Home Esplora Aiuto
Accedi
logic855
/
helm-external-secrets
mirror da https://github.com/external-secrets/external-secrets
1
0
Forka 0
File Problemi 0 Wiki
Sfoglia il codice sorgente

New multiple secrets doc

Sebastian Gomez 4 anni fa
parent
48ac7b991f
commit
7de4343726
3 ha cambiato i file con 90 aggiunte e 0 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 70 0
      docs/guides-multiple-secrets.md
  2. BIN
      docs/pictures/screenshot_akv_secrets.png
  3. 20 0
      docs/snippets/akv-data-from-external-secret.yaml

+ 70 - 0
docs/guides-multiple-secrets.md
Vedi File 

@@ -0,0 +1,70 @@
 
+# Multiple secrets
 
+
 
+In some escenarios, you may have different secrets in your Provider but you don't want to write an ExternalSecret for each of them. In that case, you can create a single ExternalSecret that will fetch many secrets and creates one single `Kind=Secret` with all of them.
 
+
 
+Let's look an example on how to retrieve many different secrets.
 
+
 
+In my Azure Key Vault I have all these secrets
 
+
 
+![azure-key-vault](./pictures/screenshot_akv_secrets.png)
 
+
 
+You cannot see it in the picture but using the Azure CLI tool aI can easily query them and display the name and tags, which is what I'm mostly interested in right now. 
+
 
+```sh
 
+❯ az keyvault secret list --vault-name=cs-akv-test-eso --query '[].{Name:name,Tags:tags}'
 
+```
 
+```json
 
+[
 
+  {
 
+    "Name": "example-2",
 
+    "Tags": {}
 
+  },
 
+  {
 
+    "Name": "example-akv-externalsecret",
 
+    "Tags": {
 
+      "author": "seb",
 
+      "file-encoding": "utf-8"
 
+    }
 
+  },
 
+  {
 
+    "Name": "example-tagged",
 
+    "Tags": {
 
+      "author": "seb",
 
+      "environment": "dev"
 
+    }
 
+  },
 
+  {
 
+    "Name": "json-secret",
 
+    "Tags": {}
 
+  },
 
+  {
 
+    "Name": "tagged-secret",
 
+    "Tags": {
 
+      "author": "seb",
 
+      "environment": "dev"
 
+    }
 
+  }
 
+]
 
+```
 
+
 
+### Creating dataFrom external secret
 
+
 
+Now, when creating our ExternalSecret resource, instead of using the data field, we use the dataFrom field:
 
+
 
+```yaml
 
+{% include 'akv-data-from-external-secret.yaml' %}
 
+```
 
+
 
+To check both values we can run:
 
+
 
+```sh
 
+❯ kubectl get secret getall-secret-test -o jsonpath='{.data}'
 
+```
 
+```json
 
+{
 
+  "example-2": "VGhpcyBpcyBhbm90aGVyIHNlY3JldA==",
 
+  "example-akv-externalsecret": "VGhpcyBpcyBhIHZlcnkgc2VjdXJlIHNlY3JldA==",
 
+  "example-tagged": "VGhpcyBpcyB0aGUgdGFnZ2VkIGV4YW1wbGU=",
 
+  "tagged-secret": "VGhpcyBpcyBhIHRhZ2dlZCBzZWNyZXQ="
 
+}
 
+```

BIN
docs/pictures/screenshot_akv_secrets.png
Vedi File


+ 20 - 0
docs/snippets/akv-data-from-external-secret.yaml
Vedi File 

@@ -0,0 +1,20 @@
 
+apiVersion: external-secrets.io/v1alpha1
 
+kind: ExternalSecret
 
+metadata:
 
+  name: example
 
+spec:
 
+  refreshInterval: 1h           # rate SecretManager pulls Azure Key Vault
 
+  secretStoreRef:
 
+    kind: SecretStore
 
+    name: example               # name of the SecretStore (or kind specified)
 
+  target:
 
+    name: secret-to-be-created  # name of the k8s Secret to be created
 
+    creationPolicy: Owner
 
+  dataFrom:
 
+  - find:
 
+      name:
 
+        regexp: "^example"
 
+  - find:
 
+      tags:
 
+        author: seb
 
+        environment: dev