Browse Source

Deployed cc13d3169 to main with MkDocs 1.6.1 and mike 1.2.0.dev0

Skarlso 10 months ago
parent
commit
7c156def5e
3 changed files with 106 additions and 0 deletions
  1. 48 0
      main/api/spec/index.html
  2. 58 0
      main/provider/hashicorp-vault/index.html
  3. 0 0
      main/search/search_index.json

+ 48 - 0
main/api/spec/index.html

@@ -13659,6 +13659,38 @@ authenticate with Vault using the Cert authentication method</p>
 </tr>
 </tbody>
 </table>
+<h3 id="external-secrets.io/v1.VaultCheckAndSet">VaultCheckAndSet
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#external-secrets.io/v1.VaultProvider">VaultProvider</a>)
+</p>
+<p>
+<p>VaultCheckAndSet defines the Check-And-Set (CAS) settings for Vault KV v2 PushSecret operations.</p>
+</p>
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>required</code></br>
+<em>
+bool
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Required when true, all write operations must include a check-and-set parameter.
+This helps prevent unintentional overwrites of secrets.</p>
+</td>
+</tr>
+</tbody>
+</table>
 <h3 id="external-secrets.io/v1.VaultClientTLS">VaultClientTLS
 </h3>
 <p>
@@ -14301,6 +14333,22 @@ map[string]string
 <p>Headers to be added in Vault request</p>
 </td>
 </tr>
+<tr>
+<td>
+<code>checkAndSet</code></br>
+<em>
+<a href="#external-secrets.io/v1.VaultCheckAndSet">
+VaultCheckAndSet
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>CheckAndSet defines the Check-And-Set (CAS) settings for PushSecret operations.
+Only applies to Vault KV v2 stores. When enabled, write operations must include
+the current version of the secret to prevent unintentional overwrites.</p>
+</td>
+</tr>
 </tbody>
 </table>
 <h3 id="external-secrets.io/v1.VaultUserPassAuth">VaultUserPassAuth

+ 58 - 0
main/provider/hashicorp-vault/index.html

@@ -2840,6 +2840,21 @@
     </span>
   </a>
   
+    <nav class="md-nav" aria-label="PushSecret">
+      <ul class="md-nav__list">
+        
+          <li class="md-nav__item">
+  <a href="#check-and-set-cas-for-pushsecret" class="md-nav__link">
+    <span class="md-ellipsis">
+      Check-And-Set (CAS) for PushSecret
+    </span>
+  </a>
+  
+</li>
+        
+      </ul>
+    </nav>
+  
 </li>
         
           <li class="md-nav__item">
@@ -4352,6 +4367,21 @@
     </span>
   </a>
   
+    <nav class="md-nav" aria-label="PushSecret">
+      <ul class="md-nav__list">
+        
+          <li class="md-nav__item">
+  <a href="#check-and-set-cas-for-pushsecret" class="md-nav__link">
+    <span class="md-ellipsis">
+      Check-And-Set (CAS) for PushSecret
+    </span>
+  </a>
+  
+</li>
+        
+      </ul>
+    </nav>
+  
 </li>
         
           <li class="md-nav__item">
@@ -5077,6 +5107,34 @@ To use PushSecret, you need to give <code>create</code>, <code>read</code> and <
 <span class="w">          </span><span class="nt">property</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">foo</span>
 </code></pre></div>
 <p>Note that in this example, we are generating two secrets in the target vault with the same structure but using different input formats.</p>
+<h4 id="check-and-set-cas-for-pushsecret">Check-And-Set (CAS) for PushSecret</h4>
+<p>Vault KV v2 supports Check-And-Set operations to prevent unintentional overwrites when multiple clients modify the same secret. When CAS is enabled in your Vault configuration, External Secrets Operator can be configured to include the required version parameter in write operations.</p>
+<p>To enable CAS support, add the <code>checkAndSet</code> configuration to your Vault provider:</p>
+<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1</span>
+<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
+<span class="nt">metadata</span><span class="p">:</span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">vault-backend</span>
+<span class="nt">spec</span><span class="p">:</span>
+<span class="w">  </span><span class="nt">provider</span><span class="p">:</span>
+<span class="w">    </span><span class="nt">vault</span><span class="p">:</span>
+<span class="w">      </span><span class="nt">server</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;http://my.vault.server:8200&quot;</span>
+<span class="w">      </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;secret&quot;</span>
+<span class="w">      </span><span class="nt">version</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;v2&quot;</span><span class="w">  </span><span class="c1"># CAS only works with KV v2</span>
+<span class="w">      </span><span class="nt">checkAndSet</span><span class="p">:</span>
+<span class="w">        </span><span class="nt">required</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w">  </span><span class="c1"># Enable CAS for all write operations</span>
+<span class="w">      </span><span class="nt">auth</span><span class="p">:</span>
+<span class="w">        </span><span class="c1"># ... authentication config</span>
+</code></pre></div>
+<div class="admonition note">
+<p class="admonition-title">CAS Requirements</p>
+<ul>
+<li>CAS is only supported with Vault KV v2 stores</li>
+<li>When <code>checkAndSet.required</code> is true, all PushSecret operations will include version information</li>
+<li>For new secrets, External Secrets Operator uses CAS version 0</li>
+<li>For existing secrets, it automatically retrieves the current version before updating</li>
+<li>CAS helps prevent conflicts when multiple External Secrets instances manage the same secrets</li>
+</ul>
+</div>
 <h3 id="vault-enterprise">Vault Enterprise</h3>
 <h4 id="eventual-consistency-and-performance-standby-nodes">Eventual Consistency and Performance Standby Nodes</h4>
 <p>When using Vault Enterprise with <a href="https://www.vaultproject.io/docs/enterprise/consistency#performance-standby-nodes">performance standby nodes</a>,

File diff suppressed because it is too large
+ 0 - 0
main/search/search_index.json


Some files were not shown because too many files changed in this diff