refactor keeper auth configuration (#2052)

Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>

apis/externalsecrets/v1beta1/secretstore_keepersecurity_types.go

@@ -18,18 +18,7 @@ import smmeta "github.com/external-secrets/external-secrets/apis/meta/v1"
 
 // KeeperSecurityProvider Configures a store to sync secrets using Keeper Security.
 type KeeperSecurityProvider struct {
-	Auth *KeeperSecurityAuth `json:"auth"`
-
-	// Keeper Url from which the secrets to be fetched from.
-	Hostname string `json:"hostname"`
-	FolderID string `json:"folderID"`
-}
-
-// KeeperSecurityAuth Configuration used to authenticate with KeeperSecurity.
-type KeeperSecurityAuth struct {
-	AppKey            smmeta.SecretKeySelector `json:"appKeySecretRef"`
-	AppOwnerPublicKey smmeta.SecretKeySelector `json:"appOwnerPublicKeySecretRef"`
-	ClientID          smmeta.SecretKeySelector `json:"clientIdSecretRef"`
-	PrivateKey        smmeta.SecretKeySelector `json:"privateKeySecretRef"`
-	ServerPublicKeyID smmeta.SecretKeySelector `json:"serverPublicKeyIdSecretRef"`
+	Auth     smmeta.SecretKeySelector `json:"authRef"`
+	Hostname string                   `json:"hostname"`
+	FolderID string                   `json:"folderID"`
 }

apis/externalsecrets/v1beta1/zz_generated.deepcopy.go

@@ -1292,33 +1292,9 @@ func (in *IBMProvider) DeepCopy() *IBMProvider {
 }
 
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *KeeperSecurityAuth) DeepCopyInto(out *KeeperSecurityAuth) {
-	*out = *in
-	in.AppKey.DeepCopyInto(&out.AppKey)
-	in.AppOwnerPublicKey.DeepCopyInto(&out.AppOwnerPublicKey)
-	in.ClientID.DeepCopyInto(&out.ClientID)
-	in.PrivateKey.DeepCopyInto(&out.PrivateKey)
-	in.ServerPublicKeyID.DeepCopyInto(&out.ServerPublicKeyID)
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeeperSecurityAuth.
-func (in *KeeperSecurityAuth) DeepCopy() *KeeperSecurityAuth {
-	if in == nil {
-		return nil
-	}
-	out := new(KeeperSecurityAuth)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *KeeperSecurityProvider) DeepCopyInto(out *KeeperSecurityProvider) {
 	*out = *in
-	if in.Auth != nil {
-		in, out := &in.Auth, &out.Auth
-		*out = new(KeeperSecurityAuth)
-		(*in).DeepCopyInto(*out)
-	}
+	in.Auth.DeepCopyInto(&out.Auth)
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeeperSecurityProvider.

config/crds/bases/external-secrets.io_clustersecretstores.yaml

@@ -2367,125 +2367,31 @@ spec:
                     description: KeeperSecurity configures this store to sync secrets
                       using the KeeperSecurity provider
                     properties:
-                      auth:
-                        description: KeeperSecurityAuth Configuration used to authenticate
-                          with KeeperSecurity.
+                      authRef:
+                        description: A reference to a specific 'key' within a Secret
+                          resource, In some instances, `key` is a required field.
                         properties:
-                          appKeySecretRef:
-                            description: A reference to a specific 'key' within a
-                              Secret resource, In some instances, `key` is a required
-                              field.
-                            properties:
-                              key:
-                                description: The key of the entry in the Secret resource's
-                                  `data` field to be used. Some instances of this
-                                  field may be defaulted, in others it may be required.
-                                type: string
-                              name:
-                                description: The name of the Secret resource being
-                                  referred to.
-                                type: string
-                              namespace:
-                                description: Namespace of the resource being referred
-                                  to. Ignored if referent is not cluster-scoped. cluster-scoped
-                                  defaults to the namespace of the referent.
-                                type: string
-                            type: object
-                          appOwnerPublicKeySecretRef:
-                            description: A reference to a specific 'key' within a
-                              Secret resource, In some instances, `key` is a required
-                              field.
-                            properties:
-                              key:
-                                description: The key of the entry in the Secret resource's
-                                  `data` field to be used. Some instances of this
-                                  field may be defaulted, in others it may be required.
-                                type: string
-                              name:
-                                description: The name of the Secret resource being
-                                  referred to.
-                                type: string
-                              namespace:
-                                description: Namespace of the resource being referred
-                                  to. Ignored if referent is not cluster-scoped. cluster-scoped
-                                  defaults to the namespace of the referent.
-                                type: string
-                            type: object
-                          clientIdSecretRef:
-                            description: A reference to a specific 'key' within a
-                              Secret resource, In some instances, `key` is a required
-                              field.
-                            properties:
-                              key:
-                                description: The key of the entry in the Secret resource's
-                                  `data` field to be used. Some instances of this
-                                  field may be defaulted, in others it may be required.
-                                type: string
-                              name:
-                                description: The name of the Secret resource being
-                                  referred to.
-                                type: string
-                              namespace:
-                                description: Namespace of the resource being referred
-                                  to. Ignored if referent is not cluster-scoped. cluster-scoped
-                                  defaults to the namespace of the referent.
-                                type: string
-                            type: object
-                          privateKeySecretRef:
-                            description: A reference to a specific 'key' within a
-                              Secret resource, In some instances, `key` is a required
-                              field.
-                            properties:
-                              key:
-                                description: The key of the entry in the Secret resource's
-                                  `data` field to be used. Some instances of this
-                                  field may be defaulted, in others it may be required.
-                                type: string
-                              name:
-                                description: The name of the Secret resource being
-                                  referred to.
-                                type: string
-                              namespace:
-                                description: Namespace of the resource being referred
-                                  to. Ignored if referent is not cluster-scoped. cluster-scoped
-                                  defaults to the namespace of the referent.
-                                type: string
-                            type: object
-                          serverPublicKeyIdSecretRef:
-                            description: A reference to a specific 'key' within a
-                              Secret resource, In some instances, `key` is a required
-                              field.
-                            properties:
-                              key:
-                                description: The key of the entry in the Secret resource's
-                                  `data` field to be used. Some instances of this
-                                  field may be defaulted, in others it may be required.
-                                type: string
-                              name:
-                                description: The name of the Secret resource being
-                                  referred to.
-                                type: string
-                              namespace:
-                                description: Namespace of the resource being referred
-                                  to. Ignored if referent is not cluster-scoped. cluster-scoped
-                                  defaults to the namespace of the referent.
-                                type: string
-                            type: object
-                        required:
-                        - appKeySecretRef
-                        - appOwnerPublicKeySecretRef
-                        - clientIdSecretRef
-                        - privateKeySecretRef
-                        - serverPublicKeyIdSecretRef
+                          key:
+                            description: The key of the entry in the Secret resource's
+                              `data` field to be used. Some instances of this field
+                              may be defaulted, in others it may be required.
+                            type: string
+                          name:
+                            description: The name of the Secret resource being referred
+                              to.
+                            type: string
+                          namespace:
+                            description: Namespace of the resource being referred
+                              to. Ignored if referent is not cluster-scoped. cluster-scoped
+                              defaults to the namespace of the referent.
+                            type: string
                         type: object
                       folderID:
                         type: string
                       hostname:
-                        description: Keeper Url from which the secrets to be fetched
-                          from.
                         type: string
                     required:
-                    - auth
+                    - authRef
                     - folderID
                     - hostname
                     type: object

config/crds/bases/external-secrets.io_secretstores.yaml

@@ -2367,125 +2367,31 @@ spec:
                     description: KeeperSecurity configures this store to sync secrets
                       using the KeeperSecurity provider
                     properties:
-                      auth:
-                        description: KeeperSecurityAuth Configuration used to authenticate
-                          with KeeperSecurity.
+                      authRef:
+                        description: A reference to a specific 'key' within a Secret
+                          resource, In some instances, `key` is a required field.
                         properties:
-                          appKeySecretRef:
-                            description: A reference to a specific 'key' within a
-                              Secret resource, In some instances, `key` is a required
-                              field.
-                            properties:
-                              key:
-                                description: The key of the entry in the Secret resource's
-                                  `data` field to be used. Some instances of this
-                                  field may be defaulted, in others it may be required.
-                                type: string
-                              name:
-                                description: The name of the Secret resource being
-                                  referred to.
-                                type: string
-                              namespace:
-                                description: Namespace of the resource being referred
-                                  to. Ignored if referent is not cluster-scoped. cluster-scoped
-                                  defaults to the namespace of the referent.
-                                type: string
-                            type: object
-                          appOwnerPublicKeySecretRef:
-                            description: A reference to a specific 'key' within a
-                              Secret resource, In some instances, `key` is a required
-                              field.
-                            properties:
-                              key:
-                                description: The key of the entry in the Secret resource's
-                                  `data` field to be used. Some instances of this
-                                  field may be defaulted, in others it may be required.
-                                type: string
-                              name:
-                                description: The name of the Secret resource being
-                                  referred to.
-                                type: string
-                              namespace:
-                                description: Namespace of the resource being referred
-                                  to. Ignored if referent is not cluster-scoped. cluster-scoped
-                                  defaults to the namespace of the referent.
-                                type: string
-                            type: object
-                          clientIdSecretRef:
-                            description: A reference to a specific 'key' within a
-                              Secret resource, In some instances, `key` is a required
-                              field.
-                            properties:
-                              key:
-                                description: The key of the entry in the Secret resource's
-                                  `data` field to be used. Some instances of this
-                                  field may be defaulted, in others it may be required.
-                                type: string
-                              name:
-                                description: The name of the Secret resource being
-                                  referred to.
-                                type: string
-                              namespace:
-                                description: Namespace of the resource being referred
-                                  to. Ignored if referent is not cluster-scoped. cluster-scoped
-                                  defaults to the namespace of the referent.
-                                type: string
-                            type: object
-                          privateKeySecretRef:
-                            description: A reference to a specific 'key' within a
-                              Secret resource, In some instances, `key` is a required
-                              field.
-                            properties:
-                              key:
-                                description: The key of the entry in the Secret resource's
-                                  `data` field to be used. Some instances of this
-                                  field may be defaulted, in others it may be required.
-                                type: string
-                              name:
-                                description: The name of the Secret resource being
-                                  referred to.
-                                type: string
-                              namespace:
-                                description: Namespace of the resource being referred
-                                  to. Ignored if referent is not cluster-scoped. cluster-scoped
-                                  defaults to the namespace of the referent.
-                                type: string
-                            type: object
-                          serverPublicKeyIdSecretRef:
-                            description: A reference to a specific 'key' within a
-                              Secret resource, In some instances, `key` is a required
-                              field.
-                            properties:
-                              key:
-                                description: The key of the entry in the Secret resource's
-                                  `data` field to be used. Some instances of this
-                                  field may be defaulted, in others it may be required.
-                                type: string
-                              name:
-                                description: The name of the Secret resource being
-                                  referred to.
-                                type: string
-                              namespace:
-                                description: Namespace of the resource being referred
-                                  to. Ignored if referent is not cluster-scoped. cluster-scoped
-                                  defaults to the namespace of the referent.
-                                type: string
-                            type: object
-                        required:
-                        - appKeySecretRef
-                        - appOwnerPublicKeySecretRef
-                        - clientIdSecretRef
-                        - privateKeySecretRef
-                        - serverPublicKeyIdSecretRef
+                          key:
+                            description: The key of the entry in the Secret resource's
+                              `data` field to be used. Some instances of this field
+                              may be defaulted, in others it may be required.
+                            type: string
+                          name:
+                            description: The name of the Secret resource being referred
+                              to.
+                            type: string
+                          namespace:
+                            description: Namespace of the resource being referred
+                              to. Ignored if referent is not cluster-scoped. cluster-scoped
+                              defaults to the namespace of the referent.
+                            type: string
                         type: object
                       folderID:
                         type: string
                       hostname:
-                        description: Keeper Url from which the secrets to be fetched
-                          from.
                         type: string
                     required:
-                    - auth
+                    - authRef
                     - folderID
                     - hostname
                     type: object

deploy/crds/bundle.yaml

@@ -2176,88 +2176,25 @@ spec:
                     keepersecurity:
                       description: KeeperSecurity configures this store to sync secrets using the KeeperSecurity provider
                       properties:
-                        auth:
-                          description: KeeperSecurityAuth Configuration used to authenticate with KeeperSecurity.
+                        authRef:
+                          description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
                           properties:
-                            appKeySecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
-                              properties:
-                                key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
-                                  type: string
-                                name:
-                                  description: The name of the Secret resource being referred to.
-                                  type: string
-                                namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
-                                  type: string
-                              type: object
-                            appOwnerPublicKeySecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
-                              properties:
-                                key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
-                                  type: string
-                                name:
-                                  description: The name of the Secret resource being referred to.
-                                  type: string
-                                namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
-                                  type: string
-                              type: object
-                            clientIdSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
-                              properties:
-                                key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
-                                  type: string
-                                name:
-                                  description: The name of the Secret resource being referred to.
-                                  type: string
-                                namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
-                                  type: string
-                              type: object
-                            privateKeySecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
-                              properties:
-                                key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
-                                  type: string
-                                name:
-                                  description: The name of the Secret resource being referred to.
-                                  type: string
-                                namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
-                                  type: string
-                              type: object
-                            serverPublicKeyIdSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
-                              properties:
-                                key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
-                                  type: string
-                                name:
-                                  description: The name of the Secret resource being referred to.
-                                  type: string
-                                namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
-                                  type: string
-                              type: object
-                          required:
-                            - appKeySecretRef
-                            - appOwnerPublicKeySecretRef
-                            - clientIdSecretRef
-                            - privateKeySecretRef
-                            - serverPublicKeyIdSecretRef
+                            key:
+                              description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                              type: string
+                            name:
+                              description: The name of the Secret resource being referred to.
+                              type: string
+                            namespace:
+                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              type: string
                           type: object
                         folderID:
                           type: string
                         hostname:
-                          description: Keeper Url from which the secrets to be fetched from.
                           type: string
                       required:
-                        - auth
+                        - authRef
                         - folderID
                         - hostname
                       type: object
@@ -5557,88 +5494,25 @@ spec:
                     keepersecurity:
                       description: KeeperSecurity configures this store to sync secrets using the KeeperSecurity provider
                       properties:
-                        auth:
-                          description: KeeperSecurityAuth Configuration used to authenticate with KeeperSecurity.
+                        authRef:
+                          description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
                           properties:
-                            appKeySecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
-                              properties:
-                                key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
-                                  type: string
-                                name:
-                                  description: The name of the Secret resource being referred to.
-                                  type: string
-                                namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
-                                  type: string
-                              type: object
-                            appOwnerPublicKeySecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
-                              properties:
-                                key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
-                                  type: string
-                                name:
-                                  description: The name of the Secret resource being referred to.
-                                  type: string
-                                namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
-                                  type: string
-                              type: object
-                            clientIdSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
-                              properties:
-                                key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
-                                  type: string
-                                name:
-                                  description: The name of the Secret resource being referred to.
-                                  type: string
-                                namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
-                                  type: string
-                              type: object
-                            privateKeySecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
-                              properties:
-                                key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
-                                  type: string
-                                name:
-                                  description: The name of the Secret resource being referred to.
-                                  type: string
-                                namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
-                                  type: string
-                              type: object
-                            serverPublicKeyIdSecretRef:
-                              description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
-                              properties:
-                                key:
-                                  description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
-                                  type: string
-                                name:
-                                  description: The name of the Secret resource being referred to.
-                                  type: string
-                                namespace:
-                                  description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
-                                  type: string
-                              type: object
-                          required:
-                            - appKeySecretRef
-                            - appOwnerPublicKeySecretRef
-                            - clientIdSecretRef
-                            - privateKeySecretRef
-                            - serverPublicKeyIdSecretRef
+                            key:
+                              description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                              type: string
+                            name:
+                              description: The name of the Secret resource being referred to.
+                              type: string
+                            namespace:
+                              description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                              type: string
                           type: object
                         folderID:
                           type: string
                         hostname:
-                          description: Keeper Url from which the secrets to be fetched from.
                           type: string
                       required:
-                        - auth
+                        - authRef
                         - folderID
                         - hostname
                       type: object

docs/api/spec.md

@@ -3425,85 +3425,6 @@ string
 </tr>
 </tbody>
 </table>
-<h3 id="external-secrets.io/v1beta1.KeeperSecurityAuth">KeeperSecurityAuth
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#external-secrets.io/v1beta1.KeeperSecurityProvider">KeeperSecurityProvider</a>)
-</p>
-<p>
-<p>KeeperSecurityAuth Configuration used to authenticate with KeeperSecurity.</p>
-</p>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>appKeySecretRef</code></br>
-<em>
-<a href="https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector">
-External Secrets meta/v1.SecretKeySelector
-</a>
-</em>
-</td>
-<td>
-</td>
-</tr>
-<tr>
-<td>
-<code>appOwnerPublicKeySecretRef</code></br>
-<em>
-<a href="https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector">
-External Secrets meta/v1.SecretKeySelector
-</a>
-</em>
-</td>
-<td>
-</td>
-</tr>
-<tr>
-<td>
-<code>clientIdSecretRef</code></br>
-<em>
-<a href="https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector">
-External Secrets meta/v1.SecretKeySelector
-</a>
-</em>
-</td>
-<td>
-</td>
-</tr>
-<tr>
-<td>
-<code>privateKeySecretRef</code></br>
-<em>
-<a href="https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector">
-External Secrets meta/v1.SecretKeySelector
-</a>
-</em>
-</td>
-<td>
-</td>
-</tr>
-<tr>
-<td>
-<code>serverPublicKeyIdSecretRef</code></br>
-<em>
-<a href="https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector">
-External Secrets meta/v1.SecretKeySelector
-</a>
-</em>
-</td>
-<td>
-</td>
-</tr>
-</tbody>
-</table>
 <h3 id="external-secrets.io/v1beta1.KeeperSecurityProvider">KeeperSecurityProvider
 </h3>
 <p>
@@ -3523,10 +3444,10 @@ External Secrets meta/v1.SecretKeySelector
 <tbody>
 <tr>
 <td>
-<code>auth</code></br>
+<code>authRef</code></br>
 <em>
-<a href="#external-secrets.io/v1beta1.KeeperSecurityAuth">
-KeeperSecurityAuth
+<a href="https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector">
+External Secrets meta/v1.SecretKeySelector
 </a>
 </em>
 </td>
@@ -3541,7 +3462,6 @@ string
 </em>
 </td>
 <td>
-<p>Keeper Url from which the secrets to be fetched from.</p>
 </td>
 </tr>
 <tr>
@@ -5185,7 +5105,7 @@ External Secrets meta/v1.SecretKeySelector
 <td><p>Error indicates that there is a misconfiguration.</p>
 </td>
 </tr><tr><td><p>0</p></td>
-<td><p>Ready indicates that the client is configured correctly
+<td><p>Ready indicates that the client is confgured correctly
 and can be used.</p>
 </td>
 </tr><tr><td><p>1</p></td>

docs/provider/keeper-security.md

@@ -13,7 +13,7 @@ KSM can authenticate using *One Time Access Token* or *Secret Manager Configurat
 
 You can find the documentation for the Secret Manager Configuration creation [here](https://docs.keeper.io/secrets-manager/secrets-manager/about/secrets-manager-configuration). Make sure you add the proper permissions to your device in order to be able to read and write secrets
 
-Once you have created your SMC, you will get a config.json file containing the following keys:
+Once you have created your SMC, you will get a config.json file or a base64 json encoded string containing the following keys:
 - `hostname`
 - `clientId`
 - `privateKey`
@@ -21,7 +21,7 @@ Once you have created your SMC, you will get a config.json file containing the f
 - `appKey`
 - `appOwnerPublicKey`
 
-This config will be required to create your secretStores
+This base64 encoded jsong string will be required to create your secretStores
 
 ## Important note about this documentation
 _**The KepeerSecurity calls the entries in vaults 'Records'. These docs use the same term.**_

docs/snippets/keepersecurity-secret-store.yaml

@@ -7,20 +7,7 @@ spec:
   provider:
     keepersecurity:
       hostname: keepersecurity.eu
-      auth:
-        appKeySecretRef:
-          name: keeper-configuration
-          key:  appKey
-        appOwnerPublicKeySecretRef:
-          name: keeper-configuration
-          key: appOwnerPublicKey
-        privateKeySecretRef:
-          name: keeper-configuration
-          key: privateKey
-        serverPublicKeyIdSecretRef:
-          name: keeper-configuration
-          key: serverPublicKeyId
-        clientIdSecretRef:
-          name: keeper-configuration
-          key: clientId
+      authRef: # Refer to a kubernetes secret which holds the base64 encoded json string for the configuration
+        name: keeper-configuration
+        key:  auth
       folderID: 1qdsiewFW-U # Folder ID where the secrets can be pushed. It requires write permissions

pkg/provider/keepersecurity/provider.go

@@ -25,7 +25,6 @@ import (
 	kclient "sigs.k8s.io/controller-runtime/pkg/client"
 
 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
-	smmeta "github.com/external-secrets/external-secrets/apis/meta/v1"
 	"github.com/external-secrets/external-secrets/pkg/utils"
 )
 
@@ -36,11 +35,7 @@ const (
 	errKeeperSecurityNilSpecProvider                = "nil spec.provider"
 	errKeeperSecurityNilSpecProviderKeeperSecurity  = "nil spec.provider.keepersecurity"
 	errKeeperSecurityStoreMissingAuth               = "missing: spec.provider.keepersecurity.auth"
-	errKeeperSecurityStoreMissingAppKey             = "missing: spec.provider.keepersecurity.auth.appKeySecretRef %w"
-	errKeeperSecurityStoreMissingAppOwnerPublicKey  = "missing: spec.provider.keepersecurity.auth.appOwnerPublicKeySecretRef %w"
-	errKeeperSecurityStoreMissingClientID           = "missing: spec.provider.keepersecurity.auth.clientIdSecretRef %w"
-	errKeeperSecurityStoreMissingPrivateKey         = "missing: spec.provider.keepersecurity.auth.privateKeySecretRef %w"
-	errKeeperSecurityStoreMissingServerPublicKeyID  = "missing: spec.provider.keepersecurity.auth.serverPublicKeyIDSecretRef %w"
+	errKeeperSecurityStoreMissingFolderID           = "missing: spec.provider.keepersecurity.folderID"
 	errKeeperSecurityStoreInvalidConnectHost        = "unable to parse URL: spec.provider.keepersecurity.connectHost: %w"
 	errInvalidClusterStoreMissingK8sSecretNamespace = "invalid ClusterSecretStore: missing KeeperSecurity k8s Auth Secret Namespace"
 	errFetchK8sSecret                               = "could not fetch k8s Secret: %w"
@@ -74,7 +69,7 @@ func (p *Provider) NewClient(ctx context.Context, store esv1beta1.GenericStore,
 	keeperStore := storeSpec.Provider.KeeperSecurity
 
 	isClusterKind := store.GetObjectKind().GroupVersionKind().Kind == esv1beta1.ClusterSecretStoreKind
-	clientConfig, err := getKeeperSecurityConfig(ctx, keeperStore, kube, isClusterKind, namespace)
+	clientConfig, err := getKeeperSecurityAuth(ctx, keeperStore, kube, isClusterKind, namespace)
 	if err != nil {
 		return nil, fmt.Errorf(errKeeperSecurityUnableToCreateConfig, err)
 	}
@@ -114,69 +109,21 @@ func (p *Provider) ValidateStore(store esv1beta1.GenericStore) error {
 		return fmt.Errorf(errKeeperSecurityStoreInvalidConnectHost, err)
 	}
 
-	if config.Auth == nil {
+	if err := utils.ValidateSecretSelector(store, config.Auth); err != nil {
 		return fmt.Errorf(errKeeperSecurityStoreMissingAuth)
 	}
-
-	if err := utils.ValidateSecretSelector(store, config.Auth.AppKey); err != nil {
-		return fmt.Errorf(errKeeperSecurityStoreMissingAppKey, err)
-	}
-
-	if err := utils.ValidateSecretSelector(store, config.Auth.AppOwnerPublicKey); err != nil {
-		return fmt.Errorf(errKeeperSecurityStoreMissingAppOwnerPublicKey, err)
-	}
-
-	if err := utils.ValidateSecretSelector(store, config.Auth.PrivateKey); err != nil {
-		return fmt.Errorf(errKeeperSecurityStoreMissingPrivateKey, err)
-	}
-
-	if err := utils.ValidateSecretSelector(store, config.Auth.ClientID); err != nil {
-		return fmt.Errorf(errKeeperSecurityStoreMissingClientID, err)
-	}
-
-	if err := utils.ValidateSecretSelector(store, config.Auth.ServerPublicKeyID); err != nil {
-		return fmt.Errorf(errKeeperSecurityStoreMissingServerPublicKeyID, err)
+	if config.FolderID == "" {
+		return fmt.Errorf(errKeeperSecurityStoreMissingFolderID)
 	}
 
 	return nil
 }
 
-func getKeeperSecurityConfig(ctx context.Context, store *esv1beta1.KeeperSecurityProvider, kube kclient.Client, isClusterKind bool, namespace string) (map[string]string, error) {
+func getKeeperSecurityAuth(ctx context.Context, store *esv1beta1.KeeperSecurityProvider, kube kclient.Client, isClusterKind bool, namespace string) (string, error) {
 	auth := store.Auth
-	apiKey, err := getAuthParameter(ctx, auth.AppKey, kube, isClusterKind, namespace)
-	if err != nil {
-		return nil, err
-	}
-	appOwnerPublicKey, err := getAuthParameter(ctx, auth.AppOwnerPublicKey, kube, isClusterKind, namespace)
-	if err != nil {
-		return nil, err
-	}
-	clientID, err := getAuthParameter(ctx, auth.ClientID, kube, isClusterKind, namespace)
-	if err != nil {
-		return nil, err
-	}
-	privateKey, err := getAuthParameter(ctx, auth.PrivateKey, kube, isClusterKind, namespace)
-	if err != nil {
-		return nil, err
-	}
-	serverPublicKeyID, err := getAuthParameter(ctx, auth.ServerPublicKeyID, kube, isClusterKind, namespace)
-	if err != nil {
-		return nil, err
-	}
-
-	return map[string]string{
-		"appKey":            apiKey,
-		"appOwnerPublicKey": appOwnerPublicKey,
-		"clientId":          clientID,
-		"hostname":          store.Hostname,
-		"privateKey":        privateKey,
-		"serverPublicKeyID": serverPublicKeyID,
-	}, nil
-}
 
-func getAuthParameter(ctx context.Context, param smmeta.SecretKeySelector, kube kclient.Client, isClusterKind bool, namespace string) (string, error) {
 	credentialsSecret := &v1.Secret{}
-	credentialsSecretName := param.Name
+	credentialsSecretName := auth.Name
 	objectKey := types.NamespacedName{
 		Name:      credentialsSecretName,
 		Namespace: namespace,
@@ -184,10 +131,10 @@ func getAuthParameter(ctx context.Context, param smmeta.SecretKeySelector, kube
 
 	// only ClusterStore is allowed to set namespace (and then it's required)
 	if isClusterKind {
-		if credentialsSecretName != "" && param.Namespace == nil {
+		if credentialsSecretName != "" && auth.Namespace == nil {
 			return "", fmt.Errorf(errInvalidClusterStoreMissingK8sSecretNamespace)
 		} else if credentialsSecretName != "" {
-			objectKey.Namespace = *param.Namespace
+			objectKey.Namespace = *auth.Namespace
 		}
 	}
 
@@ -195,9 +142,9 @@ func getAuthParameter(ctx context.Context, param smmeta.SecretKeySelector, kube
 	if err != nil {
 		return "", fmt.Errorf(errFetchK8sSecret, err)
 	}
-	data := credentialsSecret.Data[param.Key]
+	data := credentialsSecret.Data[auth.Key]
 	if (data == nil) || (len(data) == 0) {
-		return "", fmt.Errorf(errMissingK8sSecretKey, param.Key)
+		return "", fmt.Errorf(errMissingK8sSecretKey, auth.Key)
 	}
 
 	return string(data), nil