Deployed 3266ddb09 to main with MkDocs 1.6.1 and mike 1.2.0.dev0

main/api/clusterpushsecret/index.html

@@ -3916,7 +3916,16 @@
 If there is a conflict with an existing resource the controller will error out.</p>
 <h2 id="example">Example</h2>
 <p>Below is an example of the <code>ClusterPushSecret</code> in use.</p>
-<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
+<div class="highlight"><pre><span></span><code><span class="nn">---</span>
+<span class="c1"># The source secret that will be pushed to the destination secret by ClusterPushSecret.</span>
+<span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v1</span>
+<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Secret</span>
+<span class="nt">metadata</span><span class="p">:</span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">source-secret</span>
+<span class="nt">stringData</span><span class="p">:</span>
+<span class="w">  </span><span class="nt">best-pokemon-src</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;Pikachu&quot;</span>
+<span class="nn">---</span>
+<span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ClusterPushSecret</span>
 <span class="nt">metadata</span><span class="p">:</span>
 <span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;hello-world&quot;</span>
@@ -3947,7 +3956,7 @@ If there is a conflict with an existing resource the controller will error out.<
 <span class="w">        </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
 <span class="w">    </span><span class="nt">selector</span><span class="p">:</span>
 <span class="w">      </span><span class="nt">secret</span><span class="p">:</span>
-<span class="w">        </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">pokedex-credentials</span><span class="w"> </span><span class="c1"># Source Kubernetes secret to be pushed</span>
+<span class="w">        </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">source-secret</span><span class="w"> </span><span class="c1"># Source Kubernetes secret to be pushed</span>
 <span class="w">      </span><span class="c1"># Alternatively, you can point to a generator that produces values to be pushed</span>
 <span class="w">      </span><span class="nt">generatorRef</span><span class="p">:</span>
 <span class="w">        </span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
@@ -3958,10 +3967,12 @@ If there is a conflict with an existing resource the controller will error out.<
 <span class="w">        </span><span class="nt">annotations</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">{</span><span class="w"> </span><span class="p p-Indicator">}</span>
 <span class="w">        </span><span class="nt">labels</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">{</span><span class="w"> </span><span class="p p-Indicator">}</span>
 <span class="w">      </span><span class="nt">data</span><span class="p">:</span>
-<span class="w">        </span><span class="nt">best-pokemon</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">.best-pokemon</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">toString</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">upper</span><span class="nv"> </span><span class="s">}}</span><span class="nv"> </span><span class="s">is</span><span class="nv"> </span><span class="s">the</span><span class="nv"> </span><span class="s">really</span><span class="nv"> </span><span class="s">best!&quot;</span>
-<span class="w">      </span><span class="c1"># Uses an existing template from configmap</span>
-<span class="w">      </span><span class="c1"># Secret is fetched, merged and templated within the referenced configMap data</span>
-<span class="w">      </span><span class="c1"># It does not update the configmap, it creates a secret with: data[&quot;alertmanager.yml&quot;] = ...result...</span>
+<span class="w">        </span><span class="c1"># If the key source secret key has dashes, then it cannot be accessed directly,</span>
+<span class="w">        </span><span class="c1"># and the &quot;index&quot; function should be used.</span>
+<span class="w">        </span><span class="nt">best-pokemon</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">index</span><span class="nv"> </span><span class="s">.</span><span class="nv"> </span><span class="s">\&quot;best-pokemon-src\&quot;</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">toString</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">upper</span><span class="nv"> </span><span class="s">}}</span><span class="nv"> </span><span class="s">is</span><span class="nv"> </span><span class="s">the</span><span class="nv"> </span><span class="s">really</span><span class="nv"> </span><span class="s">best!&quot;</span>
+<span class="w">      </span><span class="c1"># Also, it&#39;s possible to use an existing template from configmap where Secret is fetched, </span>
+<span class="w">      </span><span class="c1"># merged and templated within the referenced configMap data.</span>
+<span class="w">      </span><span class="c1"># It does not update the configmap, it creates a secret with: data[&quot;config.yml&quot;] = ...result...</span>
 <span class="w">      </span><span class="nt">templateFrom</span><span class="p">:</span>
 <span class="w">        </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">configMap</span><span class="p">:</span>
 <span class="w">            </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">application-config-tmpl</span>
@@ -3970,10 +3981,11 @@ If there is a conflict with an existing resource the controller will error out.<
 <span class="w">    </span><span class="nt">data</span><span class="p">:</span>
 <span class="w">      </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">conversionStrategy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">None</span><span class="w"> </span><span class="c1"># Also supports the ReverseUnicode strategy</span>
 <span class="w">        </span><span class="nt">match</span><span class="p">:</span>
-<span class="w">          </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">best-pokemon</span><span class="w"> </span><span class="c1"># Source Kubernetes secret key to be pushed</span>
+<span class="w">          </span><span class="c1"># The secretKey is used within ClusterPushSecret (it should match key under spec.pushSecretSpec.template.data)</span>
+<span class="w">          </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">best-pokemon</span>
 <span class="w">          </span><span class="nt">remoteRef</span><span class="p">:</span>
-<span class="w">            </span><span class="nt">remoteKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-first-parameter</span><span class="w"> </span><span class="c1"># Remote reference (where the secret is going to be pushed)</span>
-
+<span class="w">            </span><span class="nt">remoteKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">destination-secret</span><span class="w"> </span><span class="c1"># The destination secret object name (where the secret is going to be pushed)</span>
+<span class="w">            </span><span class="nt">property</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">best-pokemon-dst</span><span class="w"> </span><span class="c1"># The key within the destination secret object.</span>
 <span class="nt">status</span><span class="p">:</span>
 <span class="w">  </span><span class="c1"># This will list any namespaces where the creation of the ExternalSecret failed</span>
 <span class="w">  </span><span class="c1"># This will not list any issues with the ExternalSecrets, you will have to check the</span>
@@ -3996,6 +4008,15 @@ If there is a conflict with an existing resource the controller will error out.<
 <span class="w">    </span><span class="nt">status</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;True&quot;</span>
 <span class="w">    </span><span class="nt">lastTransitionTime</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;2022-01-12T12:33:02Z&quot;</span>
 </code></pre></div>
+<p>The result of the created Secret object will look like:</p>
+<div class="highlight"><pre><span></span><code><span class="c1"># The destination secret that will be templated and pushed by ClusterPushSecret.</span>
+<span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v1</span>
+<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Secret</span>
+<span class="nt">metadata</span><span class="p">:</span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">destination-secret</span>
+<span class="nt">stringData</span><span class="p">:</span>
+<span class="w">  </span><span class="nt">best-pokemon-dst</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;PIKACHU</span><span class="nv"> </span><span class="s">is</span><span class="nv"> </span><span class="s">the</span><span class="nv"> </span><span class="s">really</span><span class="nv"> </span><span class="s">best!&quot;</span>
+</code></pre></div>
 
 
 

main/api/pushsecret/index.html

@@ -82,7 +82,7 @@
     <div data-md-component="skip">
       
         
-        <a href="#templating" class="md-skip">
+        <a href="#example" class="md-skip">
           Skip to content
         </a>
       
@@ -968,9 +968,18 @@
     <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
       
         <li class="md-nav__item">
-  <a href="#templating" class="md-nav__link">
+  <a href="#example" class="md-nav__link">
     <span class="md-ellipsis">
-      Templating
+      Example
+    </span>
+  </a>
+  
+</li>
+      
+        <li class="md-nav__item">
+  <a href="#template" class="md-nav__link">
+    <span class="md-ellipsis">
+      Template
     </span>
   </a>
   
@@ -3882,9 +3891,18 @@
     <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
       
         <li class="md-nav__item">
-  <a href="#templating" class="md-nav__link">
+  <a href="#example" class="md-nav__link">
     <span class="md-ellipsis">
-      Templating
+      Example
+    </span>
+  </a>
+  
+</li>
+      
+        <li class="md-nav__item">
+  <a href="#template" class="md-nav__link">
+    <span class="md-ellipsis">
+      Template
     </span>
   </a>
   
@@ -3918,7 +3936,18 @@
 <li>you can specify what secret keys should be pushed by using <code>spec.data</code>.</li>
 <li>you can also template the resulting property values using <a href="#templating">templating</a>.</li>
 </ul>
-<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
+<h2 id="example">Example</h2>
+<p>Below is an example of the <code>PushSecret</code> in use.</p>
+<div class="highlight"><pre><span></span><code><span class="nn">---</span>
+<span class="c1"># The source secret that will be pushed to the destination secret by PushSecret.</span>
+<span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v1</span>
+<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Secret</span>
+<span class="nt">metadata</span><span class="p">:</span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">source-secret</span>
+<span class="nt">stringData</span><span class="p">:</span>
+<span class="w">  </span><span class="nt">best-pokemon-src</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;Pikachu&quot;</span>
+<span class="nn">---</span>
+<span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">PushSecret</span>
 <span class="nt">metadata</span><span class="p">:</span>
 <span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">pushsecret-example</span><span class="w"> </span><span class="c1"># Customisable</span>
@@ -3943,10 +3972,12 @@
 <span class="w">      </span><span class="nt">annotations</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">{</span><span class="w"> </span><span class="p p-Indicator">}</span>
 <span class="w">      </span><span class="nt">labels</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">{</span><span class="w"> </span><span class="p p-Indicator">}</span>
 <span class="w">    </span><span class="nt">data</span><span class="p">:</span>
-<span class="w">      </span><span class="nt">best-pokemon</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">.best-pokemon</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">toString</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">upper</span><span class="nv"> </span><span class="s">}}</span><span class="nv"> </span><span class="s">is</span><span class="nv"> </span><span class="s">the</span><span class="nv"> </span><span class="s">really</span><span class="nv"> </span><span class="s">best!&quot;</span>
-<span class="w">    </span><span class="c1"># Uses an existing template from configmap</span>
-<span class="w">    </span><span class="c1"># Secret is fetched, merged and templated within the referenced configMap data</span>
-<span class="w">    </span><span class="c1"># It does not update the configmap, it creates a secret with: data[&quot;alertmanager.yml&quot;] = ...result...</span>
+<span class="w">      </span><span class="c1"># If the key source secret key has dashes, then it cannot be accessed directly,</span>
+<span class="w">      </span><span class="c1"># and the &quot;index&quot; function should be used.</span>
+<span class="w">      </span><span class="nt">best-pokemon</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">index</span><span class="nv"> </span><span class="s">.</span><span class="nv"> </span><span class="s">\&quot;best-pokemon-src\&quot;</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">toString</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">upper</span><span class="nv"> </span><span class="s">}}</span><span class="nv"> </span><span class="s">is</span><span class="nv"> </span><span class="s">the</span><span class="nv"> </span><span class="s">really</span><span class="nv"> </span><span class="s">best!&quot;</span>
+<span class="w">    </span><span class="c1"># Also, it&#39;s possible to use an existing template from configmap where Secret is fetched, </span>
+<span class="w">    </span><span class="c1"># merged and templated within the referenced configMap data.</span>
+<span class="w">    </span><span class="c1"># It does not update the configmap, it creates a secret with: data[&quot;config.yml&quot;] = ...result...</span>
 <span class="w">    </span><span class="nt">templateFrom</span><span class="p">:</span>
 <span class="w">      </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">configMap</span><span class="p">:</span>
 <span class="w">          </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">application-config-tmpl</span>
@@ -3955,11 +3986,22 @@
 <span class="w">  </span><span class="nt">data</span><span class="p">:</span>
 <span class="w">    </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">conversionStrategy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">None</span><span class="w"> </span><span class="c1"># Also supports the ReverseUnicode strategy</span>
 <span class="w">      </span><span class="nt">match</span><span class="p">:</span>
-<span class="w">        </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">best-pokemon</span><span class="w"> </span><span class="c1"># Source Kubernetes secret key to be pushed</span>
+<span class="w">        </span><span class="c1"># The secretKey is used within PushSecret (it should match key under spec.template.data)</span>
+<span class="w">        </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">best-pokemon</span>
 <span class="w">        </span><span class="nt">remoteRef</span><span class="p">:</span>
-<span class="w">          </span><span class="nt">remoteKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-first-parameter</span><span class="w"> </span><span class="c1"># Remote reference (where the secret is going to be pushed)</span>
+<span class="w">          </span><span class="nt">remoteKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">destination-secret</span><span class="w"> </span><span class="c1"># The destination secret object name (where the secret is going to be pushed)</span>
+<span class="w">          </span><span class="nt">property</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">best-pokemon-dst</span><span class="w"> </span><span class="c1"># The key within the destination secret object.</span>
+</code></pre></div>
+<p>The result of the created Secret object will look like:</p>
+<div class="highlight"><pre><span></span><code><span class="c1"># The destination secret that will be templated and pushed by PushSecret.</span>
+<span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v1</span>
+<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Secret</span>
+<span class="nt">metadata</span><span class="p">:</span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">destination-secret</span>
+<span class="nt">stringData</span><span class="p">:</span>
+<span class="w">  </span><span class="nt">best-pokemon-dst</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;PIKACHU</span><span class="nv"> </span><span class="s">is</span><span class="nv"> </span><span class="s">the</span><span class="nv"> </span><span class="s">really</span><span class="nv"> </span><span class="s">best!&quot;</span>
 </code></pre></div>
-<h2 id="templating">Templating</h2>
+<h2 id="template">Template</h2>
 <p>When the controller reconciles the <code>PushSecret</code> it will use the <code>spec.template</code> as a blueprint to construct a new property.
 You can use golang templates to define the blueprint and use template functions to transform the defined properties.
 You can also pull in <code>ConfigMaps</code> that contain golang-template data using <code>templateFrom</code>.

main/guides/pushsecrets/index.html

@@ -4028,7 +4028,16 @@
 <p>Contrary to what <code>ExternalSecret</code> does by pulling secrets from secret providers and creating <code>kind=Secret</code> in your cluster, <code>PushSecret</code> reads a local <code>kind=Secret</code> and pushes its content to a secret provider.</p>
 <p>The update behavior of <code>PushSecret</code> is controlled by <code>spec.updatePolicy</code>. The default policy is <code>Replace</code>, such that secrets are overwritten in the provider, regardless of whether there already is a secret present in the provider at the given location. If you do not want <code>PushSecret</code> to overwrite existing secrets in the provider, you can set <code>spec.UpdatePolicy</code> to <code>IfNotExists</code>. With this policy, the provider becomes the source of truth. Please note that with using <code>spec.updatePolicy=IfNotExists</code> it is possible that the secret value referenced by the <code>PushSecret</code> within the cluster differs from the secret value at the given location in the provider.</p>
 <p>By default, the secret created in the secret provided will not be deleted even after deleting the <code>PushSecret</code>, unless you set <code>spec.deletionPolicy</code> to <code>Delete</code>.</p>
-<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
+<div class="highlight"><pre><span></span><code><span class="nn">---</span>
+<span class="c1"># The source secret that will be pushed to the destination secret by PushSecret.</span>
+<span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v1</span>
+<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Secret</span>
+<span class="nt">metadata</span><span class="p">:</span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">source-secret</span>
+<span class="nt">stringData</span><span class="p">:</span>
+<span class="w">  </span><span class="nt">best-pokemon-src</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;Pikachu&quot;</span>
+<span class="nn">---</span>
+<span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">PushSecret</span>
 <span class="nt">metadata</span><span class="p">:</span>
 <span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">pushsecret-example</span><span class="w"> </span><span class="c1"># Customisable</span>
@@ -4053,10 +4062,12 @@
 <span class="w">      </span><span class="nt">annotations</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">{</span><span class="w"> </span><span class="p p-Indicator">}</span>
 <span class="w">      </span><span class="nt">labels</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">{</span><span class="w"> </span><span class="p p-Indicator">}</span>
 <span class="w">    </span><span class="nt">data</span><span class="p">:</span>
-<span class="w">      </span><span class="nt">best-pokemon</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">.best-pokemon</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">toString</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">upper</span><span class="nv"> </span><span class="s">}}</span><span class="nv"> </span><span class="s">is</span><span class="nv"> </span><span class="s">the</span><span class="nv"> </span><span class="s">really</span><span class="nv"> </span><span class="s">best!&quot;</span>
-<span class="w">    </span><span class="c1"># Uses an existing template from configmap</span>
-<span class="w">    </span><span class="c1"># Secret is fetched, merged and templated within the referenced configMap data</span>
-<span class="w">    </span><span class="c1"># It does not update the configmap, it creates a secret with: data[&quot;alertmanager.yml&quot;] = ...result...</span>
+<span class="w">      </span><span class="c1"># If the key source secret key has dashes, then it cannot be accessed directly,</span>
+<span class="w">      </span><span class="c1"># and the &quot;index&quot; function should be used.</span>
+<span class="w">      </span><span class="nt">best-pokemon</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">index</span><span class="nv"> </span><span class="s">.</span><span class="nv"> </span><span class="s">\&quot;best-pokemon-src\&quot;</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">toString</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">upper</span><span class="nv"> </span><span class="s">}}</span><span class="nv"> </span><span class="s">is</span><span class="nv"> </span><span class="s">the</span><span class="nv"> </span><span class="s">really</span><span class="nv"> </span><span class="s">best!&quot;</span>
+<span class="w">    </span><span class="c1"># Also, it&#39;s possible to use an existing template from configmap where Secret is fetched, </span>
+<span class="w">    </span><span class="c1"># merged and templated within the referenced configMap data.</span>
+<span class="w">    </span><span class="c1"># It does not update the configmap, it creates a secret with: data[&quot;config.yml&quot;] = ...result...</span>
 <span class="w">    </span><span class="nt">templateFrom</span><span class="p">:</span>
 <span class="w">      </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">configMap</span><span class="p">:</span>
 <span class="w">          </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">application-config-tmpl</span>
@@ -4065,9 +4076,11 @@
 <span class="w">  </span><span class="nt">data</span><span class="p">:</span>
 <span class="w">    </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">conversionStrategy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">None</span><span class="w"> </span><span class="c1"># Also supports the ReverseUnicode strategy</span>
 <span class="w">      </span><span class="nt">match</span><span class="p">:</span>
-<span class="w">        </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">best-pokemon</span><span class="w"> </span><span class="c1"># Source Kubernetes secret key to be pushed</span>
+<span class="w">        </span><span class="c1"># The secretKey is used within PushSecret (it should match key under spec.template.data)</span>
+<span class="w">        </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">best-pokemon</span>
 <span class="w">        </span><span class="nt">remoteRef</span><span class="p">:</span>
-<span class="w">          </span><span class="nt">remoteKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-first-parameter</span><span class="w"> </span><span class="c1"># Remote reference (where the secret is going to be pushed)</span>
+<span class="w">          </span><span class="nt">remoteKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">destination-secret</span><span class="w"> </span><span class="c1"># The destination secret object name (where the secret is going to be pushed)</span>
+<span class="w">          </span><span class="nt">property</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">best-pokemon-dst</span><span class="w"> </span><span class="c1"># The key within the destination secret object.</span>
 </code></pre></div>
 <h2 id="backup-use-case">Backup use case</h2>
 <p>An interesting use case for <code>kind=PushSecret</code> is backing up your current secret from one provider to another one.</p>

main/provider/aws-parameter-store/index.html

@@ -4370,7 +4370,16 @@ Please estimate your costs before using ESO. Cost depends on the RefreshInterval
 <h2 id="setsecret">SetSecret</h2>
 <p>The SetSecret method for the Parameter Store allows the user to set the value stored within the Kubernetes cluster to the remote AWS Parameter Store.</p>
 <h3 id="creating-a-push-secret">Creating a Push Secret</h3>
-<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
+<div class="highlight"><pre><span></span><code><span class="nn">---</span>
+<span class="c1"># The source secret that will be pushed to the destination secret by PushSecret.</span>
+<span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v1</span>
+<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Secret</span>
+<span class="nt">metadata</span><span class="p">:</span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">source-secret</span>
+<span class="nt">stringData</span><span class="p">:</span>
+<span class="w">  </span><span class="nt">best-pokemon-src</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;Pikachu&quot;</span>
+<span class="nn">---</span>
+<span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">PushSecret</span>
 <span class="nt">metadata</span><span class="p">:</span>
 <span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">pushsecret-example</span><span class="w"> </span><span class="c1"># Customisable</span>
@@ -4395,10 +4404,12 @@ Please estimate your costs before using ESO. Cost depends on the RefreshInterval
 <span class="w">      </span><span class="nt">annotations</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">{</span><span class="w"> </span><span class="p p-Indicator">}</span>
 <span class="w">      </span><span class="nt">labels</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">{</span><span class="w"> </span><span class="p p-Indicator">}</span>
 <span class="w">    </span><span class="nt">data</span><span class="p">:</span>
-<span class="w">      </span><span class="nt">best-pokemon</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">.best-pokemon</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">toString</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">upper</span><span class="nv"> </span><span class="s">}}</span><span class="nv"> </span><span class="s">is</span><span class="nv"> </span><span class="s">the</span><span class="nv"> </span><span class="s">really</span><span class="nv"> </span><span class="s">best!&quot;</span>
-<span class="w">    </span><span class="c1"># Uses an existing template from configmap</span>
-<span class="w">    </span><span class="c1"># Secret is fetched, merged and templated within the referenced configMap data</span>
-<span class="w">    </span><span class="c1"># It does not update the configmap, it creates a secret with: data[&quot;alertmanager.yml&quot;] = ...result...</span>
+<span class="w">      </span><span class="c1"># If the key source secret key has dashes, then it cannot be accessed directly,</span>
+<span class="w">      </span><span class="c1"># and the &quot;index&quot; function should be used.</span>
+<span class="w">      </span><span class="nt">best-pokemon</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">index</span><span class="nv"> </span><span class="s">.</span><span class="nv"> </span><span class="s">\&quot;best-pokemon-src\&quot;</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">toString</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">upper</span><span class="nv"> </span><span class="s">}}</span><span class="nv"> </span><span class="s">is</span><span class="nv"> </span><span class="s">the</span><span class="nv"> </span><span class="s">really</span><span class="nv"> </span><span class="s">best!&quot;</span>
+<span class="w">    </span><span class="c1"># Also, it&#39;s possible to use an existing template from configmap where Secret is fetched, </span>
+<span class="w">    </span><span class="c1"># merged and templated within the referenced configMap data.</span>
+<span class="w">    </span><span class="c1"># It does not update the configmap, it creates a secret with: data[&quot;config.yml&quot;] = ...result...</span>
 <span class="w">    </span><span class="nt">templateFrom</span><span class="p">:</span>
 <span class="w">      </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">configMap</span><span class="p">:</span>
 <span class="w">          </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">application-config-tmpl</span>
@@ -4407,9 +4418,11 @@ Please estimate your costs before using ESO. Cost depends on the RefreshInterval
 <span class="w">  </span><span class="nt">data</span><span class="p">:</span>
 <span class="w">    </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">conversionStrategy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">None</span><span class="w"> </span><span class="c1"># Also supports the ReverseUnicode strategy</span>
 <span class="w">      </span><span class="nt">match</span><span class="p">:</span>
-<span class="w">        </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">best-pokemon</span><span class="w"> </span><span class="c1"># Source Kubernetes secret key to be pushed</span>
+<span class="w">        </span><span class="c1"># The secretKey is used within PushSecret (it should match key under spec.template.data)</span>
+<span class="w">        </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">best-pokemon</span>
 <span class="w">        </span><span class="nt">remoteRef</span><span class="p">:</span>
-<span class="w">          </span><span class="nt">remoteKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-first-parameter</span><span class="w"> </span><span class="c1"># Remote reference (where the secret is going to be pushed)</span>
+<span class="w">          </span><span class="nt">remoteKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">destination-secret</span><span class="w"> </span><span class="c1"># The destination secret object name (where the secret is going to be pushed)</span>
+<span class="w">          </span><span class="nt">property</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">best-pokemon-dst</span><span class="w"> </span><span class="c1"># The key within the destination secret object.</span>
 </code></pre></div>
 <h4 id="additional-metadata-for-pushsecret">Additional Metadata for PushSecret</h4>
 <p>Optionally, it is possible to configure additional options for the parameter. These are as follows:

main/snippets/full-cluster-push-secret.yaml

@@ -1,4 +1,13 @@
 {% raw %}
+---
+# The source secret that will be pushed to the destination secret by ClusterPushSecret.
+apiVersion: v1
+kind: Secret
+metadata:
+  name: source-secret
+stringData:
+  best-pokemon-src: "Pikachu"
+---
 apiVersion: external-secrets.io/v1alpha1
 kind: ClusterPushSecret
 metadata:
@@ -30,7 +39,7 @@ spec:
         kind: SecretStore
     selector:
       secret:
-        name: pokedex-credentials # Source Kubernetes secret to be pushed
+        name: source-secret # Source Kubernetes secret to be pushed
       # Alternatively, you can point to a generator that produces values to be pushed
       generatorRef:
         apiVersion: external-secrets.io/v1alpha1
@@ -41,10 +50,12 @@ spec:
         annotations: { }
         labels: { }
       data:
-        best-pokemon: "{{ .best-pokemon | toString | upper }} is the really best!"
-      # Uses an existing template from configmap
-      # Secret is fetched, merged and templated within the referenced configMap data
-      # It does not update the configmap, it creates a secret with: data["alertmanager.yml"] = ...result...
+        # If the key source secret key has dashes, then it cannot be accessed directly,
+        # and the "index" function should be used.
+        best-pokemon: "{{ index . \"best-pokemon-src\" | toString | upper }} is the really best!"
+      # Also, it's possible to use an existing template from configmap where Secret is fetched, 
+      # merged and templated within the referenced configMap data.
+      # It does not update the configmap, it creates a secret with: data["config.yml"] = ...result...
       templateFrom:
         - configMap:
             name: application-config-tmpl
@@ -53,10 +64,11 @@ spec:
     data:
       - conversionStrategy: None # Also supports the ReverseUnicode strategy
         match:
-          secretKey: best-pokemon # Source Kubernetes secret key to be pushed
+          # The secretKey is used within ClusterPushSecret (it should match key under spec.pushSecretSpec.template.data)
+          secretKey: best-pokemon
           remoteRef:
-            remoteKey: my-first-parameter # Remote reference (where the secret is going to be pushed)
-
+            remoteKey: destination-secret # The destination secret object name (where the secret is going to be pushed)
+            property: best-pokemon-dst # The key within the destination secret object.
 status:
   # This will list any namespaces where the creation of the ExternalSecret failed
   # This will not list any issues with the ExternalSecrets, you will have to check the

main/snippets/full-pushsecret.yaml

@@ -1,4 +1,13 @@
 {% raw %}
+---
+# The source secret that will be pushed to the destination secret by PushSecret.
+apiVersion: v1
+kind: Secret
+metadata:
+  name: source-secret
+stringData:
+  best-pokemon-src: "Pikachu"
+---
 apiVersion: external-secrets.io/v1alpha1
 kind: PushSecret
 metadata:
@@ -24,10 +33,12 @@ spec:
       annotations: { }
       labels: { }
     data:
-      best-pokemon: "{{ .best-pokemon | toString | upper }} is the really best!"
-    # Uses an existing template from configmap
-    # Secret is fetched, merged and templated within the referenced configMap data
-    # It does not update the configmap, it creates a secret with: data["alertmanager.yml"] = ...result...
+      # If the key source secret key has dashes, then it cannot be accessed directly,
+      # and the "index" function should be used.
+      best-pokemon: "{{ index . \"best-pokemon-src\" | toString | upper }} is the really best!"
+    # Also, it's possible to use an existing template from configmap where Secret is fetched, 
+    # merged and templated within the referenced configMap data.
+    # It does not update the configmap, it creates a secret with: data["config.yml"] = ...result...
     templateFrom:
       - configMap:
           name: application-config-tmpl
@@ -36,7 +47,9 @@ spec:
   data:
     - conversionStrategy: None # Also supports the ReverseUnicode strategy
       match:
-        secretKey: best-pokemon # Source Kubernetes secret key to be pushed
+        # The secretKey is used within PushSecret (it should match key under spec.template.data)
+        secretKey: best-pokemon
         remoteRef:
-          remoteKey: my-first-parameter # Remote reference (where the secret is going to be pushed)
+          remoteKey: destination-secret # The destination secret object name (where the secret is going to be pushed)
+          property: best-pokemon-dst # The key within the destination secret object.
 {% endraw %}