feat: add CRD validation for resource name/key fields (#4104)

* Add CRD validation for name/key fields

Signed-off-by: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com>

* add output of check-diff

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

---------

Signed-off-by: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com>
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

apis/externalsecrets/v1alpha1/externalsecret_types.go

@@ -22,11 +22,15 @@ import (
 // SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
 type SecretStoreRef struct {
 	// Name of the SecretStore resource
-	Name string `json:"name"`
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+	Name string `json:"name,omitempty"`
 
 	// Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
 	// Defaults to `SecretStore`
 	// +optional
+	// +kubebuilder:validation:Enum=SecretStore;ClusterSecretStore
 	Kind string `json:"kind,omitempty"`
 }
 
@@ -92,25 +96,37 @@ type TemplateFrom struct {
 }
 
 type TemplateRef struct {
-	Name  string            `json:"name"`
+	// The name of the ConfigMap/Secret resource
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+	Name string `json:"name"`
+
+	// A list of keys in the ConfigMap/Secret to use as templates for Secret data
 	Items []TemplateRefItem `json:"items"`
 }
 
 type TemplateRefItem struct {
+	// A key in the ConfigMap/Secret
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[-._a-zA-Z0-9]+$
 	Key string `json:"key"`
 }
 
 // ExternalSecretTarget defines the Kubernetes Secret to be created
 // There can be only one target per ExternalSecret.
 type ExternalSecretTarget struct {
-	// Name defines the name of the Secret resource to be managed
-	// This field is immutable
+	// The name of the Secret resource to be managed.
 	// Defaults to the .metadata.name of the ExternalSecret resource
 	// +optional
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
 	Name string `json:"name,omitempty"`
 
-	// CreationPolicy defines rules on how to create the resulting Secret
-	// Defaults to 'Owner'
+	// CreationPolicy defines rules on how to create the resulting Secret.
+	// Defaults to "Owner"
 	// +optional
 	// +kubebuilder:default="Owner"
 	CreationPolicy ExternalSecretCreationPolicy `json:"creationPolicy,omitempty"`
@@ -126,6 +142,10 @@ type ExternalSecretTarget struct {
 
 // ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.<key>) and the Provider data.
 type ExternalSecretData struct {
+	// The key in the Kubernetes Secret to store the value.
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[-._a-zA-Z0-9]+$
 	SecretKey string `json:"secretKey"`
 
 	RemoteRef ExternalSecretDataRemoteRef `json:"remoteRef"`
@@ -140,11 +160,12 @@ type ExternalSecretDataRemoteRef struct {
 	// +optional
 	Version string `json:"version,omitempty"`
 
-	// +optional
 	// Used to select a specific property of the Provider value (if a map), if supported
-	Property string `json:"property,omitempty"`
 	// +optional
+	Property string `json:"property,omitempty"`
+
 	// Used to define a conversion Strategy
+	// +optional
 	// +kubebuilder:default="Default"
 	ConversionStrategy ExternalSecretConversionStrategy `json:"conversionStrategy,omitempty"`
 }

apis/externalsecrets/v1alpha1/pushsecret_types.go

@@ -30,14 +30,19 @@ const (
 type PushSecretStoreRef struct {
 	// Optionally, sync to the SecretStore of the given name
 	// +optional
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
 	Name string `json:"name,omitempty"`
+
 	// Optionally, sync to secret stores with label selector
 	// +optional
 	LabelSelector *metav1.LabelSelector `json:"labelSelector,omitempty"`
+
 	// Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
-	// Defaults to `SecretStore`
-	// +kubebuilder:default="SecretStore"
 	// +optional
+	// +kubebuilder:default="SecretStore"
+	// +kubebuilder:validation:Enum=SecretStore;ClusterSecretStore
 	Kind string `json:"kind,omitempty"`
 }
 
@@ -68,27 +73,37 @@ const (
 // PushSecretSpec configures the behavior of the PushSecret.
 type PushSecretSpec struct {
 	// The Interval to which External Secrets will try to push a secret definition
-	RefreshInterval *metav1.Duration     `json:"refreshInterval,omitempty"`
+	RefreshInterval *metav1.Duration `json:"refreshInterval,omitempty"`
+
 	SecretStoreRefs []PushSecretStoreRef `json:"secretStoreRefs"`
-	// UpdatePolicy to handle Secrets in the provider. Possible Values: "Replace/IfNotExists". Defaults to "Replace".
+
+	// UpdatePolicy to handle Secrets in the provider.
 	// +kubebuilder:default="Replace"
 	// +optional
 	UpdatePolicy PushSecretUpdatePolicy `json:"updatePolicy,omitempty"`
-	// Deletion Policy to handle Secrets in the provider. Possible Values: "Delete/None". Defaults to "None".
+
+	// Deletion Policy to handle Secrets in the provider.
 	// +kubebuilder:default="None"
 	// +optional
 	DeletionPolicy PushSecretDeletionPolicy `json:"deletionPolicy,omitempty"`
+
 	// The Secret Selector (k8s source) for the Push Secret
 	Selector PushSecretSelector `json:"selector"`
+
 	// Secret Data that should be pushed to providers
 	Data []PushSecretData `json:"data,omitempty"`
+
 	// Template defines a blueprint for the created Secret resource.
 	// +optional
 	Template *esv1beta1.ExternalSecretTemplate `json:"template,omitempty"`
 }
 
 type PushSecretSecret struct {
-	// Name of the Secret. The Secret must exist in the same namespace as the PushSecret manifest.
+	// Name of the Secret.
+	// The Secret must exist in the same namespace as the PushSecret manifest.
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
 	Name string `json:"name"`
 }
 

apis/externalsecrets/v1alpha1/secretstore_kubernetes_types.go

@@ -50,8 +50,11 @@ type KubernetesProvider struct {
 	Auth KubernetesAuth `json:"auth"`
 
 	// Remote namespace to fetch the secrets from
-	// +kubebuilder:default= default
 	// +optional
+	// +kubebuilder:default=default
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=63
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
 	RemoteNamespace string `json:"remoteNamespace,omitempty"`
 }
 

apis/externalsecrets/v1alpha1/secretstore_vault_types.go

@@ -39,14 +39,23 @@ type CAProvider struct {
 	Type CAProviderType `json:"type"`
 
 	// The name of the object located at the provider type.
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
 	Name string `json:"name"`
 
-	// The key the value inside of the provider type to use, only used with "Secret" type
+	// The key where the CA certificate can be found in the Secret or ConfigMap.
 	// +kubebuilder:validation:Optional
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[-._a-zA-Z0-9]+$
 	Key string `json:"key,omitempty"`
 
 	// The namespace the Provider type is in.
 	// +optional
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=63
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
 	Namespace *string `json:"namespace,omitempty"`
 }
 

apis/externalsecrets/v1alpha1/secretstore_webhook_types.go

@@ -75,14 +75,23 @@ type WebhookCAProvider struct {
 	Type WebhookCAProviderType `json:"type"`
 
 	// The name of the object located at the provider type.
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
 	Name string `json:"name"`
 
-	// The key the value inside of the provider type to use, only used with "Secret" type
+	// The key where the CA certificate can be found in the Secret or ConfigMap.
 	// +kubebuilder:validation:Optional
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[-._a-zA-Z0-9]+$
 	Key string `json:"key,omitempty"`
 
 	// The namespace the Provider type is in.
 	// +optional
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=63
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
 	Namespace *string `json:"namespace,omitempty"`
 }
 

apis/externalsecrets/v1beta1/clusterexternalsecret_types.go

@@ -24,8 +24,12 @@ type ClusterExternalSecretSpec struct {
 	// The spec for the ExternalSecrets to be created
 	ExternalSecretSpec ExternalSecretSpec `json:"externalSecretSpec"`
 
-	// The name of the external secrets to be created defaults to the name of the ClusterExternalSecret
+	// The name of the external secrets to be created.
+	// Defaults to the name of the ClusterExternalSecret
 	// +optional
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
 	ExternalSecretName string `json:"externalSecretName,omitempty"`
 
 	// The metadata of the external secrets to be created
@@ -43,6 +47,9 @@ type ClusterExternalSecretSpec struct {
 
 	// Choose namespaces by name. This field is ORed with anything that NamespaceSelectors ends up choosing.
 	// +optional
+	// +kubebuilder:validation:items:MinLength:=1
+	// +kubebuilder:validation:items:MaxLength:=63
+	// +kubebuilder:validation:items:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
 	Namespaces []string `json:"namespaces,omitempty"`
 
 	// The time in which the controller should reconcile its objects and recheck namespaces for labels.

apis/externalsecrets/v1beta1/externalsecret_types.go

@@ -22,11 +22,15 @@ import (
 // SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
 type SecretStoreRef struct {
 	// Name of the SecretStore resource
-	Name string `json:"name"`
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+	Name string `json:"name,omitempty"`
 
 	// Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
 	// Defaults to `SecretStore`
 	// +optional
+	// +kubebuilder:validation:Enum=SecretStore;ClusterSecretStore
 	Kind string `json:"kind,omitempty"`
 }
 
@@ -92,12 +96,16 @@ type ExternalSecretTemplate struct {
 	// template specified in .data and .templateFrom[].
 	// +kubebuilder:default="v2"
 	EngineVersion TemplateEngineVersion `json:"engineVersion,omitempty"`
+
 	// +optional
 	Metadata ExternalSecretTemplateMetadata `json:"metadata,omitempty"`
+
 	// +kubebuilder:default="Replace"
 	MergePolicy TemplateMergePolicy `json:"mergePolicy,omitempty"`
+
 	// +optional
 	Data map[string]string `json:"data,omitempty"`
+
 	// +optional
 	TemplateFrom []TemplateFrom `json:"templateFrom,omitempty"`
 }
@@ -121,10 +129,11 @@ const (
 type TemplateFrom struct {
 	ConfigMap *TemplateRef `json:"configMap,omitempty"`
 	Secret    *TemplateRef `json:"secret,omitempty"`
-	// +optional
+
 	// +optional
 	// +kubebuilder:default="Data"
 	Target TemplateTarget `json:"target,omitempty"`
+
 	// +optional
 	Literal *string `json:"literal,omitempty"`
 }
@@ -147,12 +156,23 @@ const (
 )
 
 type TemplateRef struct {
-	Name  string            `json:"name"`
+	// The name of the ConfigMap/Secret resource
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+	Name string `json:"name"`
+
+	// A list of keys in the ConfigMap/Secret to use as templates for Secret data
 	Items []TemplateRefItem `json:"items"`
 }
 
 type TemplateRefItem struct {
+	// A key in the ConfigMap/Secret
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[-._a-zA-Z0-9]+$
 	Key string `json:"key"`
+
 	// +kubebuilder:default="Values"
 	TemplateAs TemplateScope `json:"templateAs,omitempty"`
 }
@@ -160,22 +180,26 @@ type TemplateRefItem struct {
 // ExternalSecretTarget defines the Kubernetes Secret to be created
 // There can be only one target per ExternalSecret.
 type ExternalSecretTarget struct {
-	// Name defines the name of the Secret resource to be managed
-	// This field is immutable
+	// The name of the Secret resource to be managed.
 	// Defaults to the .metadata.name of the ExternalSecret resource
 	// +optional
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
 	Name string `json:"name,omitempty"`
 
-	// CreationPolicy defines rules on how to create the resulting Secret
-	// Defaults to 'Owner'
+	// CreationPolicy defines rules on how to create the resulting Secret.
+	// Defaults to "Owner"
 	// +optional
 	// +kubebuilder:default="Owner"
 	CreationPolicy ExternalSecretCreationPolicy `json:"creationPolicy,omitempty"`
-	// DeletionPolicy defines rules on how to delete the resulting Secret
-	// Defaults to 'Retain'
+
+	// DeletionPolicy defines rules on how to delete the resulting Secret.
+	// Defaults to "Retain"
 	// +optional
 	// +kubebuilder:default="Retain"
 	DeletionPolicy ExternalSecretDeletionPolicy `json:"deletionPolicy,omitempty"`
+
 	// Template defines a blueprint for the created Secret resource.
 	// +optional
 	Template *ExternalSecretTemplate `json:"template,omitempty"`
@@ -187,8 +211,10 @@ type ExternalSecretTarget struct {
 
 // ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.<key>) and the Provider data.
 type ExternalSecretData struct {
-	// SecretKey defines the key in which the controller stores
-	// the value. This is the key in the Kind=Secret
+	// The key in the Kubernetes Secret to store the value.
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[-._a-zA-Z0-9]+$
 	SecretKey string `json:"secretKey"`
 
 	// RemoteRef points to the remote secret and defines
@@ -196,7 +222,7 @@ type ExternalSecretData struct {
 	RemoteRef ExternalSecretDataRemoteRef `json:"remoteRef"`
 
 	// SourceRef allows you to override the source
-	// from which the value will pulled from.
+	// from which the value will be pulled.
 	SourceRef *StoreSourceRef `json:"sourceRef,omitempty"`
 }
 
@@ -338,6 +364,7 @@ type FindName struct {
 type ExternalSecretSpec struct {
 	// +optional
 	SecretStoreRef SecretStoreRef `json:"secretStoreRef,omitempty"`
+
 	// +kubebuilder:default={creationPolicy:Owner,deletionPolicy:Retain}
 	// +optional
 	Target ExternalSecretTarget `json:"target,omitempty"`
@@ -395,7 +422,11 @@ type GeneratorRef struct {
 	APIVersion string `json:"apiVersion,omitempty"`
 	// Specify the Kind of the resource, e.g. Password, ACRAccessToken, ClusterGenerator etc.
 	Kind string `json:"kind"`
+
 	// Specify the name of the generator resource
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
 	Name string `json:"name"`
 }
 

apis/externalsecrets/v1beta1/secretstore_kubernetes_types.go

@@ -49,8 +49,11 @@ type KubernetesProvider struct {
 	AuthRef *esmeta.SecretKeySelector `json:"authRef,omitempty"`
 
 	// Remote namespace to fetch the secrets from
-	// +kubebuilder:default= default
 	// +optional
+	// +kubebuilder:default=default
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=63
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
 	RemoteNamespace string `json:"remoteNamespace,omitempty"`
 }
 

apis/externalsecrets/v1beta1/secretstore_types.go

@@ -51,6 +51,9 @@ type ClusterSecretStoreCondition struct {
 
 	// Choose namespaces by name
 	// +optional
+	// +kubebuilder:validation:items:MinLength:=1
+	// +kubebuilder:validation:items:MaxLength:=63
+	// +kubebuilder:validation:items:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
 	Namespaces []string `json:"namespaces,omitempty"`
 
 	// Choose namespaces by using regex matching
@@ -211,15 +214,24 @@ type CAProvider struct {
 	Type CAProviderType `json:"type"`
 
 	// The name of the object located at the provider type.
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
 	Name string `json:"name"`
 
 	// The key where the CA certificate can be found in the Secret or ConfigMap.
 	// +kubebuilder:validation:Optional
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[-._a-zA-Z0-9]+$
 	Key string `json:"key,omitempty"`
 
 	// The namespace the Provider type is in.
 	// Can only be defined when used in a ClusterSecretStore.
 	// +optional
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=63
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
 	Namespace *string `json:"namespace,omitempty"`
 }
 

apis/externalsecrets/v1beta1/secretstore_webhook_types.go

@@ -75,14 +75,23 @@ type WebhookCAProvider struct {
 	Type WebhookCAProviderType `json:"type"`
 
 	// The name of the object located at the provider type.
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
 	Name string `json:"name"`
 
-	// The key the value inside of the provider type to use, only used with "Secret" type
+	// The key where the CA certificate can be found in the Secret or ConfigMap.
 	// +kubebuilder:validation:Optional
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[-._a-zA-Z0-9]+$
 	Key string `json:"key,omitempty"`
 
 	// The namespace the Provider type is in.
 	// +optional
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=63
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
 	Namespace *string `json:"namespace,omitempty"`
 }
 

apis/generators/v1alpha1/generator_webhook.go

@@ -73,14 +73,23 @@ type WebhookCAProvider struct {
 	Type WebhookCAProviderType `json:"type"`
 
 	// The name of the object located at the provider type.
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
 	Name string `json:"name"`
 
-	// The key the value inside of the provider type to use, only used with "Secret" type
+	// The key where the CA certificate can be found in the Secret or ConfigMap.
 	// +kubebuilder:validation:Optional
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[-._a-zA-Z0-9]+$
 	Key string `json:"key,omitempty"`
 
 	// The namespace the Provider type is in.
 	// +optional
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=63
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
 	Namespace *string `json:"namespace,omitempty"`
 }
 
@@ -100,8 +109,15 @@ type WebhookSecret struct {
 
 type SecretKeySelector struct {
 	// The name of the Secret resource being referred to.
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
 	Name string `json:"name,omitempty"`
+
 	// The key where the token is found.
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[-._a-zA-Z0-9]+$
 	Key string `json:"key,omitempty"`
 }
 

apis/meta/v1/types.go

@@ -14,29 +14,48 @@ limitations under the License.
 
 package v1
 
-// A reference to a specific 'key' within a Secret resource,
+// A reference to a specific 'key' within a Secret resource.
 // In some instances, `key` is a required field.
 type SecretKeySelector struct {
 	// The name of the Secret resource being referred to.
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
 	Name string `json:"name,omitempty"`
-	// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-	// to the namespace of the referent.
+
+	// The namespace of the Secret resource being referred to.
+	// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
 	// +optional
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=63
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
 	Namespace *string `json:"namespace,omitempty"`
-	// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-	// defaulted, in others it may be required.
+
+	// A key in the referenced Secret.
+	// Some instances of this field may be defaulted, in others it may be required.
 	// +optional
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[-._a-zA-Z0-9]+$
 	Key string `json:"key,omitempty"`
 }
 
 // A reference to a ServiceAccount resource.
 type ServiceAccountSelector struct {
 	// The name of the ServiceAccount resource being referred to.
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
 	Name string `json:"name"`
-	// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-	// to the namespace of the referent.
+
+	// Namespace of the resource being referred to.
+	// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
 	// +optional
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=63
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
 	Namespace *string `json:"namespace,omitempty"`
+
 	// Audience specifies the `aud` claim for the service account token
 	// If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity
 	// then this audiences will be appended to the list

config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml

@@ -68,8 +68,12 @@ spec:
                     type: object
                 type: object
               externalSecretName:
-                description: The name of the external secrets to be created defaults
-                  to the name of the ClusterExternalSecret
+                description: |-
+                  The name of the external secrets to be created.
+                  Defaults to the name of the ClusterExternalSecret
+                maxLength: 253
+                minLength: 1
+                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                 type: string
               externalSecretSpec:
                 description: The spec for the ExternalSecrets to be created
@@ -127,14 +131,16 @@ spec:
                           - key
                           type: object
                         secretKey:
-                          description: |-
-                            SecretKey defines the key in which the controller stores
-                            the value. This is the key in the Kind=Secret
+                          description: The key in the Kubernetes Secret to store the
+                            value.
+                          maxLength: 253
+                          minLength: 1
+                          pattern: ^[-._a-zA-Z0-9]+$
                           type: string
                         sourceRef:
                           description: |-
                             SourceRef allows you to override the source
-                            from which the value will pulled from.
+                            from which the value will be pulled.
                           maxProperties: 1
                           properties:
                             generatorRef:
@@ -155,6 +161,9 @@ spec:
                                   type: string
                                 name:
                                   description: Specify the name of the generator resource
+                                  maxLength: 253
+                                  minLength: 1
+                                  pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                   type: string
                               required:
                               - kind
@@ -168,12 +177,16 @@ spec:
                                   description: |-
                                     Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
                                     Defaults to `SecretStore`
+                                  enum:
+                                  - SecretStore
+                                  - ClusterSecretStore
                                   type: string
                                 name:
                                   description: Name of the SecretStore resource
+                                  maxLength: 253
+                                  minLength: 1
+                                  pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                   type: string
-                              required:
-                              - name
                               type: object
                           type: object
                       required:
@@ -331,6 +344,9 @@ spec:
                                   type: string
                                 name:
                                   description: Specify the name of the generator resource
+                                  maxLength: 253
+                                  minLength: 1
+                                  pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                   type: string
                               required:
                               - kind
@@ -344,12 +360,16 @@ spec:
                                   description: |-
                                     Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
                                     Defaults to `SecretStore`
+                                  enum:
+                                  - SecretStore
+                                  - ClusterSecretStore
                                   type: string
                                 name:
                                   description: Name of the SecretStore resource
+                                  maxLength: 253
+                                  minLength: 1
+                                  pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                   type: string
-                              required:
-                              - name
                               type: object
                           type: object
                       type: object
@@ -371,12 +391,16 @@ spec:
                         description: |-
                           Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
                           Defaults to `SecretStore`
+                        enum:
+                        - SecretStore
+                        - ClusterSecretStore
                         type: string
                       name:
                         description: Name of the SecretStore resource
+                        maxLength: 253
+                        minLength: 1
+                        pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                         type: string
-                    required:
-                    - name
                     type: object
                   target:
                     default:
@@ -389,8 +413,8 @@ spec:
                       creationPolicy:
                         default: Owner
                         description: |-
-                          CreationPolicy defines rules on how to create the resulting Secret
-                          Defaults to 'Owner'
+                          CreationPolicy defines rules on how to create the resulting Secret.
+                          Defaults to "Owner"
                         enum:
                         - Owner
                         - Orphan
@@ -400,8 +424,8 @@ spec:
                       deletionPolicy:
                         default: Retain
                         description: |-
-                          DeletionPolicy defines rules on how to delete the resulting Secret
-                          Defaults to 'Retain'
+                          DeletionPolicy defines rules on how to delete the resulting Secret.
+                          Defaults to "Retain"
                         enum:
                         - Delete
                         - Merge
@@ -413,9 +437,11 @@ spec:
                         type: boolean
                       name:
                         description: |-
-                          Name defines the name of the Secret resource to be managed
-                          This field is immutable
+                          The name of the Secret resource to be managed.
                           Defaults to the .metadata.name of the ExternalSecret resource
+                        maxLength: 253
+                        minLength: 1
+                        pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                         type: string
                       template:
                         description: Template defines a blueprint for the created
@@ -460,9 +486,15 @@ spec:
                                 configMap:
                                   properties:
                                     items:
+                                      description: A list of keys in the ConfigMap/Secret
+                                        to use as templates for Secret data
                                       items:
                                         properties:
                                           key:
+                                            description: A key in the ConfigMap/Secret
+                                            maxLength: 253
+                                            minLength: 1
+                                            pattern: ^[-._a-zA-Z0-9]+$
                                             type: string
                                           templateAs:
                                             default: Values
@@ -475,6 +507,11 @@ spec:
                                         type: object
                                       type: array
                                     name:
+                                      description: The name of the ConfigMap/Secret
+                                        resource
+                                      maxLength: 253
+                                      minLength: 1
+                                      pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                       type: string
                                   required:
                                   - items
@@ -485,9 +522,15 @@ spec:
                                 secret:
                                   properties:
                                     items:
+                                      description: A list of keys in the ConfigMap/Secret
+                                        to use as templates for Secret data
                                       items:
                                         properties:
                                           key:
+                                            description: A key in the ConfigMap/Secret
+                                            maxLength: 253
+                                            minLength: 1
+                                            pattern: ^[-._a-zA-Z0-9]+$
                                             type: string
                                           templateAs:
                                             default: Values
@@ -500,6 +543,11 @@ spec:
                                         type: object
                                       type: array
                                     name:
+                                      description: The name of the ConfigMap/Secret
+                                        resource
+                                      maxLength: 253
+                                      minLength: 1
+                                      pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                       type: string
                                   required:
                                   - items
@@ -624,6 +672,9 @@ spec:
                 description: Choose namespaces by name. This field is ORed with anything
                   that NamespaceSelectors ends up choosing.
                 items:
+                  maxLength: 63
+                  minLength: 1
+                  pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                   type: string
                 type: array
               refreshTime:

config/crds/bases/external-secrets.io_externalsecrets.yaml

@@ -88,6 +88,10 @@ spec:
                       - key
                       type: object
                     secretKey:
+                      description: The key in the Kubernetes Secret to store the value.
+                      maxLength: 253
+                      minLength: 1
+                      pattern: ^[-._a-zA-Z0-9]+$
                       type: string
                   required:
                   - remoteRef
@@ -138,12 +142,16 @@ spec:
                     description: |-
                       Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
                       Defaults to `SecretStore`
+                    enum:
+                    - SecretStore
+                    - ClusterSecretStore
                     type: string
                   name:
                     description: Name of the SecretStore resource
+                    maxLength: 253
+                    minLength: 1
+                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                     type: string
-                required:
-                - name
                 type: object
               target:
                 description: |-
@@ -153,8 +161,8 @@ spec:
                   creationPolicy:
                     default: Owner
                     description: |-
-                      CreationPolicy defines rules on how to create the resulting Secret
-                      Defaults to 'Owner'
+                      CreationPolicy defines rules on how to create the resulting Secret.
+                      Defaults to "Owner"
                     enum:
                     - Owner
                     - Merge
@@ -165,9 +173,11 @@ spec:
                     type: boolean
                   name:
                     description: |-
-                      Name defines the name of the Secret resource to be managed
-                      This field is immutable
+                      The name of the Secret resource to be managed.
                       Defaults to the .metadata.name of the ExternalSecret resource
+                    maxLength: 253
+                    minLength: 1
+                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                     type: string
                   template:
                     description: Template defines a blueprint for the created Secret
@@ -208,15 +218,25 @@ spec:
                             configMap:
                               properties:
                                 items:
+                                  description: A list of keys in the ConfigMap/Secret
+                                    to use as templates for Secret data
                                   items:
                                     properties:
                                       key:
+                                        description: A key in the ConfigMap/Secret
+                                        maxLength: 253
+                                        minLength: 1
+                                        pattern: ^[-._a-zA-Z0-9]+$
                                         type: string
                                     required:
                                     - key
                                     type: object
                                   type: array
                                 name:
+                                  description: The name of the ConfigMap/Secret resource
+                                  maxLength: 253
+                                  minLength: 1
+                                  pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                   type: string
                               required:
                               - items
@@ -225,15 +245,25 @@ spec:
                             secret:
                               properties:
                                 items:
+                                  description: A list of keys in the ConfigMap/Secret
+                                    to use as templates for Secret data
                                   items:
                                     properties:
                                       key:
+                                        description: A key in the ConfigMap/Secret
+                                        maxLength: 253
+                                        minLength: 1
+                                        pattern: ^[-._a-zA-Z0-9]+$
                                         type: string
                                     required:
                                     - key
                                     type: object
                                   type: array
                                 name:
+                                  description: The name of the ConfigMap/Secret resource
+                                  maxLength: 253
+                                  minLength: 1
+                                  pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                   type: string
                               required:
                               - items
@@ -392,14 +422,15 @@ spec:
                       - key
                       type: object
                     secretKey:
-                      description: |-
-                        SecretKey defines the key in which the controller stores
-                        the value. This is the key in the Kind=Secret
+                      description: The key in the Kubernetes Secret to store the value.
+                      maxLength: 253
+                      minLength: 1
+                      pattern: ^[-._a-zA-Z0-9]+$
                       type: string
                     sourceRef:
                       description: |-
                         SourceRef allows you to override the source
-                        from which the value will pulled from.
+                        from which the value will be pulled.
                       maxProperties: 1
                       properties:
                         generatorRef:
@@ -420,6 +451,9 @@ spec:
                               type: string
                             name:
                               description: Specify the name of the generator resource
+                              maxLength: 253
+                              minLength: 1
+                              pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                               type: string
                           required:
                           - kind
@@ -433,12 +467,16 @@ spec:
                               description: |-
                                 Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
                                 Defaults to `SecretStore`
+                              enum:
+                              - SecretStore
+                              - ClusterSecretStore
                               type: string
                             name:
                               description: Name of the SecretStore resource
+                              maxLength: 253
+                              minLength: 1
+                              pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                               type: string
-                          required:
-                          - name
                           type: object
                       type: object
                   required:
@@ -595,6 +633,9 @@ spec:
                               type: string
                             name:
                               description: Specify the name of the generator resource
+                              maxLength: 253
+                              minLength: 1
+                              pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                               type: string
                           required:
                           - kind
@@ -608,12 +649,16 @@ spec:
                               description: |-
                                 Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
                                 Defaults to `SecretStore`
+                              enum:
+                              - SecretStore
+                              - ClusterSecretStore
                               type: string
                             name:
                               description: Name of the SecretStore resource
+                              maxLength: 253
+                              minLength: 1
+                              pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                               type: string
-                          required:
-                          - name
                           type: object
                       type: object
                   type: object
@@ -635,12 +680,16 @@ spec:
                     description: |-
                       Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
                       Defaults to `SecretStore`
+                    enum:
+                    - SecretStore
+                    - ClusterSecretStore
                     type: string
                   name:
                     description: Name of the SecretStore resource
+                    maxLength: 253
+                    minLength: 1
+                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                     type: string
-                required:
-                - name
                 type: object
               target:
                 default:
@@ -653,8 +702,8 @@ spec:
                   creationPolicy:
                     default: Owner
                     description: |-
-                      CreationPolicy defines rules on how to create the resulting Secret
-                      Defaults to 'Owner'
+                      CreationPolicy defines rules on how to create the resulting Secret.
+                      Defaults to "Owner"
                     enum:
                     - Owner
                     - Orphan
@@ -664,8 +713,8 @@ spec:
                   deletionPolicy:
                     default: Retain
                     description: |-
-                      DeletionPolicy defines rules on how to delete the resulting Secret
-                      Defaults to 'Retain'
+                      DeletionPolicy defines rules on how to delete the resulting Secret.
+                      Defaults to "Retain"
                     enum:
                     - Delete
                     - Merge
@@ -676,9 +725,11 @@ spec:
                     type: boolean
                   name:
                     description: |-
-                      Name defines the name of the Secret resource to be managed
-                      This field is immutable
+                      The name of the Secret resource to be managed.
                       Defaults to the .metadata.name of the ExternalSecret resource
+                    maxLength: 253
+                    minLength: 1
+                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                     type: string
                   template:
                     description: Template defines a blueprint for the created Secret
@@ -723,9 +774,15 @@ spec:
                             configMap:
                               properties:
                                 items:
+                                  description: A list of keys in the ConfigMap/Secret
+                                    to use as templates for Secret data
                                   items:
                                     properties:
                                       key:
+                                        description: A key in the ConfigMap/Secret
+                                        maxLength: 253
+                                        minLength: 1
+                                        pattern: ^[-._a-zA-Z0-9]+$
                                         type: string
                                       templateAs:
                                         default: Values
@@ -738,6 +795,10 @@ spec:
                                     type: object
                                   type: array
                                 name:
+                                  description: The name of the ConfigMap/Secret resource
+                                  maxLength: 253
+                                  minLength: 1
+                                  pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                   type: string
                               required:
                               - items
@@ -748,9 +809,15 @@ spec:
                             secret:
                               properties:
                                 items:
+                                  description: A list of keys in the ConfigMap/Secret
+                                    to use as templates for Secret data
                                   items:
                                     properties:
                                       key:
+                                        description: A key in the ConfigMap/Secret
+                                        maxLength: 253
+                                        minLength: 1
+                                        pattern: ^[-._a-zA-Z0-9]+$
                                         type: string
                                       templateAs:
                                         default: Values
@@ -763,6 +830,10 @@ spec:
                                     type: object
                                   type: array
                                 name:
+                                  description: The name of the ConfigMap/Secret resource
+                                  maxLength: 253
+                                  minLength: 1
+                                  pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                   type: string
                               required:
                               - items

config/crds/bases/external-secrets.io_pushsecrets.yaml

@@ -92,8 +92,7 @@ spec:
                 type: array
               deletionPolicy:
                 default: None
-                description: 'Deletion Policy to handle Secrets in the provider. Possible
-                  Values: "Delete/None". Defaults to "None".'
+                description: Deletion Policy to handle Secrets in the provider.
                 enum:
                 - Delete
                 - None
@@ -107,9 +106,11 @@ spec:
                   properties:
                     kind:
                       default: SecretStore
-                      description: |-
-                        Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
-                        Defaults to `SecretStore`
+                      description: Kind of the SecretStore resource (SecretStore or
+                        ClusterSecretStore)
+                      enum:
+                      - SecretStore
+                      - ClusterSecretStore
                       type: string
                     labelSelector:
                       description: Optionally, sync to secret stores with label selector
@@ -160,6 +161,9 @@ spec:
                     name:
                       description: Optionally, sync to the SecretStore of the given
                         name
+                      maxLength: 253
+                      minLength: 1
+                      pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                       type: string
                   type: object
                 type: array
@@ -181,6 +185,9 @@ spec:
                         type: string
                       name:
                         description: Specify the name of the generator resource
+                        maxLength: 253
+                        minLength: 1
+                        pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                         type: string
                     required:
                     - kind
@@ -190,8 +197,12 @@ spec:
                     description: Select a Secret to Push.
                     properties:
                       name:
-                        description: Name of the Secret. The Secret must exist in
-                          the same namespace as the PushSecret manifest.
+                        description: |-
+                          Name of the Secret.
+                          The Secret must exist in the same namespace as the PushSecret manifest.
+                        maxLength: 253
+                        minLength: 1
+                        pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                         type: string
                     required:
                     - name
@@ -239,9 +250,15 @@ spec:
                         configMap:
                           properties:
                             items:
+                              description: A list of keys in the ConfigMap/Secret
+                                to use as templates for Secret data
                               items:
                                 properties:
                                   key:
+                                    description: A key in the ConfigMap/Secret
+                                    maxLength: 253
+                                    minLength: 1
+                                    pattern: ^[-._a-zA-Z0-9]+$
                                     type: string
                                   templateAs:
                                     default: Values
@@ -254,6 +271,10 @@ spec:
                                 type: object
                               type: array
                             name:
+                              description: The name of the ConfigMap/Secret resource
+                              maxLength: 253
+                              minLength: 1
+                              pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                               type: string
                           required:
                           - items
@@ -264,9 +285,15 @@ spec:
                         secret:
                           properties:
                             items:
+                              description: A list of keys in the ConfigMap/Secret
+                                to use as templates for Secret data
                               items:
                                 properties:
                                   key:
+                                    description: A key in the ConfigMap/Secret
+                                    maxLength: 253
+                                    minLength: 1
+                                    pattern: ^[-._a-zA-Z0-9]+$
                                     type: string
                                   templateAs:
                                     default: Values
@@ -279,6 +306,10 @@ spec:
                                 type: object
                               type: array
                             name:
+                              description: The name of the ConfigMap/Secret resource
+                              maxLength: 253
+                              minLength: 1
+                              pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                               type: string
                           required:
                           - items
@@ -298,8 +329,7 @@ spec:
                 type: object
               updatePolicy:
                 default: Replace
-                description: 'UpdatePolicy to handle Secrets in the provider. Possible
-                  Values: "Replace/IfNotExists". Defaults to "Replace".'
+                description: UpdatePolicy to handle Secrets in the provider.
                 enum:
                 - Replace
                 - IfNotExists

config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml

@@ -82,17 +82,26 @@ spec:
                             properties:
                               key:
                                 description: |-
-                                  The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                                  defaulted, in others it may be required.
+                                  A key in the referenced Secret.
+                                  Some instances of this field may be defaulted, in others it may be required.
+                                maxLength: 253
+                                minLength: 1
+                                pattern: ^[-._a-zA-Z0-9]+$
                                 type: string
                               name:
                                 description: The name of the Secret resource being
                                   referred to.
+                                maxLength: 253
+                                minLength: 1
+                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                 type: string
                               namespace:
                                 description: |-
-                                  Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                  to the namespace of the referent.
+                                  The namespace of the Secret resource being referred to.
+                                  Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                maxLength: 63
+                                minLength: 1
+                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                 type: string
                             type: object
                           clientSecret:
@@ -101,17 +110,26 @@ spec:
                             properties:
                               key:
                                 description: |-
-                                  The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                                  defaulted, in others it may be required.
+                                  A key in the referenced Secret.
+                                  Some instances of this field may be defaulted, in others it may be required.
+                                maxLength: 253
+                                minLength: 1
+                                pattern: ^[-._a-zA-Z0-9]+$
                                 type: string
                               name:
                                 description: The name of the Secret resource being
                                   referred to.
+                                maxLength: 253
+                                minLength: 1
+                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                 type: string
                               namespace:
                                 description: |-
-                                  Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                  to the namespace of the referent.
+                                  The namespace of the Secret resource being referred to.
+                                  Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                maxLength: 63
+                                minLength: 1
+                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                 type: string
                             type: object
                         type: object
@@ -138,11 +156,17 @@ spec:
                           name:
                             description: The name of the ServiceAccount resource being
                               referred to.
+                            maxLength: 253
+                            minLength: 1
+                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                             type: string
                           namespace:
                             description: |-
-                              Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                              to the namespace of the referent.
+                              Namespace of the resource being referred to.
+                              Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                            maxLength: 63
+                            minLength: 1
+                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                             type: string
                         required:
                         - name

config/crds/bases/generators.external-secrets.io_clustergenerators.yaml

@@ -79,17 +79,26 @@ spec:
                                     properties:
                                       key:
                                         description: |-
-                                          The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                                          defaulted, in others it may be required.
+                                          A key in the referenced Secret.
+                                          Some instances of this field may be defaulted, in others it may be required.
+                                        maxLength: 253
+                                        minLength: 1
+                                        pattern: ^[-._a-zA-Z0-9]+$
                                         type: string
                                       name:
                                         description: The name of the Secret resource
                                           being referred to.
+                                        maxLength: 253
+                                        minLength: 1
+                                        pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                         type: string
                                       namespace:
                                         description: |-
-                                          Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                          to the namespace of the referent.
+                                          The namespace of the Secret resource being referred to.
+                                          Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                        maxLength: 63
+                                        minLength: 1
+                                        pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                         type: string
                                     type: object
                                   clientSecret:
@@ -98,17 +107,26 @@ spec:
                                     properties:
                                       key:
                                         description: |-
-                                          The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                                          defaulted, in others it may be required.
+                                          A key in the referenced Secret.
+                                          Some instances of this field may be defaulted, in others it may be required.
+                                        maxLength: 253
+                                        minLength: 1
+                                        pattern: ^[-._a-zA-Z0-9]+$
                                         type: string
                                       name:
                                         description: The name of the Secret resource
                                           being referred to.
+                                        maxLength: 253
+                                        minLength: 1
+                                        pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                         type: string
                                       namespace:
                                         description: |-
-                                          Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                          to the namespace of the referent.
+                                          The namespace of the Secret resource being referred to.
+                                          Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                        maxLength: 63
+                                        minLength: 1
+                                        pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                         type: string
                                     type: object
                                 type: object
@@ -135,11 +153,17 @@ spec:
                                   name:
                                     description: The name of the ServiceAccount resource
                                       being referred to.
+                                    maxLength: 253
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                     type: string
                                   namespace:
                                     description: |-
-                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                      to the namespace of the referent.
+                                      Namespace of the resource being referred to.
+                                      Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                    maxLength: 63
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                     type: string
                                 required:
                                 - name
@@ -207,11 +231,17 @@ spec:
                                   name:
                                     description: The name of the ServiceAccount resource
                                       being referred to.
+                                    maxLength: 253
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                     type: string
                                   namespace:
                                     description: |-
-                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                      to the namespace of the referent.
+                                      Namespace of the resource being referred to.
+                                      Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                    maxLength: 63
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                     type: string
                                 required:
                                 - name
@@ -227,17 +257,26 @@ spec:
                                 properties:
                                   key:
                                     description: |-
-                                      The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                                      defaulted, in others it may be required.
+                                      A key in the referenced Secret.
+                                      Some instances of this field may be defaulted, in others it may be required.
+                                    maxLength: 253
+                                    minLength: 1
+                                    pattern: ^[-._a-zA-Z0-9]+$
                                     type: string
                                   name:
                                     description: The name of the Secret resource being
                                       referred to.
+                                    maxLength: 253
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                     type: string
                                   namespace:
                                     description: |-
-                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                      to the namespace of the referent.
+                                      The namespace of the Secret resource being referred to.
+                                      Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                    maxLength: 63
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                     type: string
                                 type: object
                               secretAccessKeySecretRef:
@@ -245,17 +284,26 @@ spec:
                                 properties:
                                   key:
                                     description: |-
-                                      The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                                      defaulted, in others it may be required.
+                                      A key in the referenced Secret.
+                                      Some instances of this field may be defaulted, in others it may be required.
+                                    maxLength: 253
+                                    minLength: 1
+                                    pattern: ^[-._a-zA-Z0-9]+$
                                     type: string
                                   name:
                                     description: The name of the Secret resource being
                                       referred to.
+                                    maxLength: 253
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                     type: string
                                   namespace:
                                     description: |-
-                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                      to the namespace of the referent.
+                                      The namespace of the Secret resource being referred to.
+                                      Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                    maxLength: 63
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                     type: string
                                 type: object
                               sessionTokenSecretRef:
@@ -266,17 +314,26 @@ spec:
                                 properties:
                                   key:
                                     description: |-
-                                      The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                                      defaulted, in others it may be required.
+                                      A key in the referenced Secret.
+                                      Some instances of this field may be defaulted, in others it may be required.
+                                    maxLength: 253
+                                    minLength: 1
+                                    pattern: ^[-._a-zA-Z0-9]+$
                                     type: string
                                   name:
                                     description: The name of the Secret resource being
                                       referred to.
+                                    maxLength: 253
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                     type: string
                                   namespace:
                                     description: |-
-                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                      to the namespace of the referent.
+                                      The namespace of the Secret resource being referred to.
+                                      Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                    maxLength: 63
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                     type: string
                                 type: object
                             type: object
@@ -321,17 +378,26 @@ spec:
                                 properties:
                                   key:
                                     description: |-
-                                      The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                                      defaulted, in others it may be required.
+                                      A key in the referenced Secret.
+                                      Some instances of this field may be defaulted, in others it may be required.
+                                    maxLength: 253
+                                    minLength: 1
+                                    pattern: ^[-._a-zA-Z0-9]+$
                                     type: string
                                   name:
                                     description: The name of the Secret resource being
                                       referred to.
+                                    maxLength: 253
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                     type: string
                                   namespace:
                                     description: |-
-                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                      to the namespace of the referent.
+                                      The namespace of the Secret resource being referred to.
+                                      Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                    maxLength: 63
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                     type: string
                                 type: object
                             type: object
@@ -357,11 +423,17 @@ spec:
                                   name:
                                     description: The name of the ServiceAccount resource
                                       being referred to.
+                                    maxLength: 253
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                     type: string
                                   namespace:
                                     description: |-
-                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                      to the namespace of the referent.
+                                      Namespace of the resource being referred to.
+                                      Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                    maxLength: 63
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                     type: string
                                 required:
                                 - name
@@ -392,22 +464,31 @@ spec:
                             properties:
                               secretRef:
                                 description: |-
-                                  A reference to a specific 'key' within a Secret resource,
+                                  A reference to a specific 'key' within a Secret resource.
                                   In some instances, `key` is a required field.
                                 properties:
                                   key:
                                     description: |-
-                                      The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                                      defaulted, in others it may be required.
+                                      A key in the referenced Secret.
+                                      Some instances of this field may be defaulted, in others it may be required.
+                                    maxLength: 253
+                                    minLength: 1
+                                    pattern: ^[-._a-zA-Z0-9]+$
                                     type: string
                                   name:
                                     description: The name of the Secret resource being
                                       referred to.
+                                    maxLength: 253
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                     type: string
                                   namespace:
                                     description: |-
-                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                      to the namespace of the referent.
+                                      The namespace of the Secret resource being referred to.
+                                      Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                    maxLength: 63
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                     type: string
                                 type: object
                             required:
@@ -501,11 +582,17 @@ spec:
                                   name:
                                     description: The name of the ServiceAccount resource
                                       being referred to.
+                                    maxLength: 253
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                     type: string
                                   namespace:
                                     description: |-
-                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                      to the namespace of the referent.
+                                      Namespace of the resource being referred to.
+                                      Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                    maxLength: 63
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                     type: string
                                 required:
                                 - name
@@ -521,17 +608,26 @@ spec:
                                 properties:
                                   key:
                                     description: |-
-                                      The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                                      defaulted, in others it may be required.
+                                      A key in the referenced Secret.
+                                      Some instances of this field may be defaulted, in others it may be required.
+                                    maxLength: 253
+                                    minLength: 1
+                                    pattern: ^[-._a-zA-Z0-9]+$
                                     type: string
                                   name:
                                     description: The name of the Secret resource being
                                       referred to.
+                                    maxLength: 253
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                     type: string
                                   namespace:
                                     description: |-
-                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                      to the namespace of the referent.
+                                      The namespace of the Secret resource being referred to.
+                                      Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                    maxLength: 63
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                     type: string
                                 type: object
                               secretAccessKeySecretRef:
@@ -539,17 +635,26 @@ spec:
                                 properties:
                                   key:
                                     description: |-
-                                      The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                                      defaulted, in others it may be required.
+                                      A key in the referenced Secret.
+                                      Some instances of this field may be defaulted, in others it may be required.
+                                    maxLength: 253
+                                    minLength: 1
+                                    pattern: ^[-._a-zA-Z0-9]+$
                                     type: string
                                   name:
                                     description: The name of the Secret resource being
                                       referred to.
+                                    maxLength: 253
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                     type: string
                                   namespace:
                                     description: |-
-                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                      to the namespace of the referent.
+                                      The namespace of the Secret resource being referred to.
+                                      Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                    maxLength: 63
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                     type: string
                                 type: object
                               sessionTokenSecretRef:
@@ -560,17 +665,26 @@ spec:
                                 properties:
                                   key:
                                     description: |-
-                                      The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                                      defaulted, in others it may be required.
+                                      A key in the referenced Secret.
+                                      Some instances of this field may be defaulted, in others it may be required.
+                                    maxLength: 253
+                                    minLength: 1
+                                    pattern: ^[-._a-zA-Z0-9]+$
                                     type: string
                                   name:
                                     description: The name of the Secret resource being
                                       referred to.
+                                    maxLength: 253
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                     type: string
                                   namespace:
                                     description: |-
-                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                      to the namespace of the referent.
+                                      The namespace of the Secret resource being referred to.
+                                      Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                    maxLength: 63
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                     type: string
                                 type: object
                             type: object
@@ -661,17 +775,26 @@ spec:
                                     properties:
                                       key:
                                         description: |-
-                                          The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                                          defaulted, in others it may be required.
+                                          A key in the referenced Secret.
+                                          Some instances of this field may be defaulted, in others it may be required.
+                                        maxLength: 253
+                                        minLength: 1
+                                        pattern: ^[-._a-zA-Z0-9]+$
                                         type: string
                                       name:
                                         description: The name of the Secret resource
                                           being referred to.
+                                        maxLength: 253
+                                        minLength: 1
+                                        pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                         type: string
                                       namespace:
                                         description: |-
-                                          Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                          to the namespace of the referent.
+                                          The namespace of the Secret resource being referred to.
+                                          Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                        maxLength: 63
+                                        minLength: 1
+                                        pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                         type: string
                                     type: object
                                   secretRef:
@@ -683,17 +806,26 @@ spec:
                                     properties:
                                       key:
                                         description: |-
-                                          The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                                          defaulted, in others it may be required.
+                                          A key in the referenced Secret.
+                                          Some instances of this field may be defaulted, in others it may be required.
+                                        maxLength: 253
+                                        minLength: 1
+                                        pattern: ^[-._a-zA-Z0-9]+$
                                         type: string
                                       name:
                                         description: The name of the Secret resource
                                           being referred to.
+                                        maxLength: 253
+                                        minLength: 1
+                                        pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                         type: string
                                       namespace:
                                         description: |-
-                                          Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                          to the namespace of the referent.
+                                          The namespace of the Secret resource being referred to.
+                                          Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                        maxLength: 63
+                                        minLength: 1
+                                        pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                         type: string
                                     type: object
                                 required:
@@ -712,17 +844,26 @@ spec:
                                     properties:
                                       key:
                                         description: |-
-                                          The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                                          defaulted, in others it may be required.
+                                          A key in the referenced Secret.
+                                          Some instances of this field may be defaulted, in others it may be required.
+                                        maxLength: 253
+                                        minLength: 1
+                                        pattern: ^[-._a-zA-Z0-9]+$
                                         type: string
                                       name:
                                         description: The name of the Secret resource
                                           being referred to.
+                                        maxLength: 253
+                                        minLength: 1
+                                        pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                         type: string
                                       namespace:
                                         description: |-
-                                          Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                          to the namespace of the referent.
+                                          The namespace of the Secret resource being referred to.
+                                          Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                        maxLength: 63
+                                        minLength: 1
+                                        pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                         type: string
                                     type: object
                                   secretRef:
@@ -732,17 +873,26 @@ spec:
                                     properties:
                                       key:
                                         description: |-
-                                          The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                                          defaulted, in others it may be required.
+                                          A key in the referenced Secret.
+                                          Some instances of this field may be defaulted, in others it may be required.
+                                        maxLength: 253
+                                        minLength: 1
+                                        pattern: ^[-._a-zA-Z0-9]+$
                                         type: string
                                       name:
                                         description: The name of the Secret resource
                                           being referred to.
+                                        maxLength: 253
+                                        minLength: 1
+                                        pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                         type: string
                                       namespace:
                                         description: |-
-                                          Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                          to the namespace of the referent.
+                                          The namespace of the Secret resource being referred to.
+                                          Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                        maxLength: 63
+                                        minLength: 1
+                                        pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                         type: string
                                     type: object
                                 type: object
@@ -774,11 +924,17 @@ spec:
                                           name:
                                             description: The name of the ServiceAccount
                                               resource being referred to.
+                                            maxLength: 253
+                                            minLength: 1
+                                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                             type: string
                                           namespace:
                                             description: |-
-                                              Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                              to the namespace of the referent.
+                                              Namespace of the resource being referred to.
+                                              Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                            maxLength: 63
+                                            minLength: 1
+                                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                             type: string
                                         required:
                                         - name
@@ -803,17 +959,26 @@ spec:
                                         properties:
                                           key:
                                             description: |-
-                                              The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                                              defaulted, in others it may be required.
+                                              A key in the referenced Secret.
+                                              Some instances of this field may be defaulted, in others it may be required.
+                                            maxLength: 253
+                                            minLength: 1
+                                            pattern: ^[-._a-zA-Z0-9]+$
                                             type: string
                                           name:
                                             description: The name of the Secret resource
                                               being referred to.
+                                            maxLength: 253
+                                            minLength: 1
+                                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                             type: string
                                           namespace:
                                             description: |-
-                                              Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                              to the namespace of the referent.
+                                              The namespace of the Secret resource being referred to.
+                                              Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                            maxLength: 63
+                                            minLength: 1
+                                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                             type: string
                                         type: object
                                       secretAccessKeySecretRef:
@@ -822,17 +987,26 @@ spec:
                                         properties:
                                           key:
                                             description: |-
-                                              The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                                              defaulted, in others it may be required.
+                                              A key in the referenced Secret.
+                                              Some instances of this field may be defaulted, in others it may be required.
+                                            maxLength: 253
+                                            minLength: 1
+                                            pattern: ^[-._a-zA-Z0-9]+$
                                             type: string
                                           name:
                                             description: The name of the Secret resource
                                               being referred to.
+                                            maxLength: 253
+                                            minLength: 1
+                                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                             type: string
                                           namespace:
                                             description: |-
-                                              Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                              to the namespace of the referent.
+                                              The namespace of the Secret resource being referred to.
+                                              Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                            maxLength: 63
+                                            minLength: 1
+                                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                             type: string
                                         type: object
                                       sessionTokenSecretRef:
@@ -843,17 +1017,26 @@ spec:
                                         properties:
                                           key:
                                             description: |-
-                                              The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                                              defaulted, in others it may be required.
+                                              A key in the referenced Secret.
+                                              Some instances of this field may be defaulted, in others it may be required.
+                                            maxLength: 253
+                                            minLength: 1
+                                            pattern: ^[-._a-zA-Z0-9]+$
                                             type: string
                                           name:
                                             description: The name of the Secret resource
                                               being referred to.
+                                            maxLength: 253
+                                            minLength: 1
+                                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                             type: string
                                           namespace:
                                             description: |-
-                                              Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                              to the namespace of the referent.
+                                              The namespace of the Secret resource being referred to.
+                                              Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                            maxLength: 63
+                                            minLength: 1
+                                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                             type: string
                                         type: object
                                     type: object
@@ -915,11 +1098,17 @@ spec:
                                           name:
                                             description: The name of the ServiceAccount
                                               resource being referred to.
+                                            maxLength: 253
+                                            minLength: 1
+                                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                             type: string
                                           namespace:
                                             description: |-
-                                              Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                              to the namespace of the referent.
+                                              Namespace of the resource being referred to.
+                                              Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                            maxLength: 63
+                                            minLength: 1
+                                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                             type: string
                                         required:
                                         - name
@@ -945,17 +1134,26 @@ spec:
                                     properties:
                                       key:
                                         description: |-
-                                          The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                                          defaulted, in others it may be required.
+                                          A key in the referenced Secret.
+                                          Some instances of this field may be defaulted, in others it may be required.
+                                        maxLength: 253
+                                        minLength: 1
+                                        pattern: ^[-._a-zA-Z0-9]+$
                                         type: string
                                       name:
                                         description: The name of the Secret resource
                                           being referred to.
+                                        maxLength: 253
+                                        minLength: 1
+                                        pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                         type: string
                                       namespace:
                                         description: |-
-                                          Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                          to the namespace of the referent.
+                                          The namespace of the Secret resource being referred to.
+                                          Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                        maxLength: 63
+                                        minLength: 1
+                                        pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                         type: string
                                     type: object
                                 required:
@@ -986,17 +1184,26 @@ spec:
                                     properties:
                                       key:
                                         description: |-
-                                          The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                                          defaulted, in others it may be required.
+                                          A key in the referenced Secret.
+                                          Some instances of this field may be defaulted, in others it may be required.
+                                        maxLength: 253
+                                        minLength: 1
+                                        pattern: ^[-._a-zA-Z0-9]+$
                                         type: string
                                       name:
                                         description: The name of the Secret resource
                                           being referred to.
+                                        maxLength: 253
+                                        minLength: 1
+                                        pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                         type: string
                                       namespace:
                                         description: |-
-                                          Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                          to the namespace of the referent.
+                                          The namespace of the Secret resource being referred to.
+                                          Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                        maxLength: 63
+                                        minLength: 1
+                                        pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                         type: string
                                     type: object
                                   serviceAccountRef:
@@ -1017,11 +1224,17 @@ spec:
                                       name:
                                         description: The name of the ServiceAccount
                                           resource being referred to.
+                                        maxLength: 253
+                                        minLength: 1
+                                        pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                         type: string
                                       namespace:
                                         description: |-
-                                          Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                          to the namespace of the referent.
+                                          Namespace of the resource being referred to.
+                                          Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                        maxLength: 63
+                                        minLength: 1
+                                        pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                         type: string
                                     required:
                                     - name
@@ -1049,17 +1262,26 @@ spec:
                                     properties:
                                       key:
                                         description: |-
-                                          The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                                          defaulted, in others it may be required.
+                                          A key in the referenced Secret.
+                                          Some instances of this field may be defaulted, in others it may be required.
+                                        maxLength: 253
+                                        minLength: 1
+                                        pattern: ^[-._a-zA-Z0-9]+$
                                         type: string
                                       name:
                                         description: The name of the Secret resource
                                           being referred to.
+                                        maxLength: 253
+                                        minLength: 1
+                                        pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                         type: string
                                       namespace:
                                         description: |-
-                                          Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                          to the namespace of the referent.
+                                          The namespace of the Secret resource being referred to.
+                                          Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                        maxLength: 63
+                                        minLength: 1
+                                        pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                         type: string
                                     type: object
                                   username:
@@ -1085,17 +1307,26 @@ spec:
                                 properties:
                                   key:
                                     description: |-
-                                      The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                                      defaulted, in others it may be required.
+                                      A key in the referenced Secret.
+                                      Some instances of this field may be defaulted, in others it may be required.
+                                    maxLength: 253
+                                    minLength: 1
+                                    pattern: ^[-._a-zA-Z0-9]+$
                                     type: string
                                   name:
                                     description: The name of the Secret resource being
                                       referred to.
+                                    maxLength: 253
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                     type: string
                                   namespace:
                                     description: |-
-                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                      to the namespace of the referent.
+                                      The namespace of the Secret resource being referred to.
+                                      Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                    maxLength: 63
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                     type: string
                                 type: object
                               userPass:
@@ -1116,17 +1347,26 @@ spec:
                                     properties:
                                       key:
                                         description: |-
-                                          The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                                          defaulted, in others it may be required.
+                                          A key in the referenced Secret.
+                                          Some instances of this field may be defaulted, in others it may be required.
+                                        maxLength: 253
+                                        minLength: 1
+                                        pattern: ^[-._a-zA-Z0-9]+$
                                         type: string
                                       name:
                                         description: The name of the Secret resource
                                           being referred to.
+                                        maxLength: 253
+                                        minLength: 1
+                                        pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                         type: string
                                       namespace:
                                         description: |-
-                                          Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                          to the namespace of the referent.
+                                          The namespace of the Secret resource being referred to.
+                                          Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                        maxLength: 63
+                                        minLength: 1
+                                        pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                         type: string
                                     type: object
                                   username:
@@ -1154,15 +1394,24 @@ spec:
                               key:
                                 description: The key where the CA certificate can
                                   be found in the Secret or ConfigMap.
+                                maxLength: 253
+                                minLength: 1
+                                pattern: ^[-._a-zA-Z0-9]+$
                                 type: string
                               name:
                                 description: The name of the object located at the
                                   provider type.
+                                maxLength: 253
+                                minLength: 1
+                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                 type: string
                               namespace:
                                 description: |-
                                   The namespace the Provider type is in.
                                   Can only be defined when used in a ClusterSecretStore.
+                                maxLength: 63
+                                minLength: 1
+                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                 type: string
                               type:
                                 description: The type of provider to use such as "Secret",
@@ -1227,17 +1476,26 @@ spec:
                                 properties:
                                   key:
                                     description: |-
-                                      The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                                      defaulted, in others it may be required.
+                                      A key in the referenced Secret.
+                                      Some instances of this field may be defaulted, in others it may be required.
+                                    maxLength: 253
+                                    minLength: 1
+                                    pattern: ^[-._a-zA-Z0-9]+$
                                     type: string
                                   name:
                                     description: The name of the Secret resource being
                                       referred to.
+                                    maxLength: 253
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                     type: string
                                   namespace:
                                     description: |-
-                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                      to the namespace of the referent.
+                                      The namespace of the Secret resource being referred to.
+                                      Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                    maxLength: 63
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                     type: string
                                 type: object
                               keySecretRef:
@@ -1248,17 +1506,26 @@ spec:
                                 properties:
                                   key:
                                     description: |-
-                                      The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                                      defaulted, in others it may be required.
+                                      A key in the referenced Secret.
+                                      Some instances of this field may be defaulted, in others it may be required.
+                                    maxLength: 253
+                                    minLength: 1
+                                    pattern: ^[-._a-zA-Z0-9]+$
                                     type: string
                                   name:
                                     description: The name of the Secret resource being
                                       referred to.
+                                    maxLength: 253
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                     type: string
                                   namespace:
                                     description: |-
-                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                      to the namespace of the referent.
+                                      The namespace of the Secret resource being referred to.
+                                      Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                    maxLength: 63
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                     type: string
                                 type: object
                             type: object
@@ -1321,15 +1588,24 @@ spec:
                           webhook server certificate.
                         properties:
                           key:
-                            description: The key the value inside of the provider
-                              type to use, only used with "Secret" type
+                            description: The key where the CA certificate can be found
+                              in the Secret or ConfigMap.
+                            maxLength: 253
+                            minLength: 1
+                            pattern: ^[-._a-zA-Z0-9]+$
                             type: string
                           name:
                             description: The name of the object located at the provider
                               type.
+                            maxLength: 253
+                            minLength: 1
+                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                             type: string
                           namespace:
                             description: The namespace the Provider type is in.
+                            maxLength: 63
+                            minLength: 1
+                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                             type: string
                           type:
                             description: The type of provider to use such as "Secret",
@@ -1371,10 +1647,16 @@ spec:
                               properties:
                                 key:
                                   description: The key where the token is found.
+                                  maxLength: 253
+                                  minLength: 1
+                                  pattern: ^[-._a-zA-Z0-9]+$
                                   type: string
                                 name:
                                   description: The name of the Secret resource being
                                     referred to.
+                                  maxLength: 253
+                                  minLength: 1
+                                  pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                   type: string
                               type: object
                           required:

config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml

@@ -70,11 +70,17 @@ spec:
                           name:
                             description: The name of the ServiceAccount resource being
                               referred to.
+                            maxLength: 253
+                            minLength: 1
+                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                             type: string
                           namespace:
                             description: |-
-                              Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                              to the namespace of the referent.
+                              Namespace of the resource being referred to.
+                              Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                            maxLength: 63
+                            minLength: 1
+                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                             type: string
                         required:
                         - name
@@ -90,17 +96,26 @@ spec:
                         properties:
                           key:
                             description: |-
-                              The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                              defaulted, in others it may be required.
+                              A key in the referenced Secret.
+                              Some instances of this field may be defaulted, in others it may be required.
+                            maxLength: 253
+                            minLength: 1
+                            pattern: ^[-._a-zA-Z0-9]+$
                             type: string
                           name:
                             description: The name of the Secret resource being referred
                               to.
+                            maxLength: 253
+                            minLength: 1
+                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                             type: string
                           namespace:
                             description: |-
-                              Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                              to the namespace of the referent.
+                              The namespace of the Secret resource being referred to.
+                              Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                            maxLength: 63
+                            minLength: 1
+                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                             type: string
                         type: object
                       secretAccessKeySecretRef:
@@ -108,17 +123,26 @@ spec:
                         properties:
                           key:
                             description: |-
-                              The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                              defaulted, in others it may be required.
+                              A key in the referenced Secret.
+                              Some instances of this field may be defaulted, in others it may be required.
+                            maxLength: 253
+                            minLength: 1
+                            pattern: ^[-._a-zA-Z0-9]+$
                             type: string
                           name:
                             description: The name of the Secret resource being referred
                               to.
+                            maxLength: 253
+                            minLength: 1
+                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                             type: string
                           namespace:
                             description: |-
-                              Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                              to the namespace of the referent.
+                              The namespace of the Secret resource being referred to.
+                              Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                            maxLength: 63
+                            minLength: 1
+                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                             type: string
                         type: object
                       sessionTokenSecretRef:
@@ -129,17 +153,26 @@ spec:
                         properties:
                           key:
                             description: |-
-                              The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                              defaulted, in others it may be required.
+                              A key in the referenced Secret.
+                              Some instances of this field may be defaulted, in others it may be required.
+                            maxLength: 253
+                            minLength: 1
+                            pattern: ^[-._a-zA-Z0-9]+$
                             type: string
                           name:
                             description: The name of the Secret resource being referred
                               to.
+                            maxLength: 253
+                            minLength: 1
+                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                             type: string
                           namespace:
                             description: |-
-                              Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                              to the namespace of the referent.
+                              The namespace of the Secret resource being referred to.
+                              Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                            maxLength: 63
+                            minLength: 1
+                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                             type: string
                         type: object
                     type: object

config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml

@@ -56,17 +56,26 @@ spec:
                         properties:
                           key:
                             description: |-
-                              The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                              defaulted, in others it may be required.
+                              A key in the referenced Secret.
+                              Some instances of this field may be defaulted, in others it may be required.
+                            maxLength: 253
+                            minLength: 1
+                            pattern: ^[-._a-zA-Z0-9]+$
                             type: string
                           name:
                             description: The name of the Secret resource being referred
                               to.
+                            maxLength: 253
+                            minLength: 1
+                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                             type: string
                           namespace:
                             description: |-
-                              Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                              to the namespace of the referent.
+                              The namespace of the Secret resource being referred to.
+                              Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                            maxLength: 63
+                            minLength: 1
+                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                             type: string
                         type: object
                     type: object
@@ -92,11 +101,17 @@ spec:
                           name:
                             description: The name of the ServiceAccount resource being
                               referred to.
+                            maxLength: 253
+                            minLength: 1
+                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                             type: string
                           namespace:
                             description: |-
-                              Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                              to the namespace of the referent.
+                              Namespace of the resource being referred to.
+                              Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                            maxLength: 63
+                            minLength: 1
+                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                             type: string
                         required:
                         - name

config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml

@@ -53,22 +53,31 @@ spec:
                     properties:
                       secretRef:
                         description: |-
-                          A reference to a specific 'key' within a Secret resource,
+                          A reference to a specific 'key' within a Secret resource.
                           In some instances, `key` is a required field.
                         properties:
                           key:
                             description: |-
-                              The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                              defaulted, in others it may be required.
+                              A key in the referenced Secret.
+                              Some instances of this field may be defaulted, in others it may be required.
+                            maxLength: 253
+                            minLength: 1
+                            pattern: ^[-._a-zA-Z0-9]+$
                             type: string
                           name:
                             description: The name of the Secret resource being referred
                               to.
+                            maxLength: 253
+                            minLength: 1
+                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                             type: string
                           namespace:
                             description: |-
-                              Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                              to the namespace of the referent.
+                              The namespace of the Secret resource being referred to.
+                              Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                            maxLength: 63
+                            minLength: 1
+                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                             type: string
                         type: object
                     required:

config/crds/bases/generators.external-secrets.io_stssessiontokens.yaml

@@ -68,11 +68,17 @@ spec:
                           name:
                             description: The name of the ServiceAccount resource being
                               referred to.
+                            maxLength: 253
+                            minLength: 1
+                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                             type: string
                           namespace:
                             description: |-
-                              Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                              to the namespace of the referent.
+                              Namespace of the resource being referred to.
+                              Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                            maxLength: 63
+                            minLength: 1
+                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                             type: string
                         required:
                         - name
@@ -88,17 +94,26 @@ spec:
                         properties:
                           key:
                             description: |-
-                              The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                              defaulted, in others it may be required.
+                              A key in the referenced Secret.
+                              Some instances of this field may be defaulted, in others it may be required.
+                            maxLength: 253
+                            minLength: 1
+                            pattern: ^[-._a-zA-Z0-9]+$
                             type: string
                           name:
                             description: The name of the Secret resource being referred
                               to.
+                            maxLength: 253
+                            minLength: 1
+                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                             type: string
                           namespace:
                             description: |-
-                              Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                              to the namespace of the referent.
+                              The namespace of the Secret resource being referred to.
+                              Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                            maxLength: 63
+                            minLength: 1
+                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                             type: string
                         type: object
                       secretAccessKeySecretRef:
@@ -106,17 +121,26 @@ spec:
                         properties:
                           key:
                             description: |-
-                              The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                              defaulted, in others it may be required.
+                              A key in the referenced Secret.
+                              Some instances of this field may be defaulted, in others it may be required.
+                            maxLength: 253
+                            minLength: 1
+                            pattern: ^[-._a-zA-Z0-9]+$
                             type: string
                           name:
                             description: The name of the Secret resource being referred
                               to.
+                            maxLength: 253
+                            minLength: 1
+                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                             type: string
                           namespace:
                             description: |-
-                              Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                              to the namespace of the referent.
+                              The namespace of the Secret resource being referred to.
+                              Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                            maxLength: 63
+                            minLength: 1
+                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                             type: string
                         type: object
                       sessionTokenSecretRef:
@@ -127,17 +151,26 @@ spec:
                         properties:
                           key:
                             description: |-
-                              The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                              defaulted, in others it may be required.
+                              A key in the referenced Secret.
+                              Some instances of this field may be defaulted, in others it may be required.
+                            maxLength: 253
+                            minLength: 1
+                            pattern: ^[-._a-zA-Z0-9]+$
                             type: string
                           name:
                             description: The name of the Secret resource being referred
                               to.
+                            maxLength: 253
+                            minLength: 1
+                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                             type: string
                           namespace:
                             description: |-
-                              Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                              to the namespace of the referent.
+                              The namespace of the Secret resource being referred to.
+                              Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                            maxLength: 63
+                            minLength: 1
+                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                             type: string
                         type: object
                     type: object

config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml

@@ -89,17 +89,26 @@ spec:
                             properties:
                               key:
                                 description: |-
-                                  The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                                  defaulted, in others it may be required.
+                                  A key in the referenced Secret.
+                                  Some instances of this field may be defaulted, in others it may be required.
+                                maxLength: 253
+                                minLength: 1
+                                pattern: ^[-._a-zA-Z0-9]+$
                                 type: string
                               name:
                                 description: The name of the Secret resource being
                                   referred to.
+                                maxLength: 253
+                                minLength: 1
+                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                 type: string
                               namespace:
                                 description: |-
-                                  Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                  to the namespace of the referent.
+                                  The namespace of the Secret resource being referred to.
+                                  Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                maxLength: 63
+                                minLength: 1
+                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                 type: string
                             type: object
                           secretRef:
@@ -111,17 +120,26 @@ spec:
                             properties:
                               key:
                                 description: |-
-                                  The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                                  defaulted, in others it may be required.
+                                  A key in the referenced Secret.
+                                  Some instances of this field may be defaulted, in others it may be required.
+                                maxLength: 253
+                                minLength: 1
+                                pattern: ^[-._a-zA-Z0-9]+$
                                 type: string
                               name:
                                 description: The name of the Secret resource being
                                   referred to.
+                                maxLength: 253
+                                minLength: 1
+                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                 type: string
                               namespace:
                                 description: |-
-                                  Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                  to the namespace of the referent.
+                                  The namespace of the Secret resource being referred to.
+                                  Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                maxLength: 63
+                                minLength: 1
+                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                 type: string
                             type: object
                         required:
@@ -140,17 +158,26 @@ spec:
                             properties:
                               key:
                                 description: |-
-                                  The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                                  defaulted, in others it may be required.
+                                  A key in the referenced Secret.
+                                  Some instances of this field may be defaulted, in others it may be required.
+                                maxLength: 253
+                                minLength: 1
+                                pattern: ^[-._a-zA-Z0-9]+$
                                 type: string
                               name:
                                 description: The name of the Secret resource being
                                   referred to.
+                                maxLength: 253
+                                minLength: 1
+                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                 type: string
                               namespace:
                                 description: |-
-                                  Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                  to the namespace of the referent.
+                                  The namespace of the Secret resource being referred to.
+                                  Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                maxLength: 63
+                                minLength: 1
+                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                 type: string
                             type: object
                           secretRef:
@@ -160,17 +187,26 @@ spec:
                             properties:
                               key:
                                 description: |-
-                                  The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                                  defaulted, in others it may be required.
+                                  A key in the referenced Secret.
+                                  Some instances of this field may be defaulted, in others it may be required.
+                                maxLength: 253
+                                minLength: 1
+                                pattern: ^[-._a-zA-Z0-9]+$
                                 type: string
                               name:
                                 description: The name of the Secret resource being
                                   referred to.
+                                maxLength: 253
+                                minLength: 1
+                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                 type: string
                               namespace:
                                 description: |-
-                                  Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                  to the namespace of the referent.
+                                  The namespace of the Secret resource being referred to.
+                                  Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                maxLength: 63
+                                minLength: 1
+                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                 type: string
                             type: object
                         type: object
@@ -199,11 +235,17 @@ spec:
                                   name:
                                     description: The name of the ServiceAccount resource
                                       being referred to.
+                                    maxLength: 253
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                     type: string
                                   namespace:
                                     description: |-
-                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                      to the namespace of the referent.
+                                      Namespace of the resource being referred to.
+                                      Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                    maxLength: 63
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                     type: string
                                 required:
                                 - name
@@ -228,17 +270,26 @@ spec:
                                 properties:
                                   key:
                                     description: |-
-                                      The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                                      defaulted, in others it may be required.
+                                      A key in the referenced Secret.
+                                      Some instances of this field may be defaulted, in others it may be required.
+                                    maxLength: 253
+                                    minLength: 1
+                                    pattern: ^[-._a-zA-Z0-9]+$
                                     type: string
                                   name:
                                     description: The name of the Secret resource being
                                       referred to.
+                                    maxLength: 253
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                     type: string
                                   namespace:
                                     description: |-
-                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                      to the namespace of the referent.
+                                      The namespace of the Secret resource being referred to.
+                                      Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                    maxLength: 63
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                     type: string
                                 type: object
                               secretAccessKeySecretRef:
@@ -246,17 +297,26 @@ spec:
                                 properties:
                                   key:
                                     description: |-
-                                      The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                                      defaulted, in others it may be required.
+                                      A key in the referenced Secret.
+                                      Some instances of this field may be defaulted, in others it may be required.
+                                    maxLength: 253
+                                    minLength: 1
+                                    pattern: ^[-._a-zA-Z0-9]+$
                                     type: string
                                   name:
                                     description: The name of the Secret resource being
                                       referred to.
+                                    maxLength: 253
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                     type: string
                                   namespace:
                                     description: |-
-                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                      to the namespace of the referent.
+                                      The namespace of the Secret resource being referred to.
+                                      Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                    maxLength: 63
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                     type: string
                                 type: object
                               sessionTokenSecretRef:
@@ -267,17 +327,26 @@ spec:
                                 properties:
                                   key:
                                     description: |-
-                                      The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                                      defaulted, in others it may be required.
+                                      A key in the referenced Secret.
+                                      Some instances of this field may be defaulted, in others it may be required.
+                                    maxLength: 253
+                                    minLength: 1
+                                    pattern: ^[-._a-zA-Z0-9]+$
                                     type: string
                                   name:
                                     description: The name of the Secret resource being
                                       referred to.
+                                    maxLength: 253
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                     type: string
                                   namespace:
                                     description: |-
-                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                      to the namespace of the referent.
+                                      The namespace of the Secret resource being referred to.
+                                      Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                    maxLength: 63
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                     type: string
                                 type: object
                             type: object
@@ -338,11 +407,17 @@ spec:
                                   name:
                                     description: The name of the ServiceAccount resource
                                       being referred to.
+                                    maxLength: 253
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                     type: string
                                   namespace:
                                     description: |-
-                                      Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                      to the namespace of the referent.
+                                      Namespace of the resource being referred to.
+                                      Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                    maxLength: 63
+                                    minLength: 1
+                                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                     type: string
                                 required:
                                 - name
@@ -368,17 +443,26 @@ spec:
                             properties:
                               key:
                                 description: |-
-                                  The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                                  defaulted, in others it may be required.
+                                  A key in the referenced Secret.
+                                  Some instances of this field may be defaulted, in others it may be required.
+                                maxLength: 253
+                                minLength: 1
+                                pattern: ^[-._a-zA-Z0-9]+$
                                 type: string
                               name:
                                 description: The name of the Secret resource being
                                   referred to.
+                                maxLength: 253
+                                minLength: 1
+                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                 type: string
                               namespace:
                                 description: |-
-                                  Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                  to the namespace of the referent.
+                                  The namespace of the Secret resource being referred to.
+                                  Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                maxLength: 63
+                                minLength: 1
+                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                 type: string
                             type: object
                         required:
@@ -409,17 +493,26 @@ spec:
                             properties:
                               key:
                                 description: |-
-                                  The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                                  defaulted, in others it may be required.
+                                  A key in the referenced Secret.
+                                  Some instances of this field may be defaulted, in others it may be required.
+                                maxLength: 253
+                                minLength: 1
+                                pattern: ^[-._a-zA-Z0-9]+$
                                 type: string
                               name:
                                 description: The name of the Secret resource being
                                   referred to.
+                                maxLength: 253
+                                minLength: 1
+                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                 type: string
                               namespace:
                                 description: |-
-                                  Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                  to the namespace of the referent.
+                                  The namespace of the Secret resource being referred to.
+                                  Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                maxLength: 63
+                                minLength: 1
+                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                 type: string
                             type: object
                           serviceAccountRef:
@@ -440,11 +533,17 @@ spec:
                               name:
                                 description: The name of the ServiceAccount resource
                                   being referred to.
+                                maxLength: 253
+                                minLength: 1
+                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                 type: string
                               namespace:
                                 description: |-
-                                  Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                  to the namespace of the referent.
+                                  Namespace of the resource being referred to.
+                                  Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                maxLength: 63
+                                minLength: 1
+                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                 type: string
                             required:
                             - name
@@ -472,17 +571,26 @@ spec:
                             properties:
                               key:
                                 description: |-
-                                  The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                                  defaulted, in others it may be required.
+                                  A key in the referenced Secret.
+                                  Some instances of this field may be defaulted, in others it may be required.
+                                maxLength: 253
+                                minLength: 1
+                                pattern: ^[-._a-zA-Z0-9]+$
                                 type: string
                               name:
                                 description: The name of the Secret resource being
                                   referred to.
+                                maxLength: 253
+                                minLength: 1
+                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                 type: string
                               namespace:
                                 description: |-
-                                  Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                  to the namespace of the referent.
+                                  The namespace of the Secret resource being referred to.
+                                  Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                maxLength: 63
+                                minLength: 1
+                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                 type: string
                             type: object
                           username:
@@ -508,17 +616,26 @@ spec:
                         properties:
                           key:
                             description: |-
-                              The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                              defaulted, in others it may be required.
+                              A key in the referenced Secret.
+                              Some instances of this field may be defaulted, in others it may be required.
+                            maxLength: 253
+                            minLength: 1
+                            pattern: ^[-._a-zA-Z0-9]+$
                             type: string
                           name:
                             description: The name of the Secret resource being referred
                               to.
+                            maxLength: 253
+                            minLength: 1
+                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                             type: string
                           namespace:
                             description: |-
-                              Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                              to the namespace of the referent.
+                              The namespace of the Secret resource being referred to.
+                              Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                            maxLength: 63
+                            minLength: 1
+                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                             type: string
                         type: object
                       userPass:
@@ -539,17 +656,26 @@ spec:
                             properties:
                               key:
                                 description: |-
-                                  The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                                  defaulted, in others it may be required.
+                                  A key in the referenced Secret.
+                                  Some instances of this field may be defaulted, in others it may be required.
+                                maxLength: 253
+                                minLength: 1
+                                pattern: ^[-._a-zA-Z0-9]+$
                                 type: string
                               name:
                                 description: The name of the Secret resource being
                                   referred to.
+                                maxLength: 253
+                                minLength: 1
+                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                 type: string
                               namespace:
                                 description: |-
-                                  Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                                  to the namespace of the referent.
+                                  The namespace of the Secret resource being referred to.
+                                  Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                                maxLength: 63
+                                minLength: 1
+                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                 type: string
                             type: object
                           username:
@@ -577,15 +703,24 @@ spec:
                       key:
                         description: The key where the CA certificate can be found
                           in the Secret or ConfigMap.
+                        maxLength: 253
+                        minLength: 1
+                        pattern: ^[-._a-zA-Z0-9]+$
                         type: string
                       name:
                         description: The name of the object located at the provider
                           type.
+                        maxLength: 253
+                        minLength: 1
+                        pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                         type: string
                       namespace:
                         description: |-
                           The namespace the Provider type is in.
                           Can only be defined when used in a ClusterSecretStore.
+                        maxLength: 63
+                        minLength: 1
+                        pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                         type: string
                       type:
                         description: The type of provider to use such as "Secret",
@@ -650,17 +785,26 @@ spec:
                         properties:
                           key:
                             description: |-
-                              The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                              defaulted, in others it may be required.
+                              A key in the referenced Secret.
+                              Some instances of this field may be defaulted, in others it may be required.
+                            maxLength: 253
+                            minLength: 1
+                            pattern: ^[-._a-zA-Z0-9]+$
                             type: string
                           name:
                             description: The name of the Secret resource being referred
                               to.
+                            maxLength: 253
+                            minLength: 1
+                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                             type: string
                           namespace:
                             description: |-
-                              Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                              to the namespace of the referent.
+                              The namespace of the Secret resource being referred to.
+                              Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                            maxLength: 63
+                            minLength: 1
+                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                             type: string
                         type: object
                       keySecretRef:
@@ -671,17 +815,26 @@ spec:
                         properties:
                           key:
                             description: |-
-                              The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
-                              defaulted, in others it may be required.
+                              A key in the referenced Secret.
+                              Some instances of this field may be defaulted, in others it may be required.
+                            maxLength: 253
+                            minLength: 1
+                            pattern: ^[-._a-zA-Z0-9]+$
                             type: string
                           name:
                             description: The name of the Secret resource being referred
                               to.
+                            maxLength: 253
+                            minLength: 1
+                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                             type: string
                           namespace:
                             description: |-
-                              Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
-                              to the namespace of the referent.
+                              The namespace of the Secret resource being referred to.
+                              Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                            maxLength: 63
+                            minLength: 1
+                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                             type: string
                         type: object
                     type: object

config/crds/bases/generators.external-secrets.io_webhooks.yaml

@@ -67,14 +67,23 @@ spec:
                   server certificate.
                 properties:
                   key:
-                    description: The key the value inside of the provider type to
-                      use, only used with "Secret" type
+                    description: The key where the CA certificate can be found in
+                      the Secret or ConfigMap.
+                    maxLength: 253
+                    minLength: 1
+                    pattern: ^[-._a-zA-Z0-9]+$
                     type: string
                   name:
                     description: The name of the object located at the provider type.
+                    maxLength: 253
+                    minLength: 1
+                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                     type: string
                   namespace:
                     description: The namespace the Provider type is in.
+                    maxLength: 63
+                    minLength: 1
+                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                     type: string
                   type:
                     description: The type of provider to use such as "Secret", or
@@ -116,10 +125,16 @@ spec:
                       properties:
                         key:
                           description: The key where the token is found.
+                          maxLength: 253
+                          minLength: 1
+                          pattern: ^[-._a-zA-Z0-9]+$
                           type: string
                         name:
                           description: The name of the Secret resource being referred
                             to.
+                          maxLength: 253
+                          minLength: 1
+                          pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                           type: string
                       type: object
                   required:

docs/api/spec.md

@@ -1747,7 +1747,8 @@ string
 </td>
 <td>
 <em>(Optional)</em>
-<p>The name of the external secrets to be created defaults to the name of the ClusterExternalSecret</p>
+<p>The name of the external secrets to be created.
+Defaults to the name of the ClusterExternalSecret</p>
 </td>
 </tr>
 <tr>
@@ -1935,7 +1936,8 @@ string
 </td>
 <td>
 <em>(Optional)</em>
-<p>The name of the external secrets to be created defaults to the name of the ClusterExternalSecret</p>
+<p>The name of the external secrets to be created.
+Defaults to the name of the ClusterExternalSecret</p>
 </td>
 </tr>
 <tr>
@@ -3156,8 +3158,7 @@ string
 </em>
 </td>
 <td>
-<p>SecretKey defines the key in which the controller stores
-the value. This is the key in the Kind=Secret</p>
+<p>The key in the Kubernetes Secret to store the value.</p>
 </td>
 </tr>
 <tr>
@@ -3185,7 +3186,7 @@ StoreSourceRef
 </td>
 <td>
 <p>SourceRef allows you to override the source
-from which the value will pulled from.</p>
+from which the value will be pulled.</p>
 </td>
 </tr>
 </tbody>
@@ -3958,8 +3959,7 @@ string
 </td>
 <td>
 <em>(Optional)</em>
-<p>Name defines the name of the Secret resource to be managed
-This field is immutable
+<p>The name of the Secret resource to be managed.
 Defaults to the .metadata.name of the ExternalSecret resource</p>
 </td>
 </tr>
@@ -3974,8 +3974,8 @@ ExternalSecretCreationPolicy
 </td>
 <td>
 <em>(Optional)</em>
-<p>CreationPolicy defines rules on how to create the resulting Secret
-Defaults to &lsquo;Owner&rsquo;</p>
+<p>CreationPolicy defines rules on how to create the resulting Secret.
+Defaults to &ldquo;Owner&rdquo;</p>
 </td>
 </tr>
 <tr>
@@ -3989,8 +3989,8 @@ ExternalSecretDeletionPolicy
 </td>
 <td>
 <em>(Optional)</em>
-<p>DeletionPolicy defines rules on how to delete the resulting Secret
-Defaults to &lsquo;Retain&rsquo;</p>
+<p>DeletionPolicy defines rules on how to delete the resulting Secret.
+Defaults to &ldquo;Retain&rdquo;</p>
 </td>
 </tr>
 <tr>
@@ -7827,6 +7827,7 @@ string
 </em>
 </td>
 <td>
+<p>The name of the ConfigMap/Secret resource</p>
 </td>
 </tr>
 <tr>
@@ -7839,6 +7840,7 @@ string
 </em>
 </td>
 <td>
+<p>A list of keys in the ConfigMap/Secret to use as templates for Secret data</p>
 </td>
 </tr>
 </tbody>
@@ -7867,6 +7869,7 @@ string
 </em>
 </td>
 <td>
+<p>A key in the ConfigMap/Secret</p>
 </td>
 </tr>
 <tr>
@@ -9187,7 +9190,7 @@ string
 </em>
 </td>
 <td>
-<p>The key the value inside of the provider type to use, only used with &ldquo;Secret&rdquo; type</p>
+<p>The key where the CA certificate can be found in the Secret or ConfigMap.</p>
 </td>
 </tr>
 <tr>