Преглед изворни кода

Deployed cc13d3169 to main with MkDocs 1.6.1 and mike 1.2.0.dev0

Skarlso пре 10 месеци
родитељ
комит
7c156def5e
3 измењених фајлова са 106 додато и 0 уклоњено
  1. 48 0
      main/api/spec/index.html
  2. 58 0
      main/provider/hashicorp-vault/index.html
  3. 0 0
      main/search/search_index.json

+ 48 - 0
main/api/spec/index.html

@@ -13659,6 +13659,38 @@ authenticate with Vault using the Cert authentication method</p>
 </tr>
 </tbody>
 </table>
+<h3 id="external-secrets.io/v1.VaultCheckAndSet">VaultCheckAndSet
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#external-secrets.io/v1.VaultProvider">VaultProvider</a>)
+</p>
+<p>
+<p>VaultCheckAndSet defines the Check-And-Set (CAS) settings for Vault KV v2 PushSecret operations.</p>
+</p>
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>required</code></br>
+<em>
+bool
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Required when true, all write operations must include a check-and-set parameter.
+This helps prevent unintentional overwrites of secrets.</p>
+</td>
+</tr>
+</tbody>
+</table>
 <h3 id="external-secrets.io/v1.VaultClientTLS">VaultClientTLS
 </h3>
 <p>
@@ -14301,6 +14333,22 @@ map[string]string
 <p>Headers to be added in Vault request</p>
 </td>
 </tr>
+<tr>
+<td>
+<code>checkAndSet</code></br>
+<em>
+<a href="#external-secrets.io/v1.VaultCheckAndSet">
+VaultCheckAndSet
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>CheckAndSet defines the Check-And-Set (CAS) settings for PushSecret operations.
+Only applies to Vault KV v2 stores. When enabled, write operations must include
+the current version of the secret to prevent unintentional overwrites.</p>
+</td>
+</tr>
 </tbody>
 </table>
 <h3 id="external-secrets.io/v1.VaultUserPassAuth">VaultUserPassAuth

+ 58 - 0
main/provider/hashicorp-vault/index.html

@@ -2840,6 +2840,21 @@
     </span>
   </a>
   
+    <nav class="md-nav" aria-label="PushSecret">
+      <ul class="md-nav__list">
+        
+          <li class="md-nav__item">
+  <a href="#check-and-set-cas-for-pushsecret" class="md-nav__link">
+    <span class="md-ellipsis">
+      Check-And-Set (CAS) for PushSecret
+    </span>
+  </a>
+  
+</li>
+        
+      </ul>
+    </nav>
+  
 </li>
         
           <li class="md-nav__item">
@@ -4352,6 +4367,21 @@
     </span>
   </a>
   
+    <nav class="md-nav" aria-label="PushSecret">
+      <ul class="md-nav__list">
+        
+          <li class="md-nav__item">
+  <a href="#check-and-set-cas-for-pushsecret" class="md-nav__link">
+    <span class="md-ellipsis">
+      Check-And-Set (CAS) for PushSecret
+    </span>
+  </a>
+  
+</li>
+        
+      </ul>
+    </nav>
+  
 </li>
         
           <li class="md-nav__item">
@@ -5077,6 +5107,34 @@ To use PushSecret, you need to give <code>create</code>, <code>read</code> and <
 <span class="w">          </span><span class="nt">property</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">foo</span>
 </code></pre></div>
 <p>Note that in this example, we are generating two secrets in the target vault with the same structure but using different input formats.</p>
+<h4 id="check-and-set-cas-for-pushsecret">Check-And-Set (CAS) for PushSecret</h4>
+<p>Vault KV v2 supports Check-And-Set operations to prevent unintentional overwrites when multiple clients modify the same secret. When CAS is enabled in your Vault configuration, External Secrets Operator can be configured to include the required version parameter in write operations.</p>
+<p>To enable CAS support, add the <code>checkAndSet</code> configuration to your Vault provider:</p>
+<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1</span>
+<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
+<span class="nt">metadata</span><span class="p">:</span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">vault-backend</span>
+<span class="nt">spec</span><span class="p">:</span>
+<span class="w">  </span><span class="nt">provider</span><span class="p">:</span>
+<span class="w">    </span><span class="nt">vault</span><span class="p">:</span>
+<span class="w">      </span><span class="nt">server</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;http://my.vault.server:8200&quot;</span>
+<span class="w">      </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;secret&quot;</span>
+<span class="w">      </span><span class="nt">version</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;v2&quot;</span><span class="w">  </span><span class="c1"># CAS only works with KV v2</span>
+<span class="w">      </span><span class="nt">checkAndSet</span><span class="p">:</span>
+<span class="w">        </span><span class="nt">required</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w">  </span><span class="c1"># Enable CAS for all write operations</span>
+<span class="w">      </span><span class="nt">auth</span><span class="p">:</span>
+<span class="w">        </span><span class="c1"># ... authentication config</span>
+</code></pre></div>
+<div class="admonition note">
+<p class="admonition-title">CAS Requirements</p>
+<ul>
+<li>CAS is only supported with Vault KV v2 stores</li>
+<li>When <code>checkAndSet.required</code> is true, all PushSecret operations will include version information</li>
+<li>For new secrets, External Secrets Operator uses CAS version 0</li>
+<li>For existing secrets, it automatically retrieves the current version before updating</li>
+<li>CAS helps prevent conflicts when multiple External Secrets instances manage the same secrets</li>
+</ul>
+</div>
 <h3 id="vault-enterprise">Vault Enterprise</h3>
 <h4 id="eventual-consistency-and-performance-standby-nodes">Eventual Consistency and Performance Standby Nodes</h4>
 <p>When using Vault Enterprise with <a href="https://www.vaultproject.io/docs/enterprise/consistency#performance-standby-nodes">performance standby nodes</a>,

Разлика између датотеке није приказан због своје велике величине
+ 0 - 0
main/search/search_index.json


Неке датотеке нису приказане због велике количине промена