md-search__form" name="search">
-      <input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
-      <label class="md-search__icon md-icon" for="__search">
-        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z"/></svg>
-        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg>
-      </label>
-      <nav class="md-search__options" aria-label="Search">
-        
-        <button type="reset" class="md-search__icon md-icon" aria-label="Clear" tabindex="-1">
-          <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41z"/></svg>
-        </button>
-      </nav>
-      
-    </form>
-    <div class="md-search__output">
-      <div class="md-search__scrollwrap" data-md-scrollfix>
-        <div class="md-search-result" data-md-component="search-result">
-          <div class="md-search-result__meta">
-            Initializing search
-          </div>
-          <ol class="md-search-result__list"></ol>
-        </div>
-      </div>
-    </div>
-  </div>
-</div>
-    
-    
-      <div class="md-header__source">
-        <a href="https://github.com/external-secrets/external-secrets/" title="Go to repository" class="md-source" data-md-component="source">
-  <div class="md-source__icon md-icon">
-    
-    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z"/></svg>
-  </div>
-  <div class="md-source__repository">
-    External Secrets Operator
-  </div>
-</a>
-      </div>
-    
-  </nav>
-  
-</header>
-    
-    <div class="md-container" data-md-component="container">
-      
-      
-        
-          
-            
-<nav class="md-tabs" aria-label="Tabs" data-md-component="tabs">
-  <div class="md-tabs__inner md-grid">
-    <ul class="md-tabs__list">
-      
-        
-  
-  
-
-
-  
-  
-  
-    <li class="md-tabs__item">
-      <a href=".." class="md-tabs__link">
-        Introduction
-      </a>
-    </li>
-  
-
-      
-        
-  
-  
-
-
-  
-  
-  
-    <li class="md-tabs__item">
-      <a href="../api/components/" class="md-tabs__link">
-        API
-      </a>
-    </li>
-  
-
-      
-        
-  
-  
-
-
-  
-  
-  
-    <li class="md-tabs__item">
-      <a href="../guides/introduction/" class="md-tabs__link">
-        Guides
-      </a>
-    </li>
-  
-
-      
-        
-  
-  
-
-
-  
-  
-  
-    <li class="md-tabs__item">
-      <a href="../provider/aws-secrets-manager/" class="md-tabs__link">
-        Provider
-      </a>
-    </li>
-  
-
-      
-        
-  
-  
-
-
-  
-  
-  
-    <li class="md-tabs__item">
-      <a href="../examples/gitops-using-fluxcd/" class="md-tabs__link">
-        Examples
-      </a>
-    </li>
-  
-
-      
-        
-  
-  
-
-
-  
-  
-  
-    
-
-  
-  
-  
-    <li class="md-tabs__item">
-      <a href="../contributing/devguide/" class="md-tabs__link">
-        Community
-      </a>
-    </li>
-  
-
-  
-
-      
-    </ul>
-  </div>
-</nav>
-          
-        
-      
-      <main class="md-main" data-md-component="main">
-        <div class="md-main__inner md-grid">
-          
-            
-              
-              <div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
-                <div class="md-sidebar__scrollwrap">
-                  <div class="md-sidebar__inner">
-                    
-
-  
-
-
-<nav class="md-nav md-nav--primary md-nav--lifted" aria-label="Navigation" data-md-level="0">
-  <label class="md-nav__title" for="__drawer">
-    <a href=".." title="External Secrets Operator" class="md-nav__button md-logo" aria-label="External Secrets Operator" data-md-component="logo">
-      
-  
-  <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54z"/></svg>
-
-    </a>
-    External Secrets Operator
-  </label>
-  
-    <div class="md-nav__source">
-      <a href="https://github.com/external-secrets/external-secrets/" title="Go to repository" class="md-source" data-md-component="source">
-  <div class="md-source__icon md-icon">
-    
-    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z"/></svg>
-  </div>
-  <div class="md-source__repository">
-    External Secrets Operator
-  </div>
-</a>
-    </div>
-  
-  <ul class="md-nav__list" data-md-scrollfix>
-    
-      
-      
-      
-
-  
-  
-  
-    
-    <li class="md-nav__item md-nav__item--nested">
-      
-      
-        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_1" data-md-state="indeterminate" type="checkbox" id="__nav_1" checked>
-      
-      
-      
-        
-          
-            
-          
-        
-          
-        
-          
-        
-          
-        
-          
-        
-          
-        
-      
-      
-        
-        
-        <div class="md-nav__link md-nav__link--index ">
-          <a href="..">Introduction</a>
-          
-            <label for="__nav_1">
-              <span class="md-nav__icon md-icon"></span>
-            </label>
-          
-        </div>
-      
-      <nav class="md-nav" aria-label="Introduction" data-md-level="1">
-        <label class="md-nav__title" for="__nav_1">
-          <span class="md-nav__icon md-icon"></span>
-          Introduction
-        </label>
-        <ul class="md-nav__list" data-md-scrollfix>
-          
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../introduction/overview/" class="md-nav__link">
-        Overview
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../introduction/getting-started/" class="md-nav__link">
-        Getting started
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../introduction/faq/" class="md-nav__link">
-        FAQ
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../introduction/stability-support/" class="md-nav__link">
-        Stability and Support
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../introduction/deprecation-policy/" class="md-nav__link">
-        Deprecation Policy
-      </a>
-    </li>
-  
-
-            
-          
-        </ul>
-      </nav>
-    </li>
-  
-
-    
-      
-      
-      
-
-  
-  
-  
-    
-    <li class="md-nav__item md-nav__item--nested">
-      
-      
-        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_2" data-md-state="indeterminate" type="checkbox" id="__nav_2" checked>
-      
-      
-      
-        
-          
-        
-          
-        
-          
-        
-          
-        
-      
-      
-        <label class="md-nav__link" for="__nav_2">
-          API
-          <span class="md-nav__icon md-icon"></span>
-        </label>
-      
-      <nav class="md-nav" aria-label="API" data-md-level="1">
-        <label class="md-nav__title" for="__nav_2">
-          <span class="md-nav__icon md-icon"></span>
-          API
-        </label>
-        <ul class="md-nav__list" data-md-scrollfix>
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../api/components/" class="md-nav__link">
-        Components
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    
-    <li class="md-nav__item md-nav__item--nested">
-      
-      
-        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_2_2" data-md-state="indeterminate" type="checkbox" id="__nav_2_2" checked>
-      
-      
-      
-        
-          
-        
-          
-        
-          
-        
-          
-        
-          
-        
-      
-      
-        <label class="md-nav__link" for="__nav_2_2">
-          Core Resources
-          <span class="md-nav__icon md-icon"></span>
-        </label>
-      
-      <nav class="md-nav" aria-label="Core Resources" data-md-level="2">
-        <label class="md-nav__title" for="__nav_2_2">
-          <span class="md-nav__icon md-icon"></span>
-          Core Resources
-        </label>
-        <ul class="md-nav__list" data-md-scrollfix>
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../api/externalsecret/" class="md-nav__link">
-        ExternalSecret
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../api/secretstore/" class="md-nav__link">
-        SecretStore
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../api/clustersecretstore/" class="md-nav__link">
-        ClusterSecretStore
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../api/clusterexternalsecret/" class="md-nav__link">
-        ClusterExternalSecret
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../api/pushsecret/" class="md-nav__link">
-        PushSecret
-      </a>
-    </li>
-  
-
-            
-          
-        </ul>
-      </nav>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    
-    <li class="md-nav__item md-nav__item--nested">
-      
-      
-        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_2_3" data-md-state="indeterminate" type="checkbox" id="__nav_2_3" checked>
-      
-      
-      
-        
-          
-            
-          
-        
-          
-        
-          
-        
-          
-        
-          
-        
-          
-        
-      
-      
-        
-        
-        <div class="md-nav__link md-nav__link--index ">
-          <a href="../api/generator/">Generators</a>
-          
-            <label for="__nav_2_3">
-              <span class="md-nav__icon md-icon"></span>
-            </label>
-          
-        </div>
-      
-      <nav class="md-nav" aria-label="Generators" data-md-level="2">
-        <label class="md-nav__title" for="__nav_2_3">
-          <span class="md-nav__icon md-icon"></span>
-          Generators
-        </label>
-        <ul class="md-nav__list" data-md-scrollfix>
-          
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../api/generator/acr/" class="md-nav__link">
-        Azure Container Registry
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../api/generator/ecr/" class="md-nav__link">
-        AWS Elastic Container Registry
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../api/generator/gcr/" class="md-nav__link">
-        Google Container Registry
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../api/generator/password/" class="md-nav__link">
-        Password
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../api/generator/fake/" class="md-nav__link">
-        Fake
-      </a>
-    </li>
-  
-
-            
-          
-        </ul>
-      </nav>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    
-    <li class="md-nav__item md-nav__item--nested">
-      
-      
-        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_2_4" data-md-state="indeterminate" type="checkbox" id="__nav_2_4" checked>
-      
-      
-      
-        
-          
-        
-          
-        
-          
-        
-      
-      
-        <label class="md-nav__link" for="__nav_2_4">
-          Reference Docs
-          <span class="md-nav__icon md-icon"></span>
-        </label>
-      
-      <nav class="md-nav" aria-label="Reference Docs" data-md-level="2">
-        <label class="md-nav__title" for="__nav_2_4">
-          <span class="md-nav__icon md-icon"></span>
-          Reference Docs
-        </label>
-        <ul class="md-nav__list" data-md-scrollfix>
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../api/spec/" class="md-nav__link">
-        API specification
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../api/controller-options/" class="md-nav__link">
-        Controller Options
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../api/metrics/" class="md-nav__link">
-        Metrics
-      </a>
-    </li>
-  
-
-            
-          
-        </ul>
-      </nav>
-    </li>
-  
-
-            
-          
-        </ul>
-      </nav>
-    </li>
-  
-
-    
-      
-      
-      
-
-  
-  
-  
-    
-    <li class="md-nav__item md-nav__item--nested">
-      
-      
-        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3" data-md-state="indeterminate" type="checkbox" id="__nav_3" checked>
-      
-      
-      
-        
-          
-        
-          
-        
-          
-        
-          
-        
-          
-        
-          
-        
-          
-        
-          
-        
-          
-        
-          
-        
-          
-        
-          
-        
-          
-        
-      
-      
-        <label class="md-nav__link" for="__nav_3">
-          Guides
-          <span class="md-nav__icon md-icon"></span>
-        </label>
-      
-      <nav class="md-nav" aria-label="Guides" data-md-level="1">
-        <label class="md-nav__title" for="__nav_3">
-          <span class="md-nav__icon md-icon"></span>
-          Guides
-        </label>
-        <ul class="md-nav__list" data-md-scrollfix>
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../guides/introduction/" class="md-nav__link">
-        Introduction
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    
-    <li class="md-nav__item md-nav__item--nested">
-      
-      
-        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3_2" data-md-state="indeterminate" type="checkbox" id="__nav_3_2" checked>
-      
-      
-      
-        
-          
-        
-          
-        
-      
-      
-        <label class="md-nav__link" for="__nav_3_2">
-          Advanced Templating
-          <span class="md-nav__icon md-icon"></span>
-        </label>
-      
-      <nav class="md-nav" aria-label="Advanced Templating" data-md-level="2">
-        <label class="md-nav__title" for="__nav_3_2">
-          <span class="md-nav__icon md-icon"></span>
-          Advanced Templating
-        </label>
-        <ul class="md-nav__list" data-md-scrollfix>
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../guides/templating/" class="md-nav__link">
-        v2
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../guides/templating-v1/" class="md-nav__link">
-        v1
-      </a>
-    </li>
-  
-
-            
-          
-        </ul>
-      </nav>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../guides/generator/" class="md-nav__link">
-        Generators
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../guides/all-keys-one-secret/" class="md-nav__link">
-        All keys, One secret
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../guides/common-k8s-secret-types/" class="md-nav__link">
-        Common K8S Secret Types
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../guides/controller-class/" class="md-nav__link">
-        Controller Classes
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../guides/ownership-deletion-policy/" class="md-nav__link">
-        Lifecycle: ownership & deletion
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../guides/decoding-strategy/" class="md-nav__link">
-        Decoding Strategies
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../guides/getallsecrets/" class="md-nav__link">
-        Getting Multiple Secrets
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../guides/multi-tenancy/" class="md-nav__link">
-        Multi Tenancy
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../guides/datafrom-rewrite/" class="md-nav__link">
-        Rewriting Keys
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../guides/v1beta1/" class="md-nav__link">
-        Upgrading to v1beta1
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../guides/using-latest-image/" class="md-nav__link">
-        Using Latest Image
-      </a>
-    </li>
-  
-
-            
-          
-        </ul>
-      </nav>
-    </li>
-  
-
-    
-      
-      
-      
-
-  
-  
-  
-    
-    <li class="md-nav__item md-nav__item--nested">
-      
-      
-        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_4" data-md-state="indeterminate" type="checkbox" id="__nav_4" checked>
-      
-      
-      
-        
-          
-        
-          
-        
-          
-        
-          
-        
-          
-        
-          
-        
-          
-        
-          
-        
-          
-        
-          
-        
-          
-        
-          
-        
-          
-        
-          
-        
-          
-        
-          
-        
-          
-        
-      
-      
-        <label class="md-nav__link" for="__nav_4">
-          Provider
-          <span class="md-nav__icon md-icon"></span>
-        </label>
-      
-      <nav class="md-nav" aria-label="Provider" data-md-level="1">
-        <label class="md-nav__title" for="__nav_4">
-          <span class="md-nav__icon md-icon"></span>
-          Provider
-        </label>
-        <ul class="md-nav__list" data-md-scrollfix>
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../provider/aws-secrets-manager/" class="md-nav__link">
-        AWS Secrets Manager
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../provider/aws-parameter-store/" class="md-nav__link">
-        AWS Parameter Store
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../provider/azure-key-vault/" class="md-nav__link">
-        Azure Key Vault
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../provider/google-secrets-manager/" class="md-nav__link">
-        Google Secret Manager
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../provider/ibm-secrets-manager/" class="md-nav__link">
-        IBM Secrets Manager
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../provider/akeyless/" class="md-nav__link">
-        Akeyless
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../provider/hashicorp-vault/" class="md-nav__link">
-        HashiCorp Vault
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../provider/yandex-certificate-manager/" class="md-nav__link">
-        Yandex Certificate Manager
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../provider/yandex-lockbox/" class="md-nav__link">
-        Yandex Lockbox
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../provider/gitlab-variables/" class="md-nav__link">
-        Gitlab Variables
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../provider/oracle-vault/" class="md-nav__link">
-        Oracle Vault
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../provider/1password-automation/" class="md-nav__link">
-        1Password Secrets Automation
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../provider/webhook/" class="md-nav__link">
-        Webhook
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../provider/fake/" class="md-nav__link">
-        Fake
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../provider/kubernetes/" class="md-nav__link">
-        Kubernetes
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../provider/senhasegura-dsm/" class="md-nav__link">
-        senhasegura DevOps Secrets Management (DSM)
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../provider/doppler/" class="md-nav__link">
-        Doppler
-      </a>
-    </li>
-  
-
-            
-          
-        </ul>
-      </nav>
-    </li>
-  
-
-    
-      
-      
-      
-
-  
-  
-  
-    
-    <li class="md-nav__item md-nav__item--nested">
-      
-      
-        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_5" data-md-state="indeterminate" type="checkbox" id="__nav_5" checked>
-      
-      
-      
-        
-          
-        
-          
-        
-          
-        
-      
-      
-        <label class="md-nav__link" for="__nav_5">
-          Examples
-          <span class="md-nav__icon md-icon"></span>
-        </label>
-      
-      <nav class="md-nav" aria-label="Examples" data-md-level="1">
-        <label class="md-nav__title" for="__nav_5">
-          <span class="md-nav__icon md-icon"></span>
-          Examples
-        </label>
-        <ul class="md-nav__list" data-md-scrollfix>
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../examples/gitops-using-fluxcd/" class="md-nav__link">
-        FluxCD
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../examples/anchore-engine-credentials/" class="md-nav__link">
-        Anchore Engine
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../examples/jenkins-kubernetes-credentials/" class="md-nav__link">
-        Jenkins
-      </a>
-    </li>
-  
-
-            
-          
-        </ul>
-      </nav>
-    </li>
-  
-
-    
-      
-      
-      
-
-  
-  
-  
-    
-    <li class="md-nav__item md-nav__item--nested">
-      
-      
-        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_6" data-md-state="indeterminate" type="checkbox" id="__nav_6" checked>
-      
-      
-      
-        
-          
-        
-          
-        
-      
-      
-        <label class="md-nav__link" for="__nav_6">
-          Community
-          <span class="md-nav__icon md-icon"></span>
-        </label>
-      
-      <nav class="md-nav" aria-label="Community" data-md-level="1">
-        <label class="md-nav__title" for="__nav_6">
-          <span class="md-nav__icon md-icon"></span>
-          Community
-        </label>
-        <ul class="md-nav__list" data-md-scrollfix>
-          
-            
-              
-  
-  
-  
-    
-    <li class="md-nav__item md-nav__item--nested">
-      
-      
-        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_6_1" data-md-state="indeterminate" type="checkbox" id="__nav_6_1" checked>
-      
-      
-      
-        
-          
-        
-          
-        
-          
-        
-          
-        
-          
-        
-      
-      
-        <label class="md-nav__link" for="__nav_6_1">
-          Contributing
-          <span class="md-nav__icon md-icon"></span>
-        </label>
-      
-      <nav class="md-nav" aria-label="Contributing" data-md-level="2">
-        <label class="md-nav__title" for="__nav_6_1">
-          <span class="md-nav__icon md-icon"></span>
-          Contributing
-        </label>
-        <ul class="md-nav__list" data-md-scrollfix>
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../contributing/devguide/" class="md-nav__link">
-        Developer guide
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../contributing/process/" class="md-nav__link">
-        Contributing Process
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../contributing/release/" class="md-nav__link">
-        Release Process
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../contributing/coc/" class="md-nav__link">
-        Code of Conduct
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../contributing/roadmap/" class="md-nav__link">
-        Roadmap
-      </a>
-    </li>
-  
-
-            
-          
-        </ul>
-      </nav>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    
-    <li class="md-nav__item md-nav__item--nested">
-      
-      
-        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_6_2" data-md-state="indeterminate" type="checkbox" id="__nav_6_2" checked>
-      
-      
-      
-        
-          
-        
-          
-        
-          
-        
-      
-      
-        <label class="md-nav__link" for="__nav_6_2">
-          External Resources
-          <span class="md-nav__icon md-icon"></span>
-        </label>
-      
-      <nav class="md-nav" aria-label="External Resources" data-md-level="2">
-        <label class="md-nav__title" for="__nav_6_2">
-          <span class="md-nav__icon md-icon"></span>
-          External Resources
-        </label>
-        <ul class="md-nav__list" data-md-scrollfix>
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../eso-talks/" class="md-nav__link">
-        Talks
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../eso-demos/" class="md-nav__link">
-        Demos
-      </a>
-    </li>
-  
-
-            
-          
-            
-              
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="../eso-blogs/" class="md-nav__link">
-        Blogs
-      </a>
-    </li>
-  
-
-            
-          
-        </ul>
-      </nav>
-    </li>
-  
-
-            
-          
-        </ul>
-      </nav>
-    </li>
-  
-
-    
-  </ul>
-</nav>
-                  </div>
-                </div>
-              </div>
-            
-            
-          
-          <div class="md-content" data-md-component="content">
-            <article class="md-content__inner md-typeset">
-              
-                
-<a href="https://github.com/external-secrets/external-secrets/edit/main/docs/spec.md" title="Edit this page" class="md-content__button md-icon">
-  <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20.71 7.04c.39-.39.39-1.04 0-1.41l-2.34-2.34c-.37-.39-1.02-.39-1.41 0l-1.84 1.83 3.75 3.75M3 17.25V21h3.75L17.81 9.93l-3.75-3.75L3 17.25z"/></svg>
-</a>
-
-
-  <h1>Spec</h1>
-
-<p>Packages:</p>
-<ul>
-<li>
-<a href="#external-secrets.io%2fv1beta1">external-secrets.io/v1beta1</a>
-</li>
-</ul>
-<h2 id="external-secrets.io/v1beta1">external-secrets.io/v1beta1</h2>
-<p>
-<p>Package v1beta1 contains resources for external-secrets</p>
-</p>
-<p>Resource Types:</p>
-<ul></ul>
-<h3 id="external-secrets.io/v1beta1.AWSAuth">AWSAuth
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.AWSProvider">AWSProvider</a>)
-</p>
-<p>
-<p>AWSAuth tells the controller how to do authentication with aws.
-Only one of secretRef or jwt can be specified.
-if none is specified the controller will load credentials using the aws sdk defaults.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>secretRef</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.AWSAuthSecretRef">
-AWSAuthSecretRef
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-</td>
-</tr>
-<tr>
-<td>
-<code>jwt</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.AWSJWTAuth">
-AWSJWTAuth
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.AWSAuthSecretRef">AWSAuthSecretRef
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.AWSAuth">AWSAuth</a>)
-</p>
-<p>
-<p>AWSAuthSecretRef holds secret references for AWS credentials
-both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>accessKeyIDSecretRef</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
-</em>
-</td>
-<td>
-<p>The AccessKeyID is used for authentication</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>secretAccessKeySecretRef</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
-</em>
-</td>
-<td>
-<p>The SecretAccessKey is used for authentication</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>sessionTokenSecretRef</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
-</em>
-</td>
-<td>
-<p>The SessionToken used for authentication
-This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
-see: <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html">https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html</a></p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.AWSJWTAuth">AWSJWTAuth
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.AWSAuth">AWSAuth</a>)
-</p>
-<p>
-<p>Authenticate against AWS using service account tokens.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>serviceAccountRef</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.ServiceAccountSelector
-</em>
-</td>
-<td>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.AWSProvider">AWSProvider
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.SecretStoreProvider">SecretStoreProvider</a>)
-</p>
-<p>
-<p>AWSProvider configures a store to sync secrets with AWS.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>service</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.AWSServiceType">
-AWSServiceType
-</a>
-</em>
-</td>
-<td>
-<p>Service defines which service should be used to fetch the secrets</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>auth</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.AWSAuth">
-AWSAuth
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Auth defines the information necessary to authenticate against AWS
-if not set aws sdk will infer credentials from your environment
-see: <a href="https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials">https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials</a></p>
-</td>
-</tr>
-<tr>
-<td>
-<code>role</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Role is a Role ARN which the SecretManager provider will assume</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>region</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>AWS Region to be used for the provider</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.AWSServiceType">AWSServiceType
-(<code>string</code> alias)</p></h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.AWSProvider">AWSProvider</a>)
-</p>
-<p>
-<p>AWSServiceType is a enum that defines the service/API that is used to fetch the secrets.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Value</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody><tr><td><p>&#34;ParameterStore&#34;</p></td>
-<td><p>AWSServiceParameterStore is the AWS SystemsManager ParameterStore.
-see: <a href="https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html">https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html</a></p>
-</td>
-</tr><tr><td><p>&#34;SecretsManager&#34;</p></td>
-<td><p>AWSServiceSecretsManager is the AWS SecretsManager.
-see: <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html">https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html</a></p>
-</td>
-</tr></tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.AkeylessAuth">AkeylessAuth
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.AkeylessProvider">AkeylessProvider</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>secretRef</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.AkeylessAuthSecretRef">
-AkeylessAuthSecretRef
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Reference to a Secret that contains the details
-to authenticate with Akeyless.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>kubernetesAuth</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.AkeylessKubernetesAuth">
-AkeylessKubernetesAuth
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Kubernetes authenticates with Akeyless by passing the ServiceAccount
-token stored in the named Secret resource.</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.AkeylessAuthSecretRef">AkeylessAuthSecretRef
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.AkeylessAuth">AkeylessAuth</a>)
-</p>
-<p>
-<p>AkeylessAuthSecretRef
-AKEYLESS_ACCESS_TYPE_PARAM: AZURE_OBJ_ID OR GCP_AUDIENCE OR ACCESS_KEY OR KUB_CONFIG_NAME.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>accessID</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
-</em>
-</td>
-<td>
-<p>The SecretAccessID is used for authentication</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>accessType</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
-</em>
-</td>
-<td>
-</td>
-</tr>
-<tr>
-<td>
-<code>accessTypeParam</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
-</em>
-</td>
-<td>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.AkeylessKubernetesAuth">AkeylessKubernetesAuth
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.AkeylessAuth">AkeylessAuth</a>)
-</p>
-<p>
-<p>Authenticate with Kubernetes ServiceAccount token stored.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>accessID</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>the Akeyless Kubernetes auth-method access-id</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>k8sConfName</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>Kubernetes-auth configuration name in Akeyless-Gateway</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>serviceAccountRef</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.ServiceAccountSelector
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Optional service account field containing the name of a kubernetes ServiceAccount.
-If the service account is specified, the service account secret token JWT will be used
-for authenticating with Akeyless. If the service account selector is not supplied,
-the secretRef will be used instead.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>secretRef</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Optional secret field containing a Kubernetes ServiceAccount JWT used
-for authenticating with Akeyless. If a name is specified without a key,
-<code>token</code> is the default. If one is not specified, the one bound to
-the controller will be used.</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.AkeylessProvider">AkeylessProvider
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.SecretStoreProvider">SecretStoreProvider</a>)
-</p>
-<p>
-<p>AkeylessProvider Configures an store to sync secrets using Akeyless KV.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>akeylessGWApiURL</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>Akeyless GW API Url from which the secrets to be fetched from.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>authSecretRef</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.AkeylessAuth">
-AkeylessAuth
-</a>
-</em>
-</td>
-<td>
-<p>Auth configures how the operator authenticates with Akeyless.</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.AlibabaAuth">AlibabaAuth
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.AlibabaProvider">AlibabaProvider</a>)
-</p>
-<p>
-<p>AlibabaAuth contains a secretRef for credentials.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>secretRef</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.AlibabaAuthSecretRef">
-AlibabaAuthSecretRef
-</a>
-</em>
-</td>
-<td>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.AlibabaAuthSecretRef">AlibabaAuthSecretRef
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.AlibabaAuth">AlibabaAuth</a>)
-</p>
-<p>
-<p>AlibabaAuthSecretRef holds secret references for Alibaba credentials.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>accessKeyIDSecretRef</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
-</em>
-</td>
-<td>
-<p>The AccessKeyID is used for authentication</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>accessKeySecretSecretRef</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
-</em>
-</td>
-<td>
-<p>The AccessKeySecret is used for authentication</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.AlibabaProvider">AlibabaProvider
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.SecretStoreProvider">SecretStoreProvider</a>)
-</p>
-<p>
-<p>AlibabaProvider configures a store to sync secrets using the Alibaba Secret Manager provider.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>auth</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.AlibabaAuth">
-AlibabaAuth
-</a>
-</em>
-</td>
-<td>
-</td>
-</tr>
-<tr>
-<td>
-<code>endpoint</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-</td>
-</tr>
-<tr>
-<td>
-<code>regionID</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>Alibaba Region to be used for the provider</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.AzureAuthType">AzureAuthType
-(<code>string</code> alias)</p></h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.AzureKVProvider">AzureKVProvider</a>)
-</p>
-<p>
-<p>AuthType describes how to authenticate to the Azure Keyvault
-Only one of the following auth types may be specified.
-If none of the following auth type is specified, the default one
-is ServicePrincipal.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Value</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody><tr><td><p>&#34;ManagedIdentity&#34;</p></td>
-<td><p>Using Managed Identity to authenticate. Used with aad-pod-identity installed in the cluster.</p>
-</td>
-</tr><tr><td><p>&#34;ServicePrincipal&#34;</p></td>
-<td><p>Using service principal to authenticate, which needs a tenantId, a clientId and a clientSecret.</p>
-</td>
-</tr><tr><td><p>&#34;WorkloadIdentity&#34;</p></td>
-<td><p>Using Workload Identity service accounts to authenticate.</p>
-</td>
-</tr></tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.AzureEnvironmentType">AzureEnvironmentType
-(<code>string</code> alias)</p></h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.AzureKVProvider">AzureKVProvider</a>)
-</p>
-<p>
-<p>AzureEnvironmentType specifies the Azure cloud environment endpoints to use for
-connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint.
-The following endpoints are available, also see here: <a href="https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152">https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152</a>
-PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Value</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody><tr><td><p>&#34;ChinaCloud&#34;</p></td>
-<td></td>
-</tr><tr><td><p>&#34;GermanCloud&#34;</p></td>
-<td></td>
-</tr><tr><td><p>&#34;PublicCloud&#34;</p></td>
-<td></td>
-</tr><tr><td><p>&#34;USGovernmentCloud&#34;</p></td>
-<td></td>
-</tr></tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.AzureKVAuth">AzureKVAuth
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.AzureKVProvider">AzureKVProvider</a>)
-</p>
-<p>
-<p>Configuration used to authenticate with Azure.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>clientId</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>The Azure clientId of the service principle used for authentication.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>clientSecret</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>The Azure ClientSecret of the service principle used for authentication.</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.AzureKVProvider">AzureKVProvider
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.SecretStoreProvider">SecretStoreProvider</a>)
-</p>
-<p>
-<p>Configures an store to sync secrets using Azure KV.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>authType</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.AzureAuthType">
-AzureAuthType
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Auth type defines how to authenticate to the keyvault service.
-Valid values are:
-- &ldquo;ServicePrincipal&rdquo; (default): Using a service principal (tenantId, clientId, clientSecret)
-- &ldquo;ManagedIdentity&rdquo;: Using Managed Identity assigned to the pod (see aad-pod-identity)</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>vaultUrl</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>Vault Url from which the secrets to be fetched from.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>tenantId</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>TenantID configures the Azure Tenant to send requests to. Required for ServicePrincipal auth type.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>environmentType</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.AzureEnvironmentType">
-AzureEnvironmentType
-</a>
-</em>
-</td>
-<td>
-<p>EnvironmentType specifies the Azure cloud environment endpoints to use for
-connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint.
-The following endpoints are available, also see here: <a href="https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152">https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152</a>
-PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>authSecretRef</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.AzureKVAuth">
-AzureKVAuth
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>serviceAccountRef</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.ServiceAccountSelector
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>ServiceAccountRef specified the service account
-that should be used when authenticating with WorkloadIdentity.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>identityId</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>If multiple Managed Identity is assigned to the pod, you can select the one to be used</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.CAProvider">CAProvider
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.KubernetesServer">KubernetesServer</a>, 
-<a href="#external-secrets.io/v1beta1.VaultProvider">VaultProvider</a>)
-</p>
-<p>
-<p>Used to provide custom certificate authority (CA) certificates
-for a secret store. The CAProvider points to a Secret or ConfigMap resource
-that contains a PEM-encoded certificate.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>type</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.CAProviderType">
-CAProviderType
-</a>
-</em>
-</td>
-<td>
-<p>The type of provider to use such as &ldquo;Secret&rdquo;, or &ldquo;ConfigMap&rdquo;.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>name</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>The name of the object located at the provider type.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>key</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>The key where the CA certificate can be found in the Secret or ConfigMap.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>namespace</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>The namespace the Provider type is in.
-Can only be defined when used in a ClusterSecretStore.</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.CAProviderType">CAProviderType
-(<code>string</code> alias)</p></h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.CAProvider">CAProvider</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Value</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody><tr><td><p>&#34;ConfigMap&#34;</p></td>
-<td></td>
-</tr><tr><td><p>&#34;Secret&#34;</p></td>
-<td></td>
-</tr></tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.CertAuth">CertAuth
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.KubernetesAuth">KubernetesAuth</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>clientCert</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
-</em>
-</td>
-<td>
-</td>
-</tr>
-<tr>
-<td>
-<code>clientKey</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
-</em>
-</td>
-<td>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.ClusterExternalSecret">ClusterExternalSecret
-</h3>
-<p>
-<p>ClusterExternalSecret is the Schema for the clusterexternalsecrets API.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>metadata</code></br>
-<em>
-<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta">
-Kubernetes meta/v1.ObjectMeta
-</a>
-</em>
-</td>
-<td>
-Refer to the Kubernetes API documentation for the fields of the
-<code>metadata</code> field.
-</td>
-</tr>
-<tr>
-<td>
-<code>spec</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.ClusterExternalSecretSpec">
-ClusterExternalSecretSpec
-</a>
-</em>
-</td>
-<td>
-<br/>
-<br/>
-<table>
-<tr>
-<td>
-<code>externalSecretSpec</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretSpec">
-ExternalSecretSpec
-</a>
-</em>
-</td>
-<td>
-<p>The spec for the ExternalSecrets to be created</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>externalSecretName</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>The name of the external secrets to be created defaults to the name of the ClusterExternalSecret</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>namespaceSelector</code></br>
-<em>
-<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#labelselector-v1-meta">
-Kubernetes meta/v1.LabelSelector
-</a>
-</em>
-</td>
-<td>
-<p>The labels to select by to find the Namespaces to create the ExternalSecrets in.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>refreshTime</code></br>
-<em>
-<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#duration-v1-meta">
-Kubernetes meta/v1.Duration
-</a>
-</em>
-</td>
-<td>
-<p>The time in which the controller should reconcile it&rsquo;s objects and recheck namespaces for labels.</p>
-</td>
-</tr>
-</table>
-</td>
-</tr>
-<tr>
-<td>
-<code>status</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.ClusterExternalSecretStatus">
-ClusterExternalSecretStatus
-</a>
-</em>
-</td>
-<td>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.ClusterExternalSecretConditionType">ClusterExternalSecretConditionType
-(<code>string</code> alias)</p></h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.ClusterExternalSecretStatusCondition">ClusterExternalSecretStatusCondition</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Value</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody><tr><td><p>&#34;NotReady&#34;</p></td>
-<td></td>
-</tr><tr><td><p>&#34;PartiallyReady&#34;</p></td>
-<td></td>
-</tr><tr><td><p>&#34;Ready&#34;</p></td>
-<td></td>
-</tr></tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.ClusterExternalSecretNamespaceFailure">ClusterExternalSecretNamespaceFailure
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.ClusterExternalSecretStatus">ClusterExternalSecretStatus</a>)
-</p>
-<p>
-<p>ClusterExternalSecretNamespaceFailure represents a failed namespace deployment and it&rsquo;s reason.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>namespace</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>Namespace is the namespace that failed when trying to apply an ExternalSecret</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>reason</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Reason is why the ExternalSecret failed to apply to the namespace</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.ClusterExternalSecretSpec">ClusterExternalSecretSpec
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.ClusterExternalSecret">ClusterExternalSecret</a>)
-</p>
-<p>
-<p>ClusterExternalSecretSpec defines the desired state of ClusterExternalSecret.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>externalSecretSpec</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretSpec">
-ExternalSecretSpec
-</a>
-</em>
-</td>
-<td>
-<p>The spec for the ExternalSecrets to be created</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>externalSecretName</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>The name of the external secrets to be created defaults to the name of the ClusterExternalSecret</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>namespaceSelector</code></br>
-<em>
-<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#labelselector-v1-meta">
-Kubernetes meta/v1.LabelSelector
-</a>
-</em>
-</td>
-<td>
-<p>The labels to select by to find the Namespaces to create the ExternalSecrets in.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>refreshTime</code></br>
-<em>
-<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#duration-v1-meta">
-Kubernetes meta/v1.Duration
-</a>
-</em>
-</td>
-<td>
-<p>The time in which the controller should reconcile it&rsquo;s objects and recheck namespaces for labels.</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.ClusterExternalSecretStatus">ClusterExternalSecretStatus
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.ClusterExternalSecret">ClusterExternalSecret</a>)
-</p>
-<p>
-<p>ClusterExternalSecretStatus defines the observed state of ClusterExternalSecret.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>failedNamespaces</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.ClusterExternalSecretNamespaceFailure">
-[]ClusterExternalSecretNamespaceFailure
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Failed namespaces are the namespaces that failed to apply an ExternalSecret</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>provisionedNamespaces</code></br>
-<em>
-[]string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>ProvisionedNamespaces are the namespaces where the ClusterExternalSecret has secrets</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>conditions</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.ClusterExternalSecretStatusCondition">
-[]ClusterExternalSecretStatusCondition
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.ClusterExternalSecretStatusCondition">ClusterExternalSecretStatusCondition
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.ClusterExternalSecretStatus">ClusterExternalSecretStatus</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>type</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.ClusterExternalSecretConditionType">
-ClusterExternalSecretConditionType
-</a>
-</em>
-</td>
-<td>
-</td>
-</tr>
-<tr>
-<td>
-<code>status</code></br>
-<em>
-<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#conditionstatus-v1-core">
-Kubernetes core/v1.ConditionStatus
-</a>
-</em>
-</td>
-<td>
-</td>
-</tr>
-<tr>
-<td>
-<code>message</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.ClusterSecretStore">ClusterSecretStore
-</h3>
-<p>
-<p>ClusterSecretStore represents a secure external location for storing secrets, which can be referenced as part of <code>storeRef</code> fields.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>metadata</code></br>
-<em>
-<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta">
-Kubernetes meta/v1.ObjectMeta
-</a>
-</em>
-</td>
-<td>
-Refer to the Kubernetes API documentation for the fields of the
-<code>metadata</code> field.
-</td>
-</tr>
-<tr>
-<td>
-<code>spec</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.SecretStoreSpec">
-SecretStoreSpec
-</a>
-</em>
-</td>
-<td>
-<br/>
-<br/>
-<table>
-<tr>
-<td>
-<code>controller</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Used to select the correct KES controller (think: ingress.ingressClassName)
-The KES controller is instantiated with a specific controller name and filters ES based on this property</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>provider</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.SecretStoreProvider">
-SecretStoreProvider
-</a>
-</em>
-</td>
-<td>
-<p>Used to configure the provider. Only one provider may be set</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>retrySettings</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.SecretStoreRetrySettings">
-SecretStoreRetrySettings
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Used to configure http retries if failed</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>refreshInterval</code></br>
-<em>
-int
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Used to configure store refresh interval in seconds. Empty or 0 will default to the controller config.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>conditions</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.ClusterSecretStoreCondition">
-[]ClusterSecretStoreCondition
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Used to constraint a ClusterSecretStore to specific namespaces. Relevant only to ClusterSecretStore</p>
-</td>
-</tr>
-</table>
-</td>
-</tr>
-<tr>
-<td>
-<code>status</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.SecretStoreStatus">
-SecretStoreStatus
-</a>
-</em>
-</td>
-<td>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.ClusterSecretStoreCondition">ClusterSecretStoreCondition
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.SecretStoreSpec">SecretStoreSpec</a>)
-</p>
-<p>
-<p>ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in
-for a ClusterSecretStore instance.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>namespaceSelector</code></br>
-<em>
-<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#labelselector-v1-meta">
-Kubernetes meta/v1.LabelSelector
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Choose namespace using a labelSelector</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>namespaces</code></br>
-<em>
-[]string
-</em>
-</td>
-<td>
-<p>Choose namespaces by name</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.DopplerAuth">DopplerAuth
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.DopplerProvider">DopplerProvider</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>secretRef</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.DopplerAuthSecretRef">
-DopplerAuthSecretRef
-</a>
-</em>
-</td>
-<td>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.DopplerAuthSecretRef">DopplerAuthSecretRef
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.DopplerAuth">DopplerAuth</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>dopplerToken</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
-</em>
-</td>
-<td>
-<p>The DopplerToken is used for authentication.
-See <a href="https://docs.doppler.com/reference/api#authentication">https://docs.doppler.com/reference/api#authentication</a> for auth token types.
-The Key attribute defaults to dopplerToken if not specified.</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.DopplerProvider">DopplerProvider
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.SecretStoreProvider">SecretStoreProvider</a>)
-</p>
-<p>
-<p>DopplerProvider configures a store to sync secrets using the Doppler provider.
-Project and Config are required if not using a Service Token.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>auth</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.DopplerAuth">
-DopplerAuth
-</a>
-</em>
-</td>
-<td>
-<p>Auth configures how the Operator authenticates with the Doppler API</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>project</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Doppler project (required if not using a Service Token)</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>config</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Doppler config (required if not using a Service Token)</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>nameTransformer</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Environment variable compatible name transforms that change secret names to a different format</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>format</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Format enables the downloading of secrets as a file (string)</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.ExternalSecret">ExternalSecret
-</h3>
-<p>
-<p>ExternalSecret is the Schema for the external-secrets API.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>metadata</code></br>
-<em>
-<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta">
-Kubernetes meta/v1.ObjectMeta
-</a>
-</em>
-</td>
-<td>
-Refer to the Kubernetes API documentation for the fields of the
-<code>metadata</code> field.
-</td>
-</tr>
-<tr>
-<td>
-<code>spec</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretSpec">
-ExternalSecretSpec
-</a>
-</em>
-</td>
-<td>
-<br/>
-<br/>
-<table>
-<tr>
-<td>
-<code>secretStoreRef</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.SecretStoreRef">
-SecretStoreRef
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-</td>
-</tr>
-<tr>
-<td>
-<code>target</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretTarget">
-ExternalSecretTarget
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-</td>
-</tr>
-<tr>
-<td>
-<code>refreshInterval</code></br>
-<em>
-<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#duration-v1-meta">
-Kubernetes meta/v1.Duration
-</a>
-</em>
-</td>
-<td>
-<p>RefreshInterval is the amount of time before the values are read again from the SecretStore provider
-Valid time units are &ldquo;ns&rdquo;, &ldquo;us&rdquo; (or &ldquo;µs&rdquo;), &ldquo;ms&rdquo;, &ldquo;s&rdquo;, &ldquo;m&rdquo;, &ldquo;h&rdquo;
-May be set to zero to fetch and create it once. Defaults to 1h.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>data</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretData">
-[]ExternalSecretData
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Data defines the connection between the Kubernetes Secret keys and the Provider data</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>dataFrom</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretDataFromRemoteRef">
-[]ExternalSecretDataFromRemoteRef
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>DataFrom is used to fetch all properties from a specific Provider data
-If multiple entries are specified, the Secret keys are merged in the specified order</p>
-</td>
-</tr>
-</table>
-</td>
-</tr>
-<tr>
-<td>
-<code>status</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretStatus">
-ExternalSecretStatus
-</a>
-</em>
-</td>
-<td>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.ExternalSecretConditionType">ExternalSecretConditionType
-(<code>string</code> alias)</p></h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretStatusCondition">ExternalSecretStatusCondition</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Value</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody><tr><td><p>&#34;Deleted&#34;</p></td>
-<td></td>
-</tr><tr><td><p>&#34;Ready&#34;</p></td>
-<td></td>
-</tr></tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.ExternalSecretConversionStrategy">ExternalSecretConversionStrategy
-(<code>string</code> alias)</p></h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretDataRemoteRef">ExternalSecretDataRemoteRef</a>, 
-<a href="#external-secrets.io/v1beta1.ExternalSecretFind">ExternalSecretFind</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Value</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody><tr><td><p>&#34;Default&#34;</p></td>
-<td></td>
-</tr><tr><td><p>&#34;Unicode&#34;</p></td>
-<td></td>
-</tr></tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.ExternalSecretCreationPolicy">ExternalSecretCreationPolicy
-(<code>string</code> alias)</p></h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretTarget">ExternalSecretTarget</a>)
-</p>
-<p>
-<p>ExternalSecretCreationPolicy defines rules on how to create the resulting Secret.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Value</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody><tr><td><p>&#34;Merge&#34;</p></td>
-<td><p>Merge does not create the Secret, but merges the data fields to the Secret.</p>
-</td>
-</tr><tr><td><p>&#34;None&#34;</p></td>
-<td><p>None does not create a Secret (future use with injector).</p>
-</td>
-</tr><tr><td><p>&#34;Orphan&#34;</p></td>
-<td><p>Orphan creates the Secret and does not set the ownerReference.
-I.e. it will be orphaned after the deletion of the ExternalSecret.</p>
-</td>
-</tr><tr><td><p>&#34;Owner&#34;</p></td>
-<td><p>Owner creates the Secret and sets .metadata.ownerReferences to the ExternalSecret resource.</p>
-</td>
-</tr></tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.ExternalSecretData">ExternalSecretData
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretSpec">ExternalSecretSpec</a>)
-</p>
-<p>
-<p>ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.<key>) and the Provider data.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>secretKey</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>SecretKey defines the key in which the controller stores
-the value. This is the key in the Kind=Secret</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>remoteRef</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretDataRemoteRef">
-ExternalSecretDataRemoteRef
-</a>
-</em>
-</td>
-<td>
-<p>RemoteRef points to the remote secret and defines
-which secret (version/property/..) to fetch.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>sourceRef</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.SourceRef">
-SourceRef
-</a>
-</em>
-</td>
-<td>
-<p>SourceRef allows you to override the source
-from which the value will pulled from.</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.ExternalSecretDataFromRemoteRef">ExternalSecretDataFromRemoteRef
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretSpec">ExternalSecretSpec</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>extract</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretDataRemoteRef">
-ExternalSecretDataRemoteRef
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Used to extract multiple key/value pairs from one secret
-Note: Extract does not support sourceRef.Generator or sourceRef.GeneratorRef.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>find</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretFind">
-ExternalSecretFind
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Used to find secrets based on tags or regular expressions
-Note: Find does not support sourceRef.Generator or sourceRef.GeneratorRef.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>rewrite</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretRewrite">
-[]ExternalSecretRewrite
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Used to rewrite secret Keys after getting them from the secret Provider
-Multiple Rewrite operations can be provided. They are applied in a layered order (first to last)</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>sourceRef</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.SourceRef">
-SourceRef
-</a>
-</em>
-</td>
-<td>
-<p>SourceRef points to a store or generator
-which contains secret values ready to use.
-Use this in combination with Extract or Find pull values out of
-a specific SecretStore.
-When sourceRef points to a generator Extract or Find is not supported.
-The generator returns a static map of values</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.ExternalSecretDataRemoteRef">ExternalSecretDataRemoteRef
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretData">ExternalSecretData</a>, 
-<a href="#external-secrets.io/v1beta1.ExternalSecretDataFromRemoteRef">ExternalSecretDataFromRemoteRef</a>)
-</p>
-<p>
-<p>ExternalSecretDataRemoteRef defines Provider data location.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>key</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>Key is the key used in the Provider, mandatory</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>metadataPolicy</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretMetadataPolicy">
-ExternalSecretMetadataPolicy
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Policy for fetching tags/labels from provider secrets, possible options are Fetch, None. Defaults to None</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>property</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Used to select a specific property of the Provider value (if a map), if supported</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>version</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Used to select a specific version of the Provider value, if supported</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>conversionStrategy</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretConversionStrategy">
-ExternalSecretConversionStrategy
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Used to define a conversion Strategy</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>decodingStrategy</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretDecodingStrategy">
-ExternalSecretDecodingStrategy
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Used to define a decoding Strategy</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.ExternalSecretDecodingStrategy">ExternalSecretDecodingStrategy
-(<code>string</code> alias)</p></h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretDataRemoteRef">ExternalSecretDataRemoteRef</a>, 
-<a href="#external-secrets.io/v1beta1.ExternalSecretFind">ExternalSecretFind</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Value</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody><tr><td><p>&#34;Auto&#34;</p></td>
-<td></td>
-</tr><tr><td><p>&#34;Base64&#34;</p></td>
-<td></td>
-</tr><tr><td><p>&#34;Base64URL&#34;</p></td>
-<td></td>
-</tr><tr><td><p>&#34;None&#34;</p></td>
-<td></td>
-</tr></tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.ExternalSecretDeletionPolicy">ExternalSecretDeletionPolicy
-(<code>string</code> alias)</p></h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretTarget">ExternalSecretTarget</a>)
-</p>
-<p>
-<p>ExternalSecretDeletionPolicy defines rules on how to delete the resulting Secret.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Value</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody><tr><td><p>&#34;Delete&#34;</p></td>
-<td><p>Delete deletes the secret if all provider secrets are deleted.
-If a secret gets deleted on the provider side and is not accessible
-anymore this is not considered an error and the ExternalSecret
-does not go into SecretSyncedError status.</p>
-</td>
-</tr><tr><td><p>&#34;Merge&#34;</p></td>
-<td><p>Merge removes keys in the secret, but not the secret itself.
-If a secret gets deleted on the provider side and is not accessible
-anymore this is not considered an error and the ExternalSecret
-does not go into SecretSyncedError status.</p>
-</td>
-</tr><tr><td><p>&#34;Retain&#34;</p></td>
-<td><p>Retain will retain the secret if all provider secrets have been deleted.
-If a provider secret does not exist the ExternalSecret gets into the
-SecretSyncedError status.</p>
-</td>
-</tr></tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.ExternalSecretFind">ExternalSecretFind
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretDataFromRemoteRef">ExternalSecretDataFromRemoteRef</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>path</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>A root path to start the find operations.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>name</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.FindName">
-FindName
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Finds secrets based on the name.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>tags</code></br>
-<em>
-map[string]string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Find secrets based on tags.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>conversionStrategy</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretConversionStrategy">
-ExternalSecretConversionStrategy
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Used to define a conversion Strategy</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>decodingStrategy</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretDecodingStrategy">
-ExternalSecretDecodingStrategy
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Used to define a decoding Strategy</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.ExternalSecretMetadataPolicy">ExternalSecretMetadataPolicy
-(<code>string</code> alias)</p></h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretDataRemoteRef">ExternalSecretDataRemoteRef</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Value</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody><tr><td><p>&#34;Fetch&#34;</p></td>
-<td></td>
-</tr><tr><td><p>&#34;None&#34;</p></td>
-<td></td>
-</tr></tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.ExternalSecretRewrite">ExternalSecretRewrite
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretDataFromRemoteRef">ExternalSecretDataFromRemoteRef</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>regexp</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretRewriteRegexp">
-ExternalSecretRewriteRegexp
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Used to rewrite with regular expressions.
-The resulting key will be the output of a regexp.ReplaceAll operation.</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.ExternalSecretRewriteRegexp">ExternalSecretRewriteRegexp
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretRewrite">ExternalSecretRewrite</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>source</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>Used to define the regular expression of a re.Compiler.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>target</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>Used to define the target pattern of a ReplaceAll operation.</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.ExternalSecretSpec">ExternalSecretSpec
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.ClusterExternalSecretSpec">ClusterExternalSecretSpec</a>, 
-<a href="#external-secrets.io/v1beta1.ExternalSecret">ExternalSecret</a>)
-</p>
-<p>
-<p>ExternalSecretSpec defines the desired state of ExternalSecret.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>secretStoreRef</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.SecretStoreRef">
-SecretStoreRef
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-</td>
-</tr>
-<tr>
-<td>
-<code>target</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretTarget">
-ExternalSecretTarget
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-</td>
-</tr>
-<tr>
-<td>
-<code>refreshInterval</code></br>
-<em>
-<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#duration-v1-meta">
-Kubernetes meta/v1.Duration
-</a>
-</em>
-</td>
-<td>
-<p>RefreshInterval is the amount of time before the values are read again from the SecretStore provider
-Valid time units are &ldquo;ns&rdquo;, &ldquo;us&rdquo; (or &ldquo;µs&rdquo;), &ldquo;ms&rdquo;, &ldquo;s&rdquo;, &ldquo;m&rdquo;, &ldquo;h&rdquo;
-May be set to zero to fetch and create it once. Defaults to 1h.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>data</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretData">
-[]ExternalSecretData
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Data defines the connection between the Kubernetes Secret keys and the Provider data</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>dataFrom</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretDataFromRemoteRef">
-[]ExternalSecretDataFromRemoteRef
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>DataFrom is used to fetch all properties from a specific Provider data
-If multiple entries are specified, the Secret keys are merged in the specified order</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.ExternalSecretStatus">ExternalSecretStatus
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.ExternalSecret">ExternalSecret</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>refreshTime</code></br>
-<em>
-<a href="https://godoc.org/k8s.io/apimachinery/pkg/apis/meta/v1#Time">
-Kubernetes meta/v1.Time
-</a>
-</em>
-</td>
-<td>
-<p>refreshTime is the time and date the external secret was fetched and
-the target secret updated</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>syncedResourceVersion</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>SyncedResourceVersion keeps track of the last synced version</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>conditions</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretStatusCondition">
-[]ExternalSecretStatusCondition
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.ExternalSecretStatusCondition">ExternalSecretStatusCondition
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretStatus">ExternalSecretStatus</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>type</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretConditionType">
-ExternalSecretConditionType
-</a>
-</em>
-</td>
-<td>
-</td>
-</tr>
-<tr>
-<td>
-<code>status</code></br>
-<em>
-<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#conditionstatus-v1-core">
-Kubernetes core/v1.ConditionStatus
-</a>
-</em>
-</td>
-<td>
-</td>
-</tr>
-<tr>
-<td>
-<code>reason</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-</td>
-</tr>
-<tr>
-<td>
-<code>message</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-</td>
-</tr>
-<tr>
-<td>
-<code>lastTransitionTime</code></br>
-<em>
-<a href="https://godoc.org/k8s.io/apimachinery/pkg/apis/meta/v1#Time">
-Kubernetes meta/v1.Time
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.ExternalSecretTarget">ExternalSecretTarget
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretSpec">ExternalSecretSpec</a>)
-</p>
-<p>
-<p>ExternalSecretTarget defines the Kubernetes Secret to be created
-There can be only one target per ExternalSecret.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>name</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Name defines the name of the Secret resource to be managed
-This field is immutable
-Defaults to the .metadata.name of the ExternalSecret resource</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>creationPolicy</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretCreationPolicy">
-ExternalSecretCreationPolicy
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>CreationPolicy defines rules on how to create the resulting Secret
-Defaults to &lsquo;Owner&rsquo;</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>deletionPolicy</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretDeletionPolicy">
-ExternalSecretDeletionPolicy
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>DeletionPolicy defines rules on how to delete the resulting Secret
-Defaults to &lsquo;Retain&rsquo;</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>template</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretTemplate">
-ExternalSecretTemplate
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Template defines a blueprint for the created Secret resource.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>immutable</code></br>
-<em>
-bool
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Immutable defines if the final secret will be immutable</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.ExternalSecretTemplate">ExternalSecretTemplate
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretTarget">ExternalSecretTarget</a>)
-</p>
-<p>
-<p>ExternalSecretTemplate defines a blueprint for the created Secret resource.
-we can not use native corev1.Secret, it will have empty ObjectMeta values: <a href="https://github.com/kubernetes-sigs/controller-tools/issues/448">https://github.com/kubernetes-sigs/controller-tools/issues/448</a></p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>type</code></br>
-<em>
-<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#secrettype-v1-core">
-Kubernetes core/v1.SecretType
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-</td>
-</tr>
-<tr>
-<td>
-<code>engineVersion</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.TemplateEngineVersion">
-TemplateEngineVersion
-</a>
-</em>
-</td>
-<td>
-</td>
-</tr>
-<tr>
-<td>
-<code>metadata</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretTemplateMetadata">
-ExternalSecretTemplateMetadata
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-</td>
-</tr>
-<tr>
-<td>
-<code>data</code></br>
-<em>
-map[string]string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-</td>
-</tr>
-<tr>
-<td>
-<code>templateFrom</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.TemplateFrom">
-[]TemplateFrom
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.ExternalSecretTemplateMetadata">ExternalSecretTemplateMetadata
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretTemplate">ExternalSecretTemplate</a>)
-</p>
-<p>
-<p>ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>annotations</code></br>
-<em>
-map[string]string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-</td>
-</tr>
-<tr>
-<td>
-<code>labels</code></br>
-<em>
-map[string]string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.ExternalSecretValidator">ExternalSecretValidator
-</h3>
-<p>
-</p>
-<h3 id="external-secrets.io/v1beta1.FakeProvider">FakeProvider
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.SecretStoreProvider">SecretStoreProvider</a>)
-</p>
-<p>
-<p>FakeProvider configures a fake provider that returns static values.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>data</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.FakeProviderData">
-[]FakeProviderData
-</a>
-</em>
-</td>
-<td>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.FakeProviderData">FakeProviderData
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.FakeProvider">FakeProvider</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>key</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-</td>
-</tr>
-<tr>
-<td>
-<code>value</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-</td>
-</tr>
-<tr>
-<td>
-<code>valueMap</code></br>
-<em>
-map[string]string
-</em>
-</td>
-<td>
-</td>
-</tr>
-<tr>
-<td>
-<code>version</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.FindName">FindName
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretFind">ExternalSecretFind</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>regexp</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Finds secrets base</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.GCPSMAuth">GCPSMAuth
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.GCPSMProvider">GCPSMProvider</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>secretRef</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.GCPSMAuthSecretRef">
-GCPSMAuthSecretRef
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-</td>
-</tr>
-<tr>
-<td>
-<code>workloadIdentity</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.GCPWorkloadIdentity">
-GCPWorkloadIdentity
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.GCPSMAuthSecretRef">GCPSMAuthSecretRef
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.GCPSMAuth">GCPSMAuth</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>secretAccessKeySecretRef</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>The SecretAccessKey is used for authentication</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.GCPSMProvider">GCPSMProvider
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.SecretStoreProvider">SecretStoreProvider</a>)
-</p>
-<p>
-<p>GCPSMProvider Configures a store to sync secrets using the GCP Secret Manager provider.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>auth</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.GCPSMAuth">
-GCPSMAuth
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Auth defines the information necessary to authenticate against GCP</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>projectID</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>ProjectID project where secret is located</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.GCPWorkloadIdentity">GCPWorkloadIdentity
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.GCPSMAuth">GCPSMAuth</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>serviceAccountRef</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.ServiceAccountSelector
-</em>
-</td>
-<td>
-</td>
-</tr>
-<tr>
-<td>
-<code>clusterLocation</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-</td>
-</tr>
-<tr>
-<td>
-<code>clusterName</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-</td>
-</tr>
-<tr>
-<td>
-<code>clusterProjectID</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.GeneratorRef">GeneratorRef
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.SourceRef">SourceRef</a>)
-</p>
-<p>
-<p>GeneratorRef points to a generator custom resource.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>apiVersion</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>Specify the apiVersion of the generator resource</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>kind</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>Specify the Kind of the resource, e.g. Password, ACRAccessToken etc.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>name</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>Specify the name of the generator resource</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.GenericStore">GenericStore
-</h3>
-<p>
-<p>GenericStore is a common interface for interacting with ClusterSecretStore
-or a namespaced SecretStore.</p>
-</p>
-<h3 id="external-secrets.io/v1beta1.GenericStoreValidator">GenericStoreValidator
-</h3>
-<p>
-</p>
-<h3 id="external-secrets.io/v1beta1.GitlabAuth">GitlabAuth
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.GitlabProvider">GitlabProvider</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>SecretRef</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.GitlabSecretRef">
-GitlabSecretRef
-</a>
-</em>
-</td>
-<td>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.GitlabProvider">GitlabProvider
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.SecretStoreProvider">SecretStoreProvider</a>)
-</p>
-<p>
-<p>Configures a store to sync secrets with a GitLab instance.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>url</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>URL configures the GitLab instance URL. Defaults to <a href="https://gitlab.com/">https://gitlab.com/</a>.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>auth</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.GitlabAuth">
-GitlabAuth
-</a>
-</em>
-</td>
-<td>
-<p>Auth configures how secret-manager authenticates with a GitLab instance.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>projectID</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>ProjectID specifies a project where secrets are located.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>inheritFromGroups</code></br>
-<em>
-bool
-</em>
-</td>
-<td>
-<p>InheritFromGroups specifies whether parent groups should be discovered and checked for secrets.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>groupIDs</code></br>
-<em>
-[]string
-</em>
-</td>
-<td>
-<p>GroupIDs specify, which gitlab groups to pull secrets from. Group secrets are read from left to right followed by the project variables.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>environment</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>Environment environment_scope of gitlab CI/CD variables (Please see <a href="https://docs.gitlab.com/ee/ci/environments/#create-a-static-environment">https://docs.gitlab.com/ee/ci/environments/#create-a-static-environment</a> on how to create environments)</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.GitlabSecretRef">GitlabSecretRef
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.GitlabAuth">GitlabAuth</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>accessToken</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
-</em>
-</td>
-<td>
-<p>AccessToken is used for authentication.</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.IBMAuth">IBMAuth
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.IBMProvider">IBMProvider</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>secretRef</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.IBMAuthSecretRef">
-IBMAuthSecretRef
-</a>
-</em>
-</td>
-<td>
-</td>
-</tr>
-<tr>
-<td>
-<code>containerAuth</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.IBMAuthContainerAuth">
-IBMAuthContainerAuth
-</a>
-</em>
-</td>
-<td>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.IBMAuthContainerAuth">IBMAuthContainerAuth
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.IBMAuth">IBMAuth</a>)
-</p>
-<p>
-<p>IBM Container-based auth with IAM Trusted Profile.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>profile</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>the IBM Trusted Profile</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>tokenLocation</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>Location the token is mounted on the pod</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>iamEndpoint</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.IBMAuthSecretRef">IBMAuthSecretRef
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.IBMAuth">IBMAuth</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>secretApiKeySecretRef</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
-</em>
-</td>
-<td>
-<p>The SecretAccessKey is used for authentication</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.IBMProvider">IBMProvider
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.SecretStoreProvider">SecretStoreProvider</a>)
-</p>
-<p>
-<p>Configures an store to sync secrets using a IBM Cloud Secrets Manager
-backend.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>auth</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.IBMAuth">
-IBMAuth
-</a>
-</em>
-</td>
-<td>
-<p>Auth configures how secret-manager authenticates with the IBM secrets manager.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>serviceUrl</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>ServiceURL is the Endpoint URL that is specific to the Secrets Manager service instance</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.KubernetesAuth">KubernetesAuth
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.KubernetesProvider">KubernetesProvider</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>cert</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.CertAuth">
-CertAuth
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>has both clientCert and clientKey as secretKeySelector</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>token</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.TokenAuth">
-TokenAuth
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>use static token to authenticate with</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>serviceAccount</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.ServiceAccountSelector
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>points to a service account that should be used for authentication</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.KubernetesProvider">KubernetesProvider
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.SecretStoreProvider">SecretStoreProvider</a>)
-</p>
-<p>
-<p>Configures a store to sync secrets with a Kubernetes instance.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>server</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.KubernetesServer">
-KubernetesServer
-</a>
-</em>
-</td>
-<td>
-<p>configures the Kubernetes server Address.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>auth</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.KubernetesAuth">
-KubernetesAuth
-</a>
-</em>
-</td>
-<td>
-<p>Auth configures how secret-manager authenticates with a Kubernetes instance.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>remoteNamespace</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Remote namespace to fetch the secrets from</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.KubernetesServer">KubernetesServer
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.KubernetesProvider">KubernetesProvider</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>url</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>configures the Kubernetes server Address.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>caBundle</code></br>
-<em>
-[]byte
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>CABundle is a base64-encoded CA certificate</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>caProvider</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.CAProvider">
-CAProvider
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>see: <a href="https://external-secrets.io/v0.4.1/spec/#external-secrets.io/v1alpha1.CAProvider">https://external-secrets.io/v0.4.1/spec/#external-secrets.io/v1alpha1.CAProvider</a></p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.NoSecretError">NoSecretError
-</h3>
-<p>
-<p>NoSecretError shall be returned when a GetSecret can not find the
-desired secret. This is used for deletionPolicy.</p>
-</p>
-<h3 id="external-secrets.io/v1beta1.OnePasswordAuth">OnePasswordAuth
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.OnePasswordProvider">OnePasswordProvider</a>)
-</p>
-<p>
-<p>OnePasswordAuth contains a secretRef for credentials.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>secretRef</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.OnePasswordAuthSecretRef">
-OnePasswordAuthSecretRef
-</a>
-</em>
-</td>
-<td>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.OnePasswordAuthSecretRef">OnePasswordAuthSecretRef
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.OnePasswordAuth">OnePasswordAuth</a>)
-</p>
-<p>
-<p>OnePasswordAuthSecretRef holds secret references for 1Password credentials.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>connectTokenSecretRef</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
-</em>
-</td>
-<td>
-<p>The ConnectToken is used for authentication to a 1Password Connect Server.</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.OnePasswordProvider">OnePasswordProvider
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.SecretStoreProvider">SecretStoreProvider</a>)
-</p>
-<p>
-<p>OnePasswordProvider configures a store to sync secrets using the 1Password Secret Manager provider.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>auth</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.OnePasswordAuth">
-OnePasswordAuth
-</a>
-</em>
-</td>
-<td>
-<p>Auth defines the information necessary to authenticate against OnePassword Connect Server</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>connectHost</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>ConnectHost defines the OnePassword Connect Server to connect to</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>vaults</code></br>
-<em>
-map[string]int
-</em>
-</td>
-<td>
-<p>Vaults defines which OnePassword vaults to search in which order</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.OracleAuth">OracleAuth
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.OracleProvider">OracleProvider</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>tenancy</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>Tenancy is the tenancy OCID where user is located.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>user</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>User is an access OCID specific to the account.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>secretRef</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.OracleSecretRef">
-OracleSecretRef
-</a>
-</em>
-</td>
-<td>
-<p>SecretRef to pass through sensitive information.</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.OracleProvider">OracleProvider
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.SecretStoreProvider">SecretStoreProvider</a>)
-</p>
-<p>
-<p>Configures an store to sync secrets using a Oracle Vault
-backend.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>region</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>Region is the region where vault is located.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>vault</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>Vault is the vault&rsquo;s OCID of the specific vault where secret is located.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>auth</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.OracleAuth">
-OracleAuth
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Auth configures how secret-manager authenticates with the Oracle Vault.
-If empty, use the instance principal, otherwise the user credentials specified in Auth.</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.OracleSecretRef">OracleSecretRef
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.OracleAuth">OracleAuth</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>privatekey</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
-</em>
-</td>
-<td>
-<p>PrivateKey is the user&rsquo;s API Signing Key in PEM format, used for authentication.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>fingerprint</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
-</em>
-</td>
-<td>
-<p>Fingerprint is the fingerprint of the API private key.</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.Provider">Provider
-</h3>
-<p>
-<p>Provider is a common interface for interacting with secret backends.</p>
-</p>
-<h3 id="external-secrets.io/v1beta1.PushRemoteRef">PushRemoteRef
-</h3>
-<p>
-<p>This interface is to allow using v1alpha1 content in Provider registered in v1beta1.</p>
-</p>
-<h3 id="external-secrets.io/v1beta1.SecretStore">SecretStore
-</h3>
-<p>
-<p>SecretStore represents a secure external location for storing secrets, which can be referenced as part of <code>storeRef</code> fields.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>metadata</code></br>
-<em>
-<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta">
-Kubernetes meta/v1.ObjectMeta
-</a>
-</em>
-</td>
-<td>
-Refer to the Kubernetes API documentation for the fields of the
-<code>metadata</code> field.
-</td>
-</tr>
-<tr>
-<td>
-<code>spec</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.SecretStoreSpec">
-SecretStoreSpec
-</a>
-</em>
-</td>
-<td>
-<br/>
-<br/>
-<table>
-<tr>
-<td>
-<code>controller</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Used to select the correct KES controller (think: ingress.ingressClassName)
-The KES controller is instantiated with a specific controller name and filters ES based on this property</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>provider</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.SecretStoreProvider">
-SecretStoreProvider
-</a>
-</em>
-</td>
-<td>
-<p>Used to configure the provider. Only one provider may be set</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>retrySettings</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.SecretStoreRetrySettings">
-SecretStoreRetrySettings
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Used to configure http retries if failed</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>refreshInterval</code></br>
-<em>
-int
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Used to configure store refresh interval in seconds. Empty or 0 will default to the controller config.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>conditions</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.ClusterSecretStoreCondition">
-[]ClusterSecretStoreCondition
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Used to constraint a ClusterSecretStore to specific namespaces. Relevant only to ClusterSecretStore</p>
-</td>
-</tr>
-</table>
-</td>
-</tr>
-<tr>
-<td>
-<code>status</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.SecretStoreStatus">
-SecretStoreStatus
-</a>
-</em>
-</td>
-<td>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.SecretStoreCapabilities">SecretStoreCapabilities
-(<code>string</code> alias)</p></h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.SecretStoreStatus">SecretStoreStatus</a>)
-</p>
-<p>
-<p>SecretStoreCapabilities defines the possible operations a SecretStore can do.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Value</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody><tr><td><p>&#34;ReadOnly&#34;</p></td>
-<td></td>
-</tr><tr><td><p>&#34;ReadWrite&#34;</p></td>
-<td></td>
-</tr><tr><td><p>&#34;WriteOnly&#34;</p></td>
-<td></td>
-</tr></tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.SecretStoreConditionType">SecretStoreConditionType
-(<code>string</code> alias)</p></h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.SecretStoreStatusCondition">SecretStoreStatusCondition</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Value</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody><tr><td><p>&#34;Ready&#34;</p></td>
-<td></td>
-</tr></tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.SecretStoreProvider">SecretStoreProvider
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.SecretStoreSpec">SecretStoreSpec</a>)
-</p>
-<p>
-<p>SecretStoreProvider contains the provider-specific configuration.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>aws</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.AWSProvider">
-AWSProvider
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>AWS configures this store to sync secrets using AWS Secret Manager provider</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>azurekv</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.AzureKVProvider">
-AzureKVProvider
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>AzureKV configures this store to sync secrets using Azure Key Vault provider</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>akeyless</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.AkeylessProvider">
-AkeylessProvider
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Akeyless configures this store to sync secrets using Akeyless Vault provider</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>vault</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.VaultProvider">
-VaultProvider
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Vault configures this store to sync secrets using Hashi provider</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>gcpsm</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.GCPSMProvider">
-GCPSMProvider
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>GCPSM configures this store to sync secrets using Google Cloud Platform Secret Manager provider</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>oracle</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.OracleProvider">
-OracleProvider
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Oracle configures this store to sync secrets using Oracle Vault provider</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>ibm</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.IBMProvider">
-IBMProvider
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>IBM configures this store to sync secrets using IBM Cloud provider</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>yandexcertificatemanager</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.YandexCertificateManagerProvider">
-YandexCertificateManagerProvider
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>YandexCertificateManager configures this store to sync secrets using Yandex Certificate Manager provider</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>yandexlockbox</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.YandexLockboxProvider">
-YandexLockboxProvider
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>YandexLockbox configures this store to sync secrets using Yandex Lockbox provider</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>gitlab</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.GitlabProvider">
-GitlabProvider
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Gitlab configures this store to sync secrets using Gitlab Variables provider</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>alibaba</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.AlibabaProvider">
-AlibabaProvider
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Alibaba configures this store to sync secrets using Alibaba Cloud provider</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>onepassword</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.OnePasswordProvider">
-OnePasswordProvider
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>OnePassword configures this store to sync secrets using the 1Password Cloud provider</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>webhook</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.WebhookProvider">
-WebhookProvider
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Webhook configures this store to sync secrets using a generic templated webhook</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>kubernetes</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.KubernetesProvider">
-KubernetesProvider
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Kubernetes configures this store to sync secrets using a Kubernetes cluster provider</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>fake</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.FakeProvider">
-FakeProvider
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Fake configures a store with static key/value pairs</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>senhasegura</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.SenhaseguraProvider">
-SenhaseguraProvider
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Senhasegura configures this store to sync secrets using senhasegura provider</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>doppler</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.DopplerProvider">
-DopplerProvider
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Doppler configures this store to sync secrets using the Doppler provider</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.SecretStoreRef">SecretStoreRef
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretSpec">ExternalSecretSpec</a>, 
-<a href="#external-secrets.io/v1beta1.SourceRef">SourceRef</a>)
-</p>
-<p>
-<p>SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>name</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>Name of the SecretStore resource</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>kind</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
-Defaults to <code>SecretStore</code></p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.SecretStoreRetrySettings">SecretStoreRetrySettings
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.SecretStoreSpec">SecretStoreSpec</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>maxRetries</code></br>
-<em>
-int32
-</em>
-</td>
-<td>
-</td>
-</tr>
-<tr>
-<td>
-<code>retryInterval</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.SecretStoreSpec">SecretStoreSpec
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.ClusterSecretStore">ClusterSecretStore</a>, 
-<a href="#external-secrets.io/v1beta1.SecretStore">SecretStore</a>)
-</p>
-<p>
-<p>SecretStoreSpec defines the desired state of SecretStore.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>controller</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Used to select the correct KES controller (think: ingress.ingressClassName)
-The KES controller is instantiated with a specific controller name and filters ES based on this property</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>provider</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.SecretStoreProvider">
-SecretStoreProvider
-</a>
-</em>
-</td>
-<td>
-<p>Used to configure the provider. Only one provider may be set</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>retrySettings</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.SecretStoreRetrySettings">
-SecretStoreRetrySettings
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Used to configure http retries if failed</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>refreshInterval</code></br>
-<em>
-int
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Used to configure store refresh interval in seconds. Empty or 0 will default to the controller config.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>conditions</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.ClusterSecretStoreCondition">
-[]ClusterSecretStoreCondition
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Used to constraint a ClusterSecretStore to specific namespaces. Relevant only to ClusterSecretStore</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.SecretStoreStatus">SecretStoreStatus
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.ClusterSecretStore">ClusterSecretStore</a>, 
-<a href="#external-secrets.io/v1beta1.SecretStore">SecretStore</a>)
-</p>
-<p>
-<p>SecretStoreStatus defines the observed state of the SecretStore.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>conditions</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.SecretStoreStatusCondition">
-[]SecretStoreStatusCondition
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-</td>
-</tr>
-<tr>
-<td>
-<code>capabilities</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.SecretStoreCapabilities">
-SecretStoreCapabilities
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.SecretStoreStatusCondition">SecretStoreStatusCondition
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.SecretStoreStatus">SecretStoreStatus</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>type</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.SecretStoreConditionType">
-SecretStoreConditionType
-</a>
-</em>
-</td>
-<td>
-</td>
-</tr>
-<tr>
-<td>
-<code>status</code></br>
-<em>
-<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#conditionstatus-v1-core">
-Kubernetes core/v1.ConditionStatus
-</a>
-</em>
-</td>
-<td>
-</td>
-</tr>
-<tr>
-<td>
-<code>reason</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-</td>
-</tr>
-<tr>
-<td>
-<code>message</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-</td>
-</tr>
-<tr>
-<td>
-<code>lastTransitionTime</code></br>
-<em>
-<a href="https://godoc.org/k8s.io/apimachinery/pkg/apis/meta/v1#Time">
-Kubernetes meta/v1.Time
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.SecretsClient">SecretsClient
-</h3>
-<p>
-<p>SecretsClient provides access to secrets.</p>
-</p>
-<h3 id="external-secrets.io/v1beta1.SenhaseguraAuth">SenhaseguraAuth
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.SenhaseguraProvider">SenhaseguraProvider</a>)
-</p>
-<p>
-<p>SenhaseguraAuth tells the controller how to do auth in senhasegura.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>clientId</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-</td>
-</tr>
-<tr>
-<td>
-<code>clientSecretSecretRef</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
-</em>
-</td>
-<td>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.SenhaseguraModuleType">SenhaseguraModuleType
-(<code>string</code> alias)</p></h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.SenhaseguraProvider">SenhaseguraProvider</a>)
-</p>
-<p>
-<p>SenhaseguraModuleType enum defines senhasegura target module to fetch secrets</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Value</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody><tr><td><p>&#34;DSM&#34;</p></td>
-<td><pre><code> SenhaseguraModuleDSM is the senhasegura DevOps Secrets Management module
-see: https://senhasegura.com/devops
-</code></pre>
-</td>
-</tr></tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.SenhaseguraProvider">SenhaseguraProvider
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.SecretStoreProvider">SecretStoreProvider</a>)
-</p>
-<p>
-<p>SenhaseguraProvider setup a store to sync secrets with senhasegura.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>url</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>URL of senhasegura</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>module</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.SenhaseguraModuleType">
-SenhaseguraModuleType
-</a>
-</em>
-</td>
-<td>
-<p>Module defines which senhasegura module should be used to get secrets</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>auth</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.SenhaseguraAuth">
-SenhaseguraAuth
-</a>
-</em>
-</td>
-<td>
-<p>Auth defines parameters to authenticate in senhasegura</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>ignoreSslCertificate</code></br>
-<em>
-bool
-</em>
-</td>
-<td>
-<p>IgnoreSslCertificate defines if SSL certificate must be ignored</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.SourceRef">SourceRef
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretData">ExternalSecretData</a>, 
-<a href="#external-secrets.io/v1beta1.ExternalSecretDataFromRemoteRef">ExternalSecretDataFromRemoteRef</a>)
-</p>
-<p>
-<p>SourceRef allows you to override the source
-from which the secret will be pulled from.
-You can define at maximum one property.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>storeRef</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.SecretStoreRef">
-SecretStoreRef
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-</td>
-</tr>
-<tr>
-<td>
-<code>generatorRef</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.GeneratorRef">
-GeneratorRef
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>GeneratorRef points to a generator custom resource in</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.TemplateEngineVersion">TemplateEngineVersion
-(<code>string</code> alias)</p></h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretTemplate">ExternalSecretTemplate</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Value</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody><tr><td><p>&#34;v1&#34;</p></td>
-<td></td>
-</tr><tr><td><p>&#34;v2&#34;</p></td>
-<td></td>
-</tr></tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.TemplateFrom">TemplateFrom
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.ExternalSecretTemplate">ExternalSecretTemplate</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>configMap</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.TemplateRef">
-TemplateRef
-</a>
-</em>
-</td>
-<td>
-</td>
-</tr>
-<tr>
-<td>
-<code>secret</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.TemplateRef">
-TemplateRef
-</a>
-</em>
-</td>
-<td>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.TemplateRef">TemplateRef
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.TemplateFrom">TemplateFrom</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>name</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-</td>
-</tr>
-<tr>
-<td>
-<code>items</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.TemplateRefItem">
-[]TemplateRefItem
-</a>
-</em>
-</td>
-<td>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.TemplateRefItem">TemplateRefItem
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.TemplateRef">TemplateRef</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>key</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.TokenAuth">TokenAuth
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.KubernetesAuth">KubernetesAuth</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>bearerToken</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
-</em>
-</td>
-<td>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.ValidationResult">ValidationResult
-(<code>byte</code> alias)</p></h3>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Value</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody><tr><td><p>2</p></td>
-<td><p>Error indicates that there is a misconfiguration.</p>
-</td>
-</tr><tr><td><p>0</p></td>
-<td><p>Ready indicates that the client is confgured correctly
-and can be used.</p>
-</td>
-</tr><tr><td><p>1</p></td>
-<td><p>Unknown indicates that the client can be used
-but information is missing and it can not be validated.</p>
-</td>
-</tr></tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.VaultAppRole">VaultAppRole
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.VaultAuth">VaultAuth</a>)
-</p>
-<p>
-<p>VaultAppRole authenticates with Vault using the App Role auth mechanism,
-with the role and secret stored in a Kubernetes Secret resource.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>path</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>Path where the App Role authentication backend is mounted
-in Vault, e.g: &ldquo;approle&rdquo;</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>roleId</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>RoleID configured in the App Role authentication backend when setting
-up the authentication backend in Vault.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>secretRef</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
-</em>
-</td>
-<td>
-<p>Reference to a key in a Secret that contains the App Role secret used
-to authenticate with Vault.
-The <code>key</code> field must be specified and denotes which entry within the Secret
-resource is used as the app role secret.</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.VaultAuth">VaultAuth
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.VaultProvider">VaultProvider</a>)
-</p>
-<p>
-<p>VaultAuth is the configuration used to authenticate with a Vault server.
-Only one of <code>tokenSecretRef</code>, <code>appRole</code>,  <code>kubernetes</code>, <code>ldap</code>, <code>jwt</code> or <code>cert</code>
-can be specified.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>tokenSecretRef</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>TokenSecretRef authenticates with Vault by presenting a token.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>appRole</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.VaultAppRole">
-VaultAppRole
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>AppRole authenticates with Vault using the App Role auth mechanism,
-with the role and secret stored in a Kubernetes Secret resource.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>kubernetes</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.VaultKubernetesAuth">
-VaultKubernetesAuth
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Kubernetes authenticates with Vault by passing the ServiceAccount
-token stored in the named Secret resource to the Vault server.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>ldap</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.VaultLdapAuth">
-VaultLdapAuth
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Ldap authenticates with Vault by passing username/password pair using
-the LDAP authentication method</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>jwt</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.VaultJwtAuth">
-VaultJwtAuth
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Jwt authenticates with Vault by passing role and JWT token using the
-JWT/OIDC authentication method</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>cert</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.VaultCertAuth">
-VaultCertAuth
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate
-Cert authentication method</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.VaultCertAuth">VaultCertAuth
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.VaultAuth">VaultAuth</a>)
-</p>
-<p>
-<p>VaultJwtAuth authenticates with Vault using the JWT/OIDC authentication
-method, with the role name and token stored in a Kubernetes Secret resource.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>clientCert</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>ClientCert is a certificate to authenticate using the Cert Vault
-authentication method</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>secretRef</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
-</em>
-</td>
-<td>
-<p>SecretRef to a key in a Secret resource containing client private key to
-authenticate with Vault using the Cert authentication method</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.VaultJwtAuth">VaultJwtAuth
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.VaultAuth">VaultAuth</a>)
-</p>
-<p>
-<p>VaultJwtAuth authenticates with Vault using the JWT/OIDC authentication
-method, with the role name and a token stored in a Kubernetes Secret resource or
-a Kubernetes service account token retrieved via <code>TokenRequest</code>.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>path</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>Path where the JWT authentication backend is mounted
-in Vault, e.g: &ldquo;jwt&rdquo;</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>role</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Role is a JWT role to authenticate using the JWT/OIDC Vault
-authentication method</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>secretRef</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Optional SecretRef that refers to a key in a Secret resource containing JWT token to
-authenticate with Vault using the JWT/OIDC authentication method.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>kubernetesServiceAccountToken</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.VaultKubernetesServiceAccountTokenAuth">
-VaultKubernetesServiceAccountTokenAuth
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Optional ServiceAccountToken specifies the Kubernetes service account for which to request
-a token for with the <code>TokenRequest</code> API.</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.VaultKVStoreVersion">VaultKVStoreVersion
-(<code>string</code> alias)</p></h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.VaultProvider">VaultProvider</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Value</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody><tr><td><p>&#34;v1&#34;</p></td>
-<td></td>
-</tr><tr><td><p>&#34;v2&#34;</p></td>
-<td></td>
-</tr></tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.VaultKubernetesAuth">VaultKubernetesAuth
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.VaultAuth">VaultAuth</a>)
-</p>
-<p>
-<p>Authenticate against Vault using a Kubernetes ServiceAccount token stored in
-a Secret.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>mountPath</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>Path where the Kubernetes authentication backend is mounted in Vault, e.g:
-&ldquo;kubernetes&rdquo;</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>serviceAccountRef</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.ServiceAccountSelector
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Optional service account field containing the name of a kubernetes ServiceAccount.
-If the service account is specified, the service account secret token JWT will be used
-for authenticating with Vault. If the service account selector is not supplied,
-the secretRef will be used instead.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>secretRef</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Optional secret field containing a Kubernetes ServiceAccount JWT used
-for authenticating with Vault. If a name is specified without a key,
-<code>token</code> is the default. If one is not specified, the one bound to
-the controller will be used.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>role</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>A required field containing the Vault Role to assume. A Role binds a
-Kubernetes ServiceAccount with a set of Vault policies.</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.VaultKubernetesServiceAccountTokenAuth">VaultKubernetesServiceAccountTokenAuth
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.VaultJwtAuth">VaultJwtAuth</a>)
-</p>
-<p>
-<p>VaultKubernetesServiceAccountTokenAuth authenticates with Vault using a temporary
-Kubernetes service account token retrieved by the <code>TokenRequest</code> API.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>serviceAccountRef</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.ServiceAccountSelector
-</em>
-</td>
-<td>
-<p>Service account field containing the name of a kubernetes ServiceAccount.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>audiences</code></br>
-<em>
-[]string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Optional audiences field that will be used to request a temporary Kubernetes service
-account token for the service account referenced by <code>serviceAccountRef</code>.
-Defaults to a single audience <code>vault</code> it not specified.
-Deprecated: use serviceAccountRef.Audiences instead</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>expirationSeconds</code></br>
-<em>
-int64
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Optional expiration time in seconds that will be used to request a temporary
-Kubernetes service account token for the service account referenced by
-<code>serviceAccountRef</code>.
-Deprecated: this will be removed in the future.
-Defaults to 10 minutes.</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.VaultLdapAuth">VaultLdapAuth
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.VaultAuth">VaultAuth</a>)
-</p>
-<p>
-<p>VaultLdapAuth authenticates with Vault using the LDAP authentication method,
-with the username and password stored in a Kubernetes Secret resource.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>path</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>Path where the LDAP authentication backend is mounted
-in Vault, e.g: &ldquo;ldap&rdquo;</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>username</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>Username is a LDAP user name used to authenticate using the LDAP Vault
-authentication method</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>secretRef</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
-</em>
-</td>
-<td>
-<p>SecretRef to a key in a Secret resource containing password for the LDAP
-user used to authenticate with Vault using the LDAP authentication
-method</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.VaultProvider">VaultProvider
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.SecretStoreProvider">SecretStoreProvider</a>)
-</p>
-<p>
-<p>Configures an store to sync secrets using a HashiCorp Vault
-KV backend.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>auth</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.VaultAuth">
-VaultAuth
-</a>
-</em>
-</td>
-<td>
-<p>Auth configures how secret-manager authenticates with the Vault server.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>server</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>Server is the connection address for the Vault server, e.g: &ldquo;<a href="https://vault.example.com:8200&quot;">https://vault.example.com:8200&rdquo;</a>.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>path</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Path is the mount path of the Vault KV backend endpoint, e.g:
-&ldquo;secret&rdquo;. The v2 KV secret engine version specific &ldquo;/data&rdquo; path suffix
-for fetching secrets from Vault is optional and will be appended
-if not present in specified path.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>version</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.VaultKVStoreVersion">
-VaultKVStoreVersion
-</a>
-</em>
-</td>
-<td>
-<p>Version is the Vault KV secret engine version. This can be either &ldquo;v1&rdquo; or
-&ldquo;v2&rdquo;. Version defaults to &ldquo;v2&rdquo;.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>namespace</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows
-Vault environments to support Secure Multi-tenancy. e.g: &ldquo;ns1&rdquo;.
-More about namespaces can be found here <a href="https://www.vaultproject.io/docs/enterprise/namespaces">https://www.vaultproject.io/docs/enterprise/namespaces</a></p>
-</td>
-</tr>
-<tr>
-<td>
-<code>caBundle</code></br>
-<em>
-[]byte
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>PEM encoded CA bundle used to validate Vault server certificate. Only used
-if the Server URL is using HTTPS protocol. This parameter is ignored for
-plain HTTP protocol connection. If not set the system root certificates
-are used to validate the TLS connection.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>caProvider</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.CAProvider">
-CAProvider
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>The provider for the CA bundle to use to validate Vault server certificate.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>readYourWrites</code></br>
-<em>
-bool
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>ReadYourWrites ensures isolated read-after-write semantics by
-providing discovered cluster replication states in each request.
-More information about eventual consistency in Vault can be found here
-<a href="https://www.vaultproject.io/docs/enterprise/consistency">https://www.vaultproject.io/docs/enterprise/consistency</a></p>
-</td>
-</tr>
-<tr>
-<td>
-<code>forwardInconsistent</code></br>
-<em>
-bool
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>ForwardInconsistent tells Vault to forward read-after-write requests to the Vault
-leader instead of simply retrying within a loop. This can increase performance if
-the option is enabled serverside.
-<a href="https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header">https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header</a></p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.WebhookCAProvider">WebhookCAProvider
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.WebhookProvider">WebhookProvider</a>)
-</p>
-<p>
-<p>Defines a location to fetch the cert for the webhook provider from.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>type</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.WebhookCAProviderType">
-WebhookCAProviderType
-</a>
-</em>
-</td>
-<td>
-<p>The type of provider to use such as &ldquo;Secret&rdquo;, or &ldquo;ConfigMap&rdquo;.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>name</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>The name of the object located at the provider type.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>key</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>The key the value inside of the provider type to use, only used with &ldquo;Secret&rdquo; type</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>namespace</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>The namespace the Provider type is in.</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.WebhookCAProviderType">WebhookCAProviderType
-(<code>string</code> alias)</p></h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.WebhookCAProvider">WebhookCAProvider</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Value</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody><tr><td><p>&#34;ConfigMap&#34;</p></td>
-<td></td>
-</tr><tr><td><p>&#34;Secret&#34;</p></td>
-<td></td>
-</tr></tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.WebhookProvider">WebhookProvider
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.SecretStoreProvider">SecretStoreProvider</a>)
-</p>
-<p>
-<p>AkeylessProvider Configures an store to sync secrets using Akeyless KV.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>method</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>Webhook Method</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>url</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>Webhook url to call</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>headers</code></br>
-<em>
-map[string]string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Headers</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>body</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Body</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>timeout</code></br>
-<em>
-<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#duration-v1-meta">
-Kubernetes meta/v1.Duration
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Timeout</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>result</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.WebhookResult">
-WebhookResult
-</a>
-</em>
-</td>
-<td>
-<p>Result formatting</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>secrets</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.WebhookSecret">
-[]WebhookSecret
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Secrets to fill in templates
-These secrets will be passed to the templating function as key value pairs under the given name</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>caBundle</code></br>
-<em>
-[]byte
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>PEM encoded CA bundle used to validate webhook server certificate. Only used
-if the Server URL is using HTTPS protocol. This parameter is ignored for
-plain HTTP protocol connection. If not set the system root certificates
-are used to validate the TLS connection.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>caProvider</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.WebhookCAProvider">
-WebhookCAProvider
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>The provider for the CA bundle to use to validate webhook server certificate.</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.WebhookResult">WebhookResult
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.WebhookProvider">WebhookProvider</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>jsonPath</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Json path of return value</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.WebhookSecret">WebhookSecret
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.WebhookProvider">WebhookProvider</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>name</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>Name of this secret in templates</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>secretRef</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
-</em>
-</td>
-<td>
-<p>Secret ref to fill in credentials</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.YandexCertificateManagerAuth">YandexCertificateManagerAuth
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.YandexCertificateManagerProvider">YandexCertificateManagerProvider</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>authorizedKeySecretRef</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>The authorized key used for authentication</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.YandexCertificateManagerCAProvider">YandexCertificateManagerCAProvider
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.YandexCertificateManagerProvider">YandexCertificateManagerProvider</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>certSecretRef</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
-</em>
-</td>
-<td>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.YandexCertificateManagerProvider">YandexCertificateManagerProvider
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.SecretStoreProvider">SecretStoreProvider</a>)
-</p>
-<p>
-<p>YandexCertificateManagerProvider Configures a store to sync secrets using the Yandex Certificate Manager provider.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>apiEndpoint</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Yandex.Cloud API endpoint (e.g. &lsquo;api.cloud.yandex.net:443&rsquo;)</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>auth</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.YandexCertificateManagerAuth">
-YandexCertificateManagerAuth
-</a>
-</em>
-</td>
-<td>
-<p>Auth defines the information necessary to authenticate against Yandex Certificate Manager</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>caProvider</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.YandexCertificateManagerCAProvider">
-YandexCertificateManagerCAProvider
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>The provider for the CA bundle to use to validate Yandex.Cloud server certificate.</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.YandexLockboxAuth">YandexLockboxAuth
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.YandexLockboxProvider">YandexLockboxProvider</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>authorizedKeySecretRef</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>The authorized key used for authentication</p>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.YandexLockboxCAProvider">YandexLockboxCAProvider
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.YandexLockboxProvider">YandexLockboxProvider</a>)
-</p>
-<p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>certSecretRef</code></br>
-<em>
-github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
-</em>
-</td>
-<td>
-</td>
-</tr>
-</tbody>
-</table>
-<h3 id="external-secrets.io/v1beta1.YandexLockboxProvider">YandexLockboxProvider
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.SecretStoreProvider">SecretStoreProvider</a>)
-</p>
-<p>
-<p>YandexLockboxProvider Configures a store to sync secrets using the Yandex Lockbox provider.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>apiEndpoint</code></br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Yandex.Cloud API endpoint (e.g. &lsquo;api.cloud.yandex.net:443&rsquo;)</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>auth</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.YandexLockboxAuth">
-YandexLockboxAuth
-</a>
-</em>
-</td>
-<td>
-<p>Auth defines the information necessary to authenticate against Yandex Lockbox</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>caProvider</code></br>
-<em>
-<a href="#external-secrets.io/v1beta1.YandexLockboxCAProvider">
-YandexLockboxCAProvider
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>The provider for the CA bundle to use to validate Yandex.Cloud server certificate.</p>
-</td>
-</tr>
-</tbody>
-</table>
-<hr/>
-<p><em>
-Generated with <code>gen-crd-api-reference-docs</code>.
-</em></p>
-
-              
-            </article>
-          </div>
-        </div>
-        
-      </main>
-      
-        <footer class="md-footer">
-  
-  <div class="md-footer-meta md-typeset">
-    <div class="md-footer-meta__inner md-grid">
-      <div class="md-copyright">
-  
-    <div class="md-copyright__highlight">
-      &copy; 2022 The external-secrets Authors.<br/>
-&copy; 2022 The Linux Foundation. All rights reserved.<br/><br/>
-The Linux Foundation has registered trademarks and uses trademarks.<br/>
-For a list of trademarks of The Linux Foundation, please see our <a href="https://www.linuxfoundation.org/trademark-usage/">Trademark Usage page</a>.
-
-    </div>
-  
-  
-    Made with
-    <a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
-      Material for MkDocs
-    </a>
-  
-</div>
-      
-    </div>
-  </div>
-</footer>
-      
-    </div>
-    <div class="md-dialog" data-md-component="dialog">
-      <div class="md-dialog__inner md-typeset"></div>
-    </div>
-    <script id="__config" type="application/json">{"base": "..", "features": ["navigation.tabs", "navigation.indexes", "navigation.expand"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../assets/javascripts/workers/search.092fa1f6.min.js", "version": {"provider": "mike"}}</script>
-    
-    
-      <script src="../assets/javascripts/bundle.e3b2bf44.min.js"></script>
-      
-    
-  </body>
-</html>

unstable/spec/index.html

@@ -1,16 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-  <meta charset="utf-8">
-  <title>Redirecting</title>
-  <noscript>
-    <meta http-equiv="refresh" content="1; url=../../main/spec/" />
-  </noscript>
-  <script>
-    window.location.replace("../../main/spec/" + window.location.hash);
-  </script>
-</head>
-<body>
-  Redirecting to <a href="../../main/spec/">../../main/spec/</a>...
-</body>
-</html>