|
|
@@ -3846,7 +3846,11 @@ Please estimate your costs before using ESO. Cost depends on the RefreshInterval
|
|
|
<span class="w"> </span><span class="nt">remoteKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-first-parameter</span><span class="w"> </span><span class="c1"># Remote reference (where the secret is going to be pushed)</span>
|
|
|
</code></pre></div>
|
|
|
<h4 id="additional-metadata-for-pushsecret">Additional Metadata for PushSecret</h4>
|
|
|
-<p>Optionally, it is possible to configure additional options for the parameter such as <code>Type</code> and encryption Key. To control this behaviour you can set the following provider's <code>metadata</code>:</p>
|
|
|
+<p>Optionally, it is possible to configure additional options for the parameter. These are as follows:
|
|
|
+- type
|
|
|
+- keyID
|
|
|
+- tier & policies</p>
|
|
|
+<p>To control this behaviour you can set the following provider's <code>metadata</code>:</p>
|
|
|
<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
|
|
|
<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">PushSecret</span>
|
|
|
<span class="nt">metadata</span><span class="p">:</span>
|
|
|
@@ -3866,13 +3870,41 @@ Please estimate your costs before using ESO. Cost depends on the RefreshInterval
|
|
|
<span class="w"> </span><span class="nt">remoteRef</span><span class="p">:</span>
|
|
|
<span class="w"> </span><span class="nt">remoteKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-first-parameter</span><span class="w"> </span><span class="c1"># Remote reference (where the secret is going to be pushed)</span>
|
|
|
<span class="w"> </span><span class="nt">metadata</span><span class="p">:</span>
|
|
|
-<span class="w"> </span><span class="nt">parameterStoreType</span><span class="p">:</span><span class="w"> </span><span class="s">"SecureString"</span>
|
|
|
-<span class="w"> </span><span class="nt">parameterStoreKeyID</span><span class="p">:</span><span class="w"> </span><span class="s">"bb123123-b2b0-4f60-ac3a-44a13f0e6b6c"</span>
|
|
|
+<span class="w"> </span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">kubernetes.external-secrets.io/v1alpha1</span>
|
|
|
+<span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">PushSecretMetadata</span>
|
|
|
+<span class="w"> </span><span class="nt">spec</span><span class="p">:</span>
|
|
|
+<span class="w"> </span><span class="nt">secretType</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecureString</span>
|
|
|
+<span class="w"> </span><span class="nt">kmsKeyID</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">bb123123-b2b0-4f60-ac3a-44a13f0e6b6c</span>
|
|
|
+<span class="w"> </span><span class="nt">tier</span><span class="p">:</span>
|
|
|
+<span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Advanced</span><span class="w"> </span><span class="c1"># default is Standard</span>
|
|
|
+<span class="w"> </span><span class="nt">policies</span><span class="p">:</span>
|
|
|
+<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="s">"Expiration"</span>
|
|
|
+<span class="w"> </span><span class="nt">version</span><span class="p">:</span><span class="w"> </span><span class="s">"1.0"</span>
|
|
|
+<span class="w"> </span><span class="nt">attributes</span><span class="p">:</span>
|
|
|
+<span class="w"> </span><span class="nt">timestamp</span><span class="p">:</span><span class="w"> </span><span class="s">"2024-12-02T21:34:33.000Z"</span>
|
|
|
+<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="s">"ExpirationNotification"</span>
|
|
|
+<span class="w"> </span><span class="nt">version</span><span class="p">:</span><span class="w"> </span><span class="s">"1.0"</span>
|
|
|
+<span class="w"> </span><span class="nt">attributes</span><span class="p">:</span>
|
|
|
+<span class="w"> </span><span class="nt">before</span><span class="p">:</span><span class="w"> </span><span class="s">"2"</span>
|
|
|
+<span class="w"> </span><span class="nt">unit</span><span class="p">:</span><span class="w"> </span><span class="s">"Days"</span>
|
|
|
+<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="s">"ExpirationNotification"</span>
|
|
|
+<span class="w"> </span><span class="nt">version</span><span class="p">:</span><span class="w"> </span><span class="s">"1.0"</span>
|
|
|
+<span class="w"> </span><span class="nt">attributes</span><span class="p">:</span>
|
|
|
+<span class="w"> </span><span class="nt">before</span><span class="p">:</span><span class="w"> </span><span class="s">"30"</span>
|
|
|
+<span class="w"> </span><span class="nt">unit</span><span class="p">:</span><span class="w"> </span><span class="s">"Days"</span>
|
|
|
+<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="s">"NoChangeNotification"</span>
|
|
|
+<span class="w"> </span><span class="nt">version</span><span class="p">:</span><span class="w"> </span><span class="s">"1.0"</span>
|
|
|
+<span class="w"> </span><span class="nt">attributes</span><span class="p">:</span>
|
|
|
+<span class="w"> </span><span class="nt">after</span><span class="p">:</span><span class="w"> </span><span class="s">"30"</span>
|
|
|
+<span class="w"> </span><span class="nt">unit</span><span class="p">:</span><span class="w"> </span><span class="s">"Days"</span>
|
|
|
</code></pre></div>
|
|
|
-<p><code>parameterStoreType</code> takes three options. <code>String</code>, <code>StringList</code>, and <code>SecureString</code>, where <code>String</code> is the <em>default</em>.</p>
|
|
|
-<p><code>parameterStoreKeyID</code> takes a KMS Key <code>$ID</code> or <code>$ARN</code> (in case a key source is created in another account) as a string, where <code>alias/aws/ssm</code> is the <em>default</em>. This property is only used if <code>parameterStoreType</code> is set as <code>SecureString</code>.</p>
|
|
|
+<ul>
|
|
|
+<li><code>secretType</code> takes three options. <code>String</code>, <code>StringList</code>, and <code>SecureString</code>, where <code>String</code> is the <em>default</em></li>
|
|
|
+<li><code>kmsKeyID</code> takes a KMS Key <code>$ID</code> or <code>$ARN</code> (in case a key source is created in another account) as a string, where <code>alias/aws/ssm</code> is the <em>default</em>. This property is only used if <code>secretType</code> is set as <code>SecureString</code>.</li>
|
|
|
+<li></li>
|
|
|
+</ul>
|
|
|
<h4 id="check-successful-secret-sync">Check successful secret sync</h4>
|
|
|
-<p>To be able to check that the secret has been succesfully synced you can run the following command:</p>
|
|
|
+<p>To be able to check that the secret has been successfully synced you can run the following command:</p>
|
|
|
<div class="highlight"><pre><span></span><code>kubectl<span class="w"> </span>get<span class="w"> </span>pushsecret<span class="w"> </span>pushsecret-example
|
|
|
</code></pre></div>
|
|
|
<p>If the secret has synced successfully it will show the status as "Synced".</p>
|