|
|
@@ -0,0 +1,7953 @@
|
|
|
+
|
|
|
+<!doctype html>
|
|
|
+<html lang="en" class="no-js">
|
|
|
+ <head>
|
|
|
+
|
|
|
+ <meta charset="utf-8">
|
|
|
+ <meta name="viewport" content="width=device-width,initial-scale=1">
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <link rel="icon" href="../assets/images/favicon.png">
|
|
|
+ <meta name="generator" content="mkdocs-1.2.3, mkdocs-material-8.1.10">
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <title>Spec - External Secrets Operator</title>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <link rel="stylesheet" href="../assets/stylesheets/main.d6be258b.min.css">
|
|
|
+
|
|
|
+
|
|
|
+ <link rel="stylesheet" href="../assets/stylesheets/palette.e6a45f82.min.css">
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
|
|
|
+ <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback">
|
|
|
+ <style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <script>__md_scope=new URL("..",location),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <script>function gtag(){dataLayer.push(arguments)}window.dataLayer=window.dataLayer||[],gtag("js",new Date),gtag("config","G-QP38TD8K7V"),document.addEventListener("DOMContentLoaded",function(){document.forms.search&&document.forms.search.query.addEventListener("blur",function(){this.value&>ag("event","search",{search_term:this.value})}),"undefined"!=typeof location$&&location$.subscribe(function(e){gtag("config","G-QP38TD8K7V",{page_path:e.pathname})})})</script>
|
|
|
+ <script async src="https://www.googletagmanager.com/gtag/js?id=G-QP38TD8K7V"></script>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ </head>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <body dir="ltr" data-md-color-scheme="" data-md-color-primary="none" data-md-color-accent="none">
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
|
|
|
+ <input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
|
|
|
+ <label class="md-overlay" for="__drawer"></label>
|
|
|
+ <div data-md-component="skip">
|
|
|
+
|
|
|
+ </div>
|
|
|
+ <div data-md-component="announce">
|
|
|
+
|
|
|
+ </div>
|
|
|
+
|
|
|
+ <div data-md-component="outdated" hidden>
|
|
|
+ <aside class="md-banner md-banner--warning">
|
|
|
+
|
|
|
+ <div class="md-banner__inner md-grid md-typeset">
|
|
|
+
|
|
|
+ You're not viewing the latest version.
|
|
|
+ <a href="../..">
|
|
|
+ <strong>Click here to go to latest.</strong>
|
|
|
+ </a>
|
|
|
+
|
|
|
+ </div>
|
|
|
+ <script>var el=document.querySelector("[data-md-component=outdated]"),outdated=__md_get("__outdated",sessionStorage);!0===outdated&&el&&(el.hidden=!1)</script>
|
|
|
+
|
|
|
+ </aside>
|
|
|
+ </div>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+<header class="md-header" data-md-component="header">
|
|
|
+ <nav class="md-header__inner md-grid" aria-label="Header">
|
|
|
+ <a href=".." title="External Secrets Operator" class="md-header__button md-logo" aria-label="External Secrets Operator" data-md-component="logo">
|
|
|
+
|
|
|
+
|
|
|
+ <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54z"/></svg>
|
|
|
+
|
|
|
+ </a>
|
|
|
+ <label class="md-header__button md-icon" for="__drawer">
|
|
|
+ <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2z"/></svg>
|
|
|
+ </label>
|
|
|
+ <div class="md-header__title" data-md-component="header-title">
|
|
|
+ <div class="md-header__ellipsis">
|
|
|
+ <div class="md-header__topic">
|
|
|
+ <span class="md-ellipsis">
|
|
|
+ External Secrets Operator
|
|
|
+ </span>
|
|
|
+ </div>
|
|
|
+ <div class="md-header__topic" data-md-component="header-topic">
|
|
|
+ <span class="md-ellipsis">
|
|
|
+
|
|
|
+ Spec
|
|
|
+
|
|
|
+ </span>
|
|
|
+ </div>
|
|
|
+ </div>
|
|
|
+ </div>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <label class="md-header__button md-icon" for="__search">
|
|
|
+ <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z"/></svg>
|
|
|
+ </label>
|
|
|
+ <div class="md-search" data-md-component="search" role="dialog">
|
|
|
+ <label class="md-search__overlay" for="__search"></label>
|
|
|
+ <div class="md-search__inner" role="search">
|
|
|
+ <form class="md-search__form" name="search">
|
|
|
+ <input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
|
|
|
+ <label class="md-search__icon md-icon" for="__search">
|
|
|
+ <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z"/></svg>
|
|
|
+ <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg>
|
|
|
+ </label>
|
|
|
+ <nav class="md-search__options" aria-label="Search">
|
|
|
+
|
|
|
+ <button type="reset" class="md-search__icon md-icon" aria-label="Clear" tabindex="-1">
|
|
|
+ <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41z"/></svg>
|
|
|
+ </button>
|
|
|
+ </nav>
|
|
|
+
|
|
|
+ </form>
|
|
|
+ <div class="md-search__output">
|
|
|
+ <div class="md-search__scrollwrap" data-md-scrollfix>
|
|
|
+ <div class="md-search-result" data-md-component="search-result">
|
|
|
+ <div class="md-search-result__meta">
|
|
|
+ Initializing search
|
|
|
+ </div>
|
|
|
+ <ol class="md-search-result__list"></ol>
|
|
|
+ </div>
|
|
|
+ </div>
|
|
|
+ </div>
|
|
|
+ </div>
|
|
|
+</div>
|
|
|
+
|
|
|
+
|
|
|
+ <div class="md-header__source">
|
|
|
+ <a href="https://github.com/external-secrets/external-secrets/" title="Go to repository" class="md-source" data-md-component="source">
|
|
|
+ <div class="md-source__icon md-icon">
|
|
|
+
|
|
|
+ <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z"/></svg>
|
|
|
+ </div>
|
|
|
+ <div class="md-source__repository">
|
|
|
+ External Secrets Operator
|
|
|
+ </div>
|
|
|
+</a>
|
|
|
+ </div>
|
|
|
+
|
|
|
+ </nav>
|
|
|
+
|
|
|
+</header>
|
|
|
+
|
|
|
+ <div class="md-container" data-md-component="container">
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+<nav class="md-tabs" aria-label="Tabs" data-md-component="tabs">
|
|
|
+ <div class="md-tabs__inner md-grid">
|
|
|
+ <ul class="md-tabs__list">
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-tabs__item">
|
|
|
+ <a href=".." class="md-tabs__link">
|
|
|
+ Introduction
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-tabs__item">
|
|
|
+ <a href="../api/components/" class="md-tabs__link">
|
|
|
+ API
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-tabs__item">
|
|
|
+ <a href="../guides/introduction/" class="md-tabs__link">
|
|
|
+ Guides
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-tabs__item">
|
|
|
+ <a href="../provider/aws-secrets-manager/" class="md-tabs__link">
|
|
|
+ Provider
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-tabs__item">
|
|
|
+ <a href="../examples/gitops-using-fluxcd/" class="md-tabs__link">
|
|
|
+ Examples
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-tabs__item">
|
|
|
+ <a href="../contributing/devguide/" class="md-tabs__link">
|
|
|
+ Community
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ </ul>
|
|
|
+ </div>
|
|
|
+</nav>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <main class="md-main" data-md-component="main">
|
|
|
+ <div class="md-main__inner md-grid">
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
|
|
|
+ <div class="md-sidebar__scrollwrap">
|
|
|
+ <div class="md-sidebar__inner">
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+<nav class="md-nav md-nav--primary md-nav--lifted" aria-label="Navigation" data-md-level="0">
|
|
|
+ <label class="md-nav__title" for="__drawer">
|
|
|
+ <a href=".." title="External Secrets Operator" class="md-nav__button md-logo" aria-label="External Secrets Operator" data-md-component="logo">
|
|
|
+
|
|
|
+
|
|
|
+ <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54z"/></svg>
|
|
|
+
|
|
|
+ </a>
|
|
|
+ External Secrets Operator
|
|
|
+ </label>
|
|
|
+
|
|
|
+ <div class="md-nav__source">
|
|
|
+ <a href="https://github.com/external-secrets/external-secrets/" title="Go to repository" class="md-source" data-md-component="source">
|
|
|
+ <div class="md-source__icon md-icon">
|
|
|
+
|
|
|
+ <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z"/></svg>
|
|
|
+ </div>
|
|
|
+ <div class="md-source__repository">
|
|
|
+ External Secrets Operator
|
|
|
+ </div>
|
|
|
+</a>
|
|
|
+ </div>
|
|
|
+
|
|
|
+ <ul class="md-nav__list" data-md-scrollfix>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item md-nav__item--nested">
|
|
|
+
|
|
|
+
|
|
|
+ <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_1" data-md-state="indeterminate" type="checkbox" id="__nav_1" checked>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <div class="md-nav__link md-nav__link--index ">
|
|
|
+ <a href="..">Introduction</a>
|
|
|
+
|
|
|
+ <label for="__nav_1">
|
|
|
+ <span class="md-nav__icon md-icon"></span>
|
|
|
+ </label>
|
|
|
+
|
|
|
+ </div>
|
|
|
+
|
|
|
+ <nav class="md-nav" aria-label="Introduction" data-md-level="1">
|
|
|
+ <label class="md-nav__title" for="__nav_1">
|
|
|
+ <span class="md-nav__icon md-icon"></span>
|
|
|
+ Introduction
|
|
|
+ </label>
|
|
|
+ <ul class="md-nav__list" data-md-scrollfix>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../introduction/overview/" class="md-nav__link">
|
|
|
+ Overview
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../introduction/getting-started/" class="md-nav__link">
|
|
|
+ Getting started
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../introduction/faq/" class="md-nav__link">
|
|
|
+ FAQ
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../introduction/stability-support/" class="md-nav__link">
|
|
|
+ Stability and Support
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../introduction/deprecation-policy/" class="md-nav__link">
|
|
|
+ Deprecation Policy
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ </ul>
|
|
|
+ </nav>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item md-nav__item--nested">
|
|
|
+
|
|
|
+
|
|
|
+ <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_2" data-md-state="indeterminate" type="checkbox" id="__nav_2" checked>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <label class="md-nav__link" for="__nav_2">
|
|
|
+ API
|
|
|
+ <span class="md-nav__icon md-icon"></span>
|
|
|
+ </label>
|
|
|
+
|
|
|
+ <nav class="md-nav" aria-label="API" data-md-level="1">
|
|
|
+ <label class="md-nav__title" for="__nav_2">
|
|
|
+ <span class="md-nav__icon md-icon"></span>
|
|
|
+ API
|
|
|
+ </label>
|
|
|
+ <ul class="md-nav__list" data-md-scrollfix>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../api/components/" class="md-nav__link">
|
|
|
+ Components
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item md-nav__item--nested">
|
|
|
+
|
|
|
+
|
|
|
+ <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_2_2" data-md-state="indeterminate" type="checkbox" id="__nav_2_2" checked>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <label class="md-nav__link" for="__nav_2_2">
|
|
|
+ Core Resources
|
|
|
+ <span class="md-nav__icon md-icon"></span>
|
|
|
+ </label>
|
|
|
+
|
|
|
+ <nav class="md-nav" aria-label="Core Resources" data-md-level="2">
|
|
|
+ <label class="md-nav__title" for="__nav_2_2">
|
|
|
+ <span class="md-nav__icon md-icon"></span>
|
|
|
+ Core Resources
|
|
|
+ </label>
|
|
|
+ <ul class="md-nav__list" data-md-scrollfix>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../api/externalsecret/" class="md-nav__link">
|
|
|
+ ExternalSecret
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../api/secretstore/" class="md-nav__link">
|
|
|
+ SecretStore
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../api/clustersecretstore/" class="md-nav__link">
|
|
|
+ ClusterSecretStore
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../api/clusterexternalsecret/" class="md-nav__link">
|
|
|
+ ClusterExternalSecret
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../api/pushsecret/" class="md-nav__link">
|
|
|
+ PushSecret
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ </ul>
|
|
|
+ </nav>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item md-nav__item--nested">
|
|
|
+
|
|
|
+
|
|
|
+ <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_2_3" data-md-state="indeterminate" type="checkbox" id="__nav_2_3" checked>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <div class="md-nav__link md-nav__link--index ">
|
|
|
+ <a href="../api/generator/">Generators</a>
|
|
|
+
|
|
|
+ <label for="__nav_2_3">
|
|
|
+ <span class="md-nav__icon md-icon"></span>
|
|
|
+ </label>
|
|
|
+
|
|
|
+ </div>
|
|
|
+
|
|
|
+ <nav class="md-nav" aria-label="Generators" data-md-level="2">
|
|
|
+ <label class="md-nav__title" for="__nav_2_3">
|
|
|
+ <span class="md-nav__icon md-icon"></span>
|
|
|
+ Generators
|
|
|
+ </label>
|
|
|
+ <ul class="md-nav__list" data-md-scrollfix>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../api/generator/acr/" class="md-nav__link">
|
|
|
+ Azure Container Registry
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../api/generator/ecr/" class="md-nav__link">
|
|
|
+ AWS Elastic Container Registry
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../api/generator/gcr/" class="md-nav__link">
|
|
|
+ Google Container Registry
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../api/generator/password/" class="md-nav__link">
|
|
|
+ Password
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../api/generator/fake/" class="md-nav__link">
|
|
|
+ Fake
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ </ul>
|
|
|
+ </nav>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item md-nav__item--nested">
|
|
|
+
|
|
|
+
|
|
|
+ <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_2_4" data-md-state="indeterminate" type="checkbox" id="__nav_2_4" checked>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <label class="md-nav__link" for="__nav_2_4">
|
|
|
+ Reference Docs
|
|
|
+ <span class="md-nav__icon md-icon"></span>
|
|
|
+ </label>
|
|
|
+
|
|
|
+ <nav class="md-nav" aria-label="Reference Docs" data-md-level="2">
|
|
|
+ <label class="md-nav__title" for="__nav_2_4">
|
|
|
+ <span class="md-nav__icon md-icon"></span>
|
|
|
+ Reference Docs
|
|
|
+ </label>
|
|
|
+ <ul class="md-nav__list" data-md-scrollfix>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../api/spec/" class="md-nav__link">
|
|
|
+ API specification
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../api/controller-options/" class="md-nav__link">
|
|
|
+ Controller Options
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../api/metrics/" class="md-nav__link">
|
|
|
+ Metrics
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ </ul>
|
|
|
+ </nav>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ </ul>
|
|
|
+ </nav>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item md-nav__item--nested">
|
|
|
+
|
|
|
+
|
|
|
+ <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3" data-md-state="indeterminate" type="checkbox" id="__nav_3" checked>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <label class="md-nav__link" for="__nav_3">
|
|
|
+ Guides
|
|
|
+ <span class="md-nav__icon md-icon"></span>
|
|
|
+ </label>
|
|
|
+
|
|
|
+ <nav class="md-nav" aria-label="Guides" data-md-level="1">
|
|
|
+ <label class="md-nav__title" for="__nav_3">
|
|
|
+ <span class="md-nav__icon md-icon"></span>
|
|
|
+ Guides
|
|
|
+ </label>
|
|
|
+ <ul class="md-nav__list" data-md-scrollfix>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../guides/introduction/" class="md-nav__link">
|
|
|
+ Introduction
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item md-nav__item--nested">
|
|
|
+
|
|
|
+
|
|
|
+ <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3_2" data-md-state="indeterminate" type="checkbox" id="__nav_3_2" checked>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <label class="md-nav__link" for="__nav_3_2">
|
|
|
+ Advanced Templating
|
|
|
+ <span class="md-nav__icon md-icon"></span>
|
|
|
+ </label>
|
|
|
+
|
|
|
+ <nav class="md-nav" aria-label="Advanced Templating" data-md-level="2">
|
|
|
+ <label class="md-nav__title" for="__nav_3_2">
|
|
|
+ <span class="md-nav__icon md-icon"></span>
|
|
|
+ Advanced Templating
|
|
|
+ </label>
|
|
|
+ <ul class="md-nav__list" data-md-scrollfix>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../guides/templating/" class="md-nav__link">
|
|
|
+ v2
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../guides/templating-v1/" class="md-nav__link">
|
|
|
+ v1
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ </ul>
|
|
|
+ </nav>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../guides/generator/" class="md-nav__link">
|
|
|
+ Generators
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../guides/all-keys-one-secret/" class="md-nav__link">
|
|
|
+ All keys, One secret
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../guides/common-k8s-secret-types/" class="md-nav__link">
|
|
|
+ Common K8S Secret Types
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../guides/controller-class/" class="md-nav__link">
|
|
|
+ Controller Classes
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../guides/ownership-deletion-policy/" class="md-nav__link">
|
|
|
+ Lifecycle: ownership & deletion
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../guides/decoding-strategy/" class="md-nav__link">
|
|
|
+ Decoding Strategies
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../guides/getallsecrets/" class="md-nav__link">
|
|
|
+ Getting Multiple Secrets
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../guides/multi-tenancy/" class="md-nav__link">
|
|
|
+ Multi Tenancy
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../guides/datafrom-rewrite/" class="md-nav__link">
|
|
|
+ Rewriting Keys
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../guides/v1beta1/" class="md-nav__link">
|
|
|
+ Upgrading to v1beta1
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../guides/using-latest-image/" class="md-nav__link">
|
|
|
+ Using Latest Image
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ </ul>
|
|
|
+ </nav>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item md-nav__item--nested">
|
|
|
+
|
|
|
+
|
|
|
+ <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_4" data-md-state="indeterminate" type="checkbox" id="__nav_4" checked>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <label class="md-nav__link" for="__nav_4">
|
|
|
+ Provider
|
|
|
+ <span class="md-nav__icon md-icon"></span>
|
|
|
+ </label>
|
|
|
+
|
|
|
+ <nav class="md-nav" aria-label="Provider" data-md-level="1">
|
|
|
+ <label class="md-nav__title" for="__nav_4">
|
|
|
+ <span class="md-nav__icon md-icon"></span>
|
|
|
+ Provider
|
|
|
+ </label>
|
|
|
+ <ul class="md-nav__list" data-md-scrollfix>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../provider/aws-secrets-manager/" class="md-nav__link">
|
|
|
+ AWS Secrets Manager
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../provider/aws-parameter-store/" class="md-nav__link">
|
|
|
+ AWS Parameter Store
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../provider/azure-key-vault/" class="md-nav__link">
|
|
|
+ Azure Key Vault
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../provider/google-secrets-manager/" class="md-nav__link">
|
|
|
+ Google Secret Manager
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../provider/ibm-secrets-manager/" class="md-nav__link">
|
|
|
+ IBM Secrets Manager
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../provider/akeyless/" class="md-nav__link">
|
|
|
+ Akeyless
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../provider/hashicorp-vault/" class="md-nav__link">
|
|
|
+ HashiCorp Vault
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../provider/yandex-certificate-manager/" class="md-nav__link">
|
|
|
+ Yandex Certificate Manager
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../provider/yandex-lockbox/" class="md-nav__link">
|
|
|
+ Yandex Lockbox
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../provider/gitlab-variables/" class="md-nav__link">
|
|
|
+ Gitlab Variables
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../provider/oracle-vault/" class="md-nav__link">
|
|
|
+ Oracle Vault
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../provider/1password-automation/" class="md-nav__link">
|
|
|
+ 1Password Secrets Automation
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../provider/webhook/" class="md-nav__link">
|
|
|
+ Webhook
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../provider/fake/" class="md-nav__link">
|
|
|
+ Fake
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../provider/kubernetes/" class="md-nav__link">
|
|
|
+ Kubernetes
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../provider/senhasegura-dsm/" class="md-nav__link">
|
|
|
+ senhasegura DevOps Secrets Management (DSM)
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../provider/doppler/" class="md-nav__link">
|
|
|
+ Doppler
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ </ul>
|
|
|
+ </nav>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item md-nav__item--nested">
|
|
|
+
|
|
|
+
|
|
|
+ <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_5" data-md-state="indeterminate" type="checkbox" id="__nav_5" checked>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <label class="md-nav__link" for="__nav_5">
|
|
|
+ Examples
|
|
|
+ <span class="md-nav__icon md-icon"></span>
|
|
|
+ </label>
|
|
|
+
|
|
|
+ <nav class="md-nav" aria-label="Examples" data-md-level="1">
|
|
|
+ <label class="md-nav__title" for="__nav_5">
|
|
|
+ <span class="md-nav__icon md-icon"></span>
|
|
|
+ Examples
|
|
|
+ </label>
|
|
|
+ <ul class="md-nav__list" data-md-scrollfix>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../examples/gitops-using-fluxcd/" class="md-nav__link">
|
|
|
+ FluxCD
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../examples/anchore-engine-credentials/" class="md-nav__link">
|
|
|
+ Anchore Engine
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../examples/jenkins-kubernetes-credentials/" class="md-nav__link">
|
|
|
+ Jenkins
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ </ul>
|
|
|
+ </nav>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item md-nav__item--nested">
|
|
|
+
|
|
|
+
|
|
|
+ <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_6" data-md-state="indeterminate" type="checkbox" id="__nav_6" checked>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <label class="md-nav__link" for="__nav_6">
|
|
|
+ Community
|
|
|
+ <span class="md-nav__icon md-icon"></span>
|
|
|
+ </label>
|
|
|
+
|
|
|
+ <nav class="md-nav" aria-label="Community" data-md-level="1">
|
|
|
+ <label class="md-nav__title" for="__nav_6">
|
|
|
+ <span class="md-nav__icon md-icon"></span>
|
|
|
+ Community
|
|
|
+ </label>
|
|
|
+ <ul class="md-nav__list" data-md-scrollfix>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item md-nav__item--nested">
|
|
|
+
|
|
|
+
|
|
|
+ <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_6_1" data-md-state="indeterminate" type="checkbox" id="__nav_6_1" checked>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <label class="md-nav__link" for="__nav_6_1">
|
|
|
+ Contributing
|
|
|
+ <span class="md-nav__icon md-icon"></span>
|
|
|
+ </label>
|
|
|
+
|
|
|
+ <nav class="md-nav" aria-label="Contributing" data-md-level="2">
|
|
|
+ <label class="md-nav__title" for="__nav_6_1">
|
|
|
+ <span class="md-nav__icon md-icon"></span>
|
|
|
+ Contributing
|
|
|
+ </label>
|
|
|
+ <ul class="md-nav__list" data-md-scrollfix>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../contributing/devguide/" class="md-nav__link">
|
|
|
+ Developer guide
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../contributing/process/" class="md-nav__link">
|
|
|
+ Contributing Process
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../contributing/release/" class="md-nav__link">
|
|
|
+ Release Process
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../contributing/coc/" class="md-nav__link">
|
|
|
+ Code of Conduct
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../contributing/roadmap/" class="md-nav__link">
|
|
|
+ Roadmap
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ </ul>
|
|
|
+ </nav>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item md-nav__item--nested">
|
|
|
+
|
|
|
+
|
|
|
+ <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_6_2" data-md-state="indeterminate" type="checkbox" id="__nav_6_2" checked>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <label class="md-nav__link" for="__nav_6_2">
|
|
|
+ External Resources
|
|
|
+ <span class="md-nav__icon md-icon"></span>
|
|
|
+ </label>
|
|
|
+
|
|
|
+ <nav class="md-nav" aria-label="External Resources" data-md-level="2">
|
|
|
+ <label class="md-nav__title" for="__nav_6_2">
|
|
|
+ <span class="md-nav__icon md-icon"></span>
|
|
|
+ External Resources
|
|
|
+ </label>
|
|
|
+ <ul class="md-nav__list" data-md-scrollfix>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../eso-talks/" class="md-nav__link">
|
|
|
+ Talks
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../eso-demos/" class="md-nav__link">
|
|
|
+ Demos
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <li class="md-nav__item">
|
|
|
+ <a href="../eso-blogs/" class="md-nav__link">
|
|
|
+ Blogs
|
|
|
+ </a>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ </ul>
|
|
|
+ </nav>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ </ul>
|
|
|
+ </nav>
|
|
|
+ </li>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ </ul>
|
|
|
+</nav>
|
|
|
+ </div>
|
|
|
+ </div>
|
|
|
+ </div>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ <div class="md-content" data-md-component="content">
|
|
|
+ <article class="md-content__inner md-typeset">
|
|
|
+
|
|
|
+
|
|
|
+<a href="https://github.com/external-secrets/external-secrets/edit/main/docs/spec.md" title="Edit this page" class="md-content__button md-icon">
|
|
|
+ <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20.71 7.04c.39-.39.39-1.04 0-1.41l-2.34-2.34c-.37-.39-1.02-.39-1.41 0l-1.84 1.83 3.75 3.75M3 17.25V21h3.75L17.81 9.93l-3.75-3.75L3 17.25z"/></svg>
|
|
|
+</a>
|
|
|
+
|
|
|
+
|
|
|
+ <h1>Spec</h1>
|
|
|
+
|
|
|
+<p>Packages:</p>
|
|
|
+<ul>
|
|
|
+<li>
|
|
|
+<a href="#external-secrets.io%2fv1beta1">external-secrets.io/v1beta1</a>
|
|
|
+</li>
|
|
|
+</ul>
|
|
|
+<h2 id="external-secrets.io/v1beta1">external-secrets.io/v1beta1</h2>
|
|
|
+<p>
|
|
|
+<p>Package v1beta1 contains resources for external-secrets</p>
|
|
|
+</p>
|
|
|
+<p>Resource Types:</p>
|
|
|
+<ul></ul>
|
|
|
+<h3 id="external-secrets.io/v1beta1.AWSAuth">AWSAuth
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.AWSProvider">AWSProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>AWSAuth tells the controller how to do authentication with aws.
|
|
|
+Only one of secretRef or jwt can be specified.
|
|
|
+if none is specified the controller will load credentials using the aws sdk defaults.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>secretRef</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.AWSAuthSecretRef">
|
|
|
+AWSAuthSecretRef
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>jwt</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.AWSJWTAuth">
|
|
|
+AWSJWTAuth
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.AWSAuthSecretRef">AWSAuthSecretRef
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.AWSAuth">AWSAuth</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>AWSAuthSecretRef holds secret references for AWS credentials
|
|
|
+both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>accessKeyIDSecretRef</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>The AccessKeyID is used for authentication</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>secretAccessKeySecretRef</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>The SecretAccessKey is used for authentication</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>sessionTokenSecretRef</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>The SessionToken used for authentication
|
|
|
+This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
|
|
|
+see: <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html">https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html</a></p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.AWSJWTAuth">AWSJWTAuth
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.AWSAuth">AWSAuth</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>Authenticate against AWS using service account tokens.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>serviceAccountRef</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.ServiceAccountSelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.AWSProvider">AWSProvider
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SecretStoreProvider">SecretStoreProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>AWSProvider configures a store to sync secrets with AWS.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>service</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.AWSServiceType">
|
|
|
+AWSServiceType
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Service defines which service should be used to fetch the secrets</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>auth</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.AWSAuth">
|
|
|
+AWSAuth
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Auth defines the information necessary to authenticate against AWS
|
|
|
+if not set aws sdk will infer credentials from your environment
|
|
|
+see: <a href="https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials">https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials</a></p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>role</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Role is a Role ARN which the SecretManager provider will assume</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>region</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>AWS Region to be used for the provider</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.AWSServiceType">AWSServiceType
|
|
|
+(<code>string</code> alias)</p></h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.AWSProvider">AWSProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>AWSServiceType is a enum that defines the service/API that is used to fetch the secrets.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Value</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody><tr><td><p>"ParameterStore"</p></td>
|
|
|
+<td><p>AWSServiceParameterStore is the AWS SystemsManager ParameterStore.
|
|
|
+see: <a href="https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html">https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html</a></p>
|
|
|
+</td>
|
|
|
+</tr><tr><td><p>"SecretsManager"</p></td>
|
|
|
+<td><p>AWSServiceSecretsManager is the AWS SecretsManager.
|
|
|
+see: <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html">https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html</a></p>
|
|
|
+</td>
|
|
|
+</tr></tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.AkeylessAuth">AkeylessAuth
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.AkeylessProvider">AkeylessProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>secretRef</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.AkeylessAuthSecretRef">
|
|
|
+AkeylessAuthSecretRef
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Reference to a Secret that contains the details
|
|
|
+to authenticate with Akeyless.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>kubernetesAuth</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.AkeylessKubernetesAuth">
|
|
|
+AkeylessKubernetesAuth
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Kubernetes authenticates with Akeyless by passing the ServiceAccount
|
|
|
+token stored in the named Secret resource.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.AkeylessAuthSecretRef">AkeylessAuthSecretRef
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.AkeylessAuth">AkeylessAuth</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>AkeylessAuthSecretRef
|
|
|
+AKEYLESS_ACCESS_TYPE_PARAM: AZURE_OBJ_ID OR GCP_AUDIENCE OR ACCESS_KEY OR KUB_CONFIG_NAME.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>accessID</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>The SecretAccessID is used for authentication</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>accessType</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>accessTypeParam</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.AkeylessKubernetesAuth">AkeylessKubernetesAuth
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.AkeylessAuth">AkeylessAuth</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>Authenticate with Kubernetes ServiceAccount token stored.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>accessID</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>the Akeyless Kubernetes auth-method access-id</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>k8sConfName</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Kubernetes-auth configuration name in Akeyless-Gateway</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>serviceAccountRef</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.ServiceAccountSelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Optional service account field containing the name of a kubernetes ServiceAccount.
|
|
|
+If the service account is specified, the service account secret token JWT will be used
|
|
|
+for authenticating with Akeyless. If the service account selector is not supplied,
|
|
|
+the secretRef will be used instead.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>secretRef</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Optional secret field containing a Kubernetes ServiceAccount JWT used
|
|
|
+for authenticating with Akeyless. If a name is specified without a key,
|
|
|
+<code>token</code> is the default. If one is not specified, the one bound to
|
|
|
+the controller will be used.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.AkeylessProvider">AkeylessProvider
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SecretStoreProvider">SecretStoreProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>AkeylessProvider Configures an store to sync secrets using Akeyless KV.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>akeylessGWApiURL</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Akeyless GW API Url from which the secrets to be fetched from.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>authSecretRef</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.AkeylessAuth">
|
|
|
+AkeylessAuth
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Auth configures how the operator authenticates with Akeyless.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.AlibabaAuth">AlibabaAuth
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.AlibabaProvider">AlibabaProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>AlibabaAuth contains a secretRef for credentials.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>secretRef</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.AlibabaAuthSecretRef">
|
|
|
+AlibabaAuthSecretRef
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.AlibabaAuthSecretRef">AlibabaAuthSecretRef
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.AlibabaAuth">AlibabaAuth</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>AlibabaAuthSecretRef holds secret references for Alibaba credentials.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>accessKeyIDSecretRef</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>The AccessKeyID is used for authentication</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>accessKeySecretSecretRef</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>The AccessKeySecret is used for authentication</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.AlibabaProvider">AlibabaProvider
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SecretStoreProvider">SecretStoreProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>AlibabaProvider configures a store to sync secrets using the Alibaba Secret Manager provider.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>auth</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.AlibabaAuth">
|
|
|
+AlibabaAuth
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>endpoint</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>regionID</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Alibaba Region to be used for the provider</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.AzureAuthType">AzureAuthType
|
|
|
+(<code>string</code> alias)</p></h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.AzureKVProvider">AzureKVProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>AuthType describes how to authenticate to the Azure Keyvault
|
|
|
+Only one of the following auth types may be specified.
|
|
|
+If none of the following auth type is specified, the default one
|
|
|
+is ServicePrincipal.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Value</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody><tr><td><p>"ManagedIdentity"</p></td>
|
|
|
+<td><p>Using Managed Identity to authenticate. Used with aad-pod-identity installed in the cluster.</p>
|
|
|
+</td>
|
|
|
+</tr><tr><td><p>"ServicePrincipal"</p></td>
|
|
|
+<td><p>Using service principal to authenticate, which needs a tenantId, a clientId and a clientSecret.</p>
|
|
|
+</td>
|
|
|
+</tr><tr><td><p>"WorkloadIdentity"</p></td>
|
|
|
+<td><p>Using Workload Identity service accounts to authenticate.</p>
|
|
|
+</td>
|
|
|
+</tr></tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.AzureEnvironmentType">AzureEnvironmentType
|
|
|
+(<code>string</code> alias)</p></h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.AzureKVProvider">AzureKVProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>AzureEnvironmentType specifies the Azure cloud environment endpoints to use for
|
|
|
+connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint.
|
|
|
+The following endpoints are available, also see here: <a href="https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152">https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152</a>
|
|
|
+PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Value</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody><tr><td><p>"ChinaCloud"</p></td>
|
|
|
+<td></td>
|
|
|
+</tr><tr><td><p>"GermanCloud"</p></td>
|
|
|
+<td></td>
|
|
|
+</tr><tr><td><p>"PublicCloud"</p></td>
|
|
|
+<td></td>
|
|
|
+</tr><tr><td><p>"USGovernmentCloud"</p></td>
|
|
|
+<td></td>
|
|
|
+</tr></tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.AzureKVAuth">AzureKVAuth
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.AzureKVProvider">AzureKVProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>Configuration used to authenticate with Azure.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>clientId</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>The Azure clientId of the service principle used for authentication.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>clientSecret</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>The Azure ClientSecret of the service principle used for authentication.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.AzureKVProvider">AzureKVProvider
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SecretStoreProvider">SecretStoreProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>Configures an store to sync secrets using Azure KV.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>authType</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.AzureAuthType">
|
|
|
+AzureAuthType
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Auth type defines how to authenticate to the keyvault service.
|
|
|
+Valid values are:
|
|
|
+- “ServicePrincipal” (default): Using a service principal (tenantId, clientId, clientSecret)
|
|
|
+- “ManagedIdentity”: Using Managed Identity assigned to the pod (see aad-pod-identity)</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>vaultUrl</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Vault Url from which the secrets to be fetched from.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>tenantId</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>TenantID configures the Azure Tenant to send requests to. Required for ServicePrincipal auth type.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>environmentType</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.AzureEnvironmentType">
|
|
|
+AzureEnvironmentType
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>EnvironmentType specifies the Azure cloud environment endpoints to use for
|
|
|
+connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint.
|
|
|
+The following endpoints are available, also see here: <a href="https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152">https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152</a>
|
|
|
+PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>authSecretRef</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.AzureKVAuth">
|
|
|
+AzureKVAuth
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>serviceAccountRef</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.ServiceAccountSelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>ServiceAccountRef specified the service account
|
|
|
+that should be used when authenticating with WorkloadIdentity.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>identityId</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>If multiple Managed Identity is assigned to the pod, you can select the one to be used</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.CAProvider">CAProvider
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.KubernetesServer">KubernetesServer</a>,
|
|
|
+<a href="#external-secrets.io/v1beta1.VaultProvider">VaultProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>Used to provide custom certificate authority (CA) certificates
|
|
|
+for a secret store. The CAProvider points to a Secret or ConfigMap resource
|
|
|
+that contains a PEM-encoded certificate.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>type</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.CAProviderType">
|
|
|
+CAProviderType
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>The type of provider to use such as “Secret”, or “ConfigMap”.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>name</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>The name of the object located at the provider type.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>key</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>The key where the CA certificate can be found in the Secret or ConfigMap.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>namespace</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>The namespace the Provider type is in.
|
|
|
+Can only be defined when used in a ClusterSecretStore.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.CAProviderType">CAProviderType
|
|
|
+(<code>string</code> alias)</p></h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.CAProvider">CAProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Value</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody><tr><td><p>"ConfigMap"</p></td>
|
|
|
+<td></td>
|
|
|
+</tr><tr><td><p>"Secret"</p></td>
|
|
|
+<td></td>
|
|
|
+</tr></tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.CertAuth">CertAuth
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.KubernetesAuth">KubernetesAuth</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>clientCert</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>clientKey</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.ClusterExternalSecret">ClusterExternalSecret
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+<p>ClusterExternalSecret is the Schema for the clusterexternalsecrets API.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>metadata</code></br>
|
|
|
+<em>
|
|
|
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta">
|
|
|
+Kubernetes meta/v1.ObjectMeta
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+Refer to the Kubernetes API documentation for the fields of the
|
|
|
+<code>metadata</code> field.
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>spec</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ClusterExternalSecretSpec">
|
|
|
+ClusterExternalSecretSpec
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<br/>
|
|
|
+<br/>
|
|
|
+<table>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>externalSecretSpec</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretSpec">
|
|
|
+ExternalSecretSpec
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>The spec for the ExternalSecrets to be created</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>externalSecretName</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>The name of the external secrets to be created defaults to the name of the ClusterExternalSecret</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>namespaceSelector</code></br>
|
|
|
+<em>
|
|
|
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#labelselector-v1-meta">
|
|
|
+Kubernetes meta/v1.LabelSelector
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>The labels to select by to find the Namespaces to create the ExternalSecrets in.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>refreshTime</code></br>
|
|
|
+<em>
|
|
|
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#duration-v1-meta">
|
|
|
+Kubernetes meta/v1.Duration
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>The time in which the controller should reconcile it’s objects and recheck namespaces for labels.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</table>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>status</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ClusterExternalSecretStatus">
|
|
|
+ClusterExternalSecretStatus
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.ClusterExternalSecretConditionType">ClusterExternalSecretConditionType
|
|
|
+(<code>string</code> alias)</p></h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ClusterExternalSecretStatusCondition">ClusterExternalSecretStatusCondition</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Value</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody><tr><td><p>"NotReady"</p></td>
|
|
|
+<td></td>
|
|
|
+</tr><tr><td><p>"PartiallyReady"</p></td>
|
|
|
+<td></td>
|
|
|
+</tr><tr><td><p>"Ready"</p></td>
|
|
|
+<td></td>
|
|
|
+</tr></tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.ClusterExternalSecretNamespaceFailure">ClusterExternalSecretNamespaceFailure
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ClusterExternalSecretStatus">ClusterExternalSecretStatus</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>ClusterExternalSecretNamespaceFailure represents a failed namespace deployment and it’s reason.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>namespace</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Namespace is the namespace that failed when trying to apply an ExternalSecret</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>reason</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Reason is why the ExternalSecret failed to apply to the namespace</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.ClusterExternalSecretSpec">ClusterExternalSecretSpec
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ClusterExternalSecret">ClusterExternalSecret</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>ClusterExternalSecretSpec defines the desired state of ClusterExternalSecret.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>externalSecretSpec</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretSpec">
|
|
|
+ExternalSecretSpec
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>The spec for the ExternalSecrets to be created</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>externalSecretName</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>The name of the external secrets to be created defaults to the name of the ClusterExternalSecret</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>namespaceSelector</code></br>
|
|
|
+<em>
|
|
|
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#labelselector-v1-meta">
|
|
|
+Kubernetes meta/v1.LabelSelector
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>The labels to select by to find the Namespaces to create the ExternalSecrets in.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>refreshTime</code></br>
|
|
|
+<em>
|
|
|
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#duration-v1-meta">
|
|
|
+Kubernetes meta/v1.Duration
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>The time in which the controller should reconcile it’s objects and recheck namespaces for labels.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.ClusterExternalSecretStatus">ClusterExternalSecretStatus
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ClusterExternalSecret">ClusterExternalSecret</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>ClusterExternalSecretStatus defines the observed state of ClusterExternalSecret.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>failedNamespaces</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ClusterExternalSecretNamespaceFailure">
|
|
|
+[]ClusterExternalSecretNamespaceFailure
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Failed namespaces are the namespaces that failed to apply an ExternalSecret</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>provisionedNamespaces</code></br>
|
|
|
+<em>
|
|
|
+[]string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>ProvisionedNamespaces are the namespaces where the ClusterExternalSecret has secrets</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>conditions</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ClusterExternalSecretStatusCondition">
|
|
|
+[]ClusterExternalSecretStatusCondition
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.ClusterExternalSecretStatusCondition">ClusterExternalSecretStatusCondition
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ClusterExternalSecretStatus">ClusterExternalSecretStatus</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>type</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ClusterExternalSecretConditionType">
|
|
|
+ClusterExternalSecretConditionType
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>status</code></br>
|
|
|
+<em>
|
|
|
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#conditionstatus-v1-core">
|
|
|
+Kubernetes core/v1.ConditionStatus
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>message</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.ClusterSecretStore">ClusterSecretStore
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+<p>ClusterSecretStore represents a secure external location for storing secrets, which can be referenced as part of <code>storeRef</code> fields.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>metadata</code></br>
|
|
|
+<em>
|
|
|
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta">
|
|
|
+Kubernetes meta/v1.ObjectMeta
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+Refer to the Kubernetes API documentation for the fields of the
|
|
|
+<code>metadata</code> field.
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>spec</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SecretStoreSpec">
|
|
|
+SecretStoreSpec
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<br/>
|
|
|
+<br/>
|
|
|
+<table>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>controller</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Used to select the correct KES controller (think: ingress.ingressClassName)
|
|
|
+The KES controller is instantiated with a specific controller name and filters ES based on this property</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>provider</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SecretStoreProvider">
|
|
|
+SecretStoreProvider
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Used to configure the provider. Only one provider may be set</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>retrySettings</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SecretStoreRetrySettings">
|
|
|
+SecretStoreRetrySettings
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Used to configure http retries if failed</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>refreshInterval</code></br>
|
|
|
+<em>
|
|
|
+int
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Used to configure store refresh interval in seconds. Empty or 0 will default to the controller config.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>conditions</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ClusterSecretStoreCondition">
|
|
|
+[]ClusterSecretStoreCondition
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Used to constraint a ClusterSecretStore to specific namespaces. Relevant only to ClusterSecretStore</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</table>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>status</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SecretStoreStatus">
|
|
|
+SecretStoreStatus
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.ClusterSecretStoreCondition">ClusterSecretStoreCondition
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SecretStoreSpec">SecretStoreSpec</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in
|
|
|
+for a ClusterSecretStore instance.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>namespaceSelector</code></br>
|
|
|
+<em>
|
|
|
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#labelselector-v1-meta">
|
|
|
+Kubernetes meta/v1.LabelSelector
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Choose namespace using a labelSelector</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>namespaces</code></br>
|
|
|
+<em>
|
|
|
+[]string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Choose namespaces by name</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.DopplerAuth">DopplerAuth
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.DopplerProvider">DopplerProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>secretRef</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.DopplerAuthSecretRef">
|
|
|
+DopplerAuthSecretRef
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.DopplerAuthSecretRef">DopplerAuthSecretRef
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.DopplerAuth">DopplerAuth</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>dopplerToken</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>The DopplerToken is used for authentication.
|
|
|
+See <a href="https://docs.doppler.com/reference/api#authentication">https://docs.doppler.com/reference/api#authentication</a> for auth token types.
|
|
|
+The Key attribute defaults to dopplerToken if not specified.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.DopplerProvider">DopplerProvider
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SecretStoreProvider">SecretStoreProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>DopplerProvider configures a store to sync secrets using the Doppler provider.
|
|
|
+Project and Config are required if not using a Service Token.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>auth</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.DopplerAuth">
|
|
|
+DopplerAuth
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Auth configures how the Operator authenticates with the Doppler API</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>project</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Doppler project (required if not using a Service Token)</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>config</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Doppler config (required if not using a Service Token)</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>nameTransformer</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Environment variable compatible name transforms that change secret names to a different format</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>format</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Format enables the downloading of secrets as a file (string)</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.ExternalSecret">ExternalSecret
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+<p>ExternalSecret is the Schema for the external-secrets API.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>metadata</code></br>
|
|
|
+<em>
|
|
|
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta">
|
|
|
+Kubernetes meta/v1.ObjectMeta
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+Refer to the Kubernetes API documentation for the fields of the
|
|
|
+<code>metadata</code> field.
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>spec</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretSpec">
|
|
|
+ExternalSecretSpec
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<br/>
|
|
|
+<br/>
|
|
|
+<table>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>secretStoreRef</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SecretStoreRef">
|
|
|
+SecretStoreRef
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>target</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretTarget">
|
|
|
+ExternalSecretTarget
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>refreshInterval</code></br>
|
|
|
+<em>
|
|
|
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#duration-v1-meta">
|
|
|
+Kubernetes meta/v1.Duration
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>RefreshInterval is the amount of time before the values are read again from the SecretStore provider
|
|
|
+Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h”
|
|
|
+May be set to zero to fetch and create it once. Defaults to 1h.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>data</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretData">
|
|
|
+[]ExternalSecretData
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Data defines the connection between the Kubernetes Secret keys and the Provider data</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>dataFrom</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretDataFromRemoteRef">
|
|
|
+[]ExternalSecretDataFromRemoteRef
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>DataFrom is used to fetch all properties from a specific Provider data
|
|
|
+If multiple entries are specified, the Secret keys are merged in the specified order</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</table>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>status</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretStatus">
|
|
|
+ExternalSecretStatus
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.ExternalSecretConditionType">ExternalSecretConditionType
|
|
|
+(<code>string</code> alias)</p></h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretStatusCondition">ExternalSecretStatusCondition</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Value</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody><tr><td><p>"Deleted"</p></td>
|
|
|
+<td></td>
|
|
|
+</tr><tr><td><p>"Ready"</p></td>
|
|
|
+<td></td>
|
|
|
+</tr></tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.ExternalSecretConversionStrategy">ExternalSecretConversionStrategy
|
|
|
+(<code>string</code> alias)</p></h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretDataRemoteRef">ExternalSecretDataRemoteRef</a>,
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretFind">ExternalSecretFind</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Value</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody><tr><td><p>"Default"</p></td>
|
|
|
+<td></td>
|
|
|
+</tr><tr><td><p>"Unicode"</p></td>
|
|
|
+<td></td>
|
|
|
+</tr></tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.ExternalSecretCreationPolicy">ExternalSecretCreationPolicy
|
|
|
+(<code>string</code> alias)</p></h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretTarget">ExternalSecretTarget</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>ExternalSecretCreationPolicy defines rules on how to create the resulting Secret.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Value</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody><tr><td><p>"Merge"</p></td>
|
|
|
+<td><p>Merge does not create the Secret, but merges the data fields to the Secret.</p>
|
|
|
+</td>
|
|
|
+</tr><tr><td><p>"None"</p></td>
|
|
|
+<td><p>None does not create a Secret (future use with injector).</p>
|
|
|
+</td>
|
|
|
+</tr><tr><td><p>"Orphan"</p></td>
|
|
|
+<td><p>Orphan creates the Secret and does not set the ownerReference.
|
|
|
+I.e. it will be orphaned after the deletion of the ExternalSecret.</p>
|
|
|
+</td>
|
|
|
+</tr><tr><td><p>"Owner"</p></td>
|
|
|
+<td><p>Owner creates the Secret and sets .metadata.ownerReferences to the ExternalSecret resource.</p>
|
|
|
+</td>
|
|
|
+</tr></tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.ExternalSecretData">ExternalSecretData
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretSpec">ExternalSecretSpec</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.<key>) and the Provider data.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>secretKey</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>SecretKey defines the key in which the controller stores
|
|
|
+the value. This is the key in the Kind=Secret</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>remoteRef</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretDataRemoteRef">
|
|
|
+ExternalSecretDataRemoteRef
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>RemoteRef points to the remote secret and defines
|
|
|
+which secret (version/property/..) to fetch.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>sourceRef</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SourceRef">
|
|
|
+SourceRef
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>SourceRef allows you to override the source
|
|
|
+from which the value will pulled from.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.ExternalSecretDataFromRemoteRef">ExternalSecretDataFromRemoteRef
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretSpec">ExternalSecretSpec</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>extract</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretDataRemoteRef">
|
|
|
+ExternalSecretDataRemoteRef
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Used to extract multiple key/value pairs from one secret
|
|
|
+Note: Extract does not support sourceRef.Generator or sourceRef.GeneratorRef.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>find</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretFind">
|
|
|
+ExternalSecretFind
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Used to find secrets based on tags or regular expressions
|
|
|
+Note: Find does not support sourceRef.Generator or sourceRef.GeneratorRef.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>rewrite</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretRewrite">
|
|
|
+[]ExternalSecretRewrite
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Used to rewrite secret Keys after getting them from the secret Provider
|
|
|
+Multiple Rewrite operations can be provided. They are applied in a layered order (first to last)</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>sourceRef</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SourceRef">
|
|
|
+SourceRef
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>SourceRef points to a store or generator
|
|
|
+which contains secret values ready to use.
|
|
|
+Use this in combination with Extract or Find pull values out of
|
|
|
+a specific SecretStore.
|
|
|
+When sourceRef points to a generator Extract or Find is not supported.
|
|
|
+The generator returns a static map of values</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.ExternalSecretDataRemoteRef">ExternalSecretDataRemoteRef
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretData">ExternalSecretData</a>,
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretDataFromRemoteRef">ExternalSecretDataFromRemoteRef</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>ExternalSecretDataRemoteRef defines Provider data location.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>key</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Key is the key used in the Provider, mandatory</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>metadataPolicy</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretMetadataPolicy">
|
|
|
+ExternalSecretMetadataPolicy
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Policy for fetching tags/labels from provider secrets, possible options are Fetch, None. Defaults to None</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>property</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Used to select a specific property of the Provider value (if a map), if supported</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>version</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Used to select a specific version of the Provider value, if supported</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>conversionStrategy</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretConversionStrategy">
|
|
|
+ExternalSecretConversionStrategy
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Used to define a conversion Strategy</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>decodingStrategy</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretDecodingStrategy">
|
|
|
+ExternalSecretDecodingStrategy
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Used to define a decoding Strategy</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.ExternalSecretDecodingStrategy">ExternalSecretDecodingStrategy
|
|
|
+(<code>string</code> alias)</p></h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretDataRemoteRef">ExternalSecretDataRemoteRef</a>,
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretFind">ExternalSecretFind</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Value</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody><tr><td><p>"Auto"</p></td>
|
|
|
+<td></td>
|
|
|
+</tr><tr><td><p>"Base64"</p></td>
|
|
|
+<td></td>
|
|
|
+</tr><tr><td><p>"Base64URL"</p></td>
|
|
|
+<td></td>
|
|
|
+</tr><tr><td><p>"None"</p></td>
|
|
|
+<td></td>
|
|
|
+</tr></tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.ExternalSecretDeletionPolicy">ExternalSecretDeletionPolicy
|
|
|
+(<code>string</code> alias)</p></h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretTarget">ExternalSecretTarget</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>ExternalSecretDeletionPolicy defines rules on how to delete the resulting Secret.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Value</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody><tr><td><p>"Delete"</p></td>
|
|
|
+<td><p>Delete deletes the secret if all provider secrets are deleted.
|
|
|
+If a secret gets deleted on the provider side and is not accessible
|
|
|
+anymore this is not considered an error and the ExternalSecret
|
|
|
+does not go into SecretSyncedError status.</p>
|
|
|
+</td>
|
|
|
+</tr><tr><td><p>"Merge"</p></td>
|
|
|
+<td><p>Merge removes keys in the secret, but not the secret itself.
|
|
|
+If a secret gets deleted on the provider side and is not accessible
|
|
|
+anymore this is not considered an error and the ExternalSecret
|
|
|
+does not go into SecretSyncedError status.</p>
|
|
|
+</td>
|
|
|
+</tr><tr><td><p>"Retain"</p></td>
|
|
|
+<td><p>Retain will retain the secret if all provider secrets have been deleted.
|
|
|
+If a provider secret does not exist the ExternalSecret gets into the
|
|
|
+SecretSyncedError status.</p>
|
|
|
+</td>
|
|
|
+</tr></tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.ExternalSecretFind">ExternalSecretFind
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretDataFromRemoteRef">ExternalSecretDataFromRemoteRef</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>path</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>A root path to start the find operations.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>name</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.FindName">
|
|
|
+FindName
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Finds secrets based on the name.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>tags</code></br>
|
|
|
+<em>
|
|
|
+map[string]string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Find secrets based on tags.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>conversionStrategy</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretConversionStrategy">
|
|
|
+ExternalSecretConversionStrategy
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Used to define a conversion Strategy</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>decodingStrategy</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretDecodingStrategy">
|
|
|
+ExternalSecretDecodingStrategy
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Used to define a decoding Strategy</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.ExternalSecretMetadataPolicy">ExternalSecretMetadataPolicy
|
|
|
+(<code>string</code> alias)</p></h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretDataRemoteRef">ExternalSecretDataRemoteRef</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Value</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody><tr><td><p>"Fetch"</p></td>
|
|
|
+<td></td>
|
|
|
+</tr><tr><td><p>"None"</p></td>
|
|
|
+<td></td>
|
|
|
+</tr></tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.ExternalSecretRewrite">ExternalSecretRewrite
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretDataFromRemoteRef">ExternalSecretDataFromRemoteRef</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>regexp</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretRewriteRegexp">
|
|
|
+ExternalSecretRewriteRegexp
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Used to rewrite with regular expressions.
|
|
|
+The resulting key will be the output of a regexp.ReplaceAll operation.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.ExternalSecretRewriteRegexp">ExternalSecretRewriteRegexp
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretRewrite">ExternalSecretRewrite</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>source</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Used to define the regular expression of a re.Compiler.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>target</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Used to define the target pattern of a ReplaceAll operation.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.ExternalSecretSpec">ExternalSecretSpec
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ClusterExternalSecretSpec">ClusterExternalSecretSpec</a>,
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecret">ExternalSecret</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>ExternalSecretSpec defines the desired state of ExternalSecret.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>secretStoreRef</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SecretStoreRef">
|
|
|
+SecretStoreRef
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>target</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretTarget">
|
|
|
+ExternalSecretTarget
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>refreshInterval</code></br>
|
|
|
+<em>
|
|
|
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#duration-v1-meta">
|
|
|
+Kubernetes meta/v1.Duration
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>RefreshInterval is the amount of time before the values are read again from the SecretStore provider
|
|
|
+Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h”
|
|
|
+May be set to zero to fetch and create it once. Defaults to 1h.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>data</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretData">
|
|
|
+[]ExternalSecretData
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Data defines the connection between the Kubernetes Secret keys and the Provider data</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>dataFrom</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretDataFromRemoteRef">
|
|
|
+[]ExternalSecretDataFromRemoteRef
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>DataFrom is used to fetch all properties from a specific Provider data
|
|
|
+If multiple entries are specified, the Secret keys are merged in the specified order</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.ExternalSecretStatus">ExternalSecretStatus
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecret">ExternalSecret</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>refreshTime</code></br>
|
|
|
+<em>
|
|
|
+<a href="https://godoc.org/k8s.io/apimachinery/pkg/apis/meta/v1#Time">
|
|
|
+Kubernetes meta/v1.Time
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>refreshTime is the time and date the external secret was fetched and
|
|
|
+the target secret updated</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>syncedResourceVersion</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>SyncedResourceVersion keeps track of the last synced version</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>conditions</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretStatusCondition">
|
|
|
+[]ExternalSecretStatusCondition
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.ExternalSecretStatusCondition">ExternalSecretStatusCondition
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretStatus">ExternalSecretStatus</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>type</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretConditionType">
|
|
|
+ExternalSecretConditionType
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>status</code></br>
|
|
|
+<em>
|
|
|
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#conditionstatus-v1-core">
|
|
|
+Kubernetes core/v1.ConditionStatus
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>reason</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>message</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>lastTransitionTime</code></br>
|
|
|
+<em>
|
|
|
+<a href="https://godoc.org/k8s.io/apimachinery/pkg/apis/meta/v1#Time">
|
|
|
+Kubernetes meta/v1.Time
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.ExternalSecretTarget">ExternalSecretTarget
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretSpec">ExternalSecretSpec</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>ExternalSecretTarget defines the Kubernetes Secret to be created
|
|
|
+There can be only one target per ExternalSecret.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>name</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Name defines the name of the Secret resource to be managed
|
|
|
+This field is immutable
|
|
|
+Defaults to the .metadata.name of the ExternalSecret resource</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>creationPolicy</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretCreationPolicy">
|
|
|
+ExternalSecretCreationPolicy
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>CreationPolicy defines rules on how to create the resulting Secret
|
|
|
+Defaults to ‘Owner’</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>deletionPolicy</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretDeletionPolicy">
|
|
|
+ExternalSecretDeletionPolicy
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>DeletionPolicy defines rules on how to delete the resulting Secret
|
|
|
+Defaults to ‘Retain’</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>template</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretTemplate">
|
|
|
+ExternalSecretTemplate
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Template defines a blueprint for the created Secret resource.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>immutable</code></br>
|
|
|
+<em>
|
|
|
+bool
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Immutable defines if the final secret will be immutable</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.ExternalSecretTemplate">ExternalSecretTemplate
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretTarget">ExternalSecretTarget</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>ExternalSecretTemplate defines a blueprint for the created Secret resource.
|
|
|
+we can not use native corev1.Secret, it will have empty ObjectMeta values: <a href="https://github.com/kubernetes-sigs/controller-tools/issues/448">https://github.com/kubernetes-sigs/controller-tools/issues/448</a></p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>type</code></br>
|
|
|
+<em>
|
|
|
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#secrettype-v1-core">
|
|
|
+Kubernetes core/v1.SecretType
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>engineVersion</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.TemplateEngineVersion">
|
|
|
+TemplateEngineVersion
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>metadata</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretTemplateMetadata">
|
|
|
+ExternalSecretTemplateMetadata
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>data</code></br>
|
|
|
+<em>
|
|
|
+map[string]string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>templateFrom</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.TemplateFrom">
|
|
|
+[]TemplateFrom
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.ExternalSecretTemplateMetadata">ExternalSecretTemplateMetadata
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretTemplate">ExternalSecretTemplate</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>annotations</code></br>
|
|
|
+<em>
|
|
|
+map[string]string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>labels</code></br>
|
|
|
+<em>
|
|
|
+map[string]string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.ExternalSecretValidator">ExternalSecretValidator
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<h3 id="external-secrets.io/v1beta1.FakeProvider">FakeProvider
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SecretStoreProvider">SecretStoreProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>FakeProvider configures a fake provider that returns static values.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>data</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.FakeProviderData">
|
|
|
+[]FakeProviderData
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.FakeProviderData">FakeProviderData
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.FakeProvider">FakeProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>key</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>value</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>valueMap</code></br>
|
|
|
+<em>
|
|
|
+map[string]string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>version</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.FindName">FindName
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretFind">ExternalSecretFind</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>regexp</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Finds secrets base</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.GCPSMAuth">GCPSMAuth
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.GCPSMProvider">GCPSMProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>secretRef</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.GCPSMAuthSecretRef">
|
|
|
+GCPSMAuthSecretRef
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>workloadIdentity</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.GCPWorkloadIdentity">
|
|
|
+GCPWorkloadIdentity
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.GCPSMAuthSecretRef">GCPSMAuthSecretRef
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.GCPSMAuth">GCPSMAuth</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>secretAccessKeySecretRef</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>The SecretAccessKey is used for authentication</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.GCPSMProvider">GCPSMProvider
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SecretStoreProvider">SecretStoreProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>GCPSMProvider Configures a store to sync secrets using the GCP Secret Manager provider.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>auth</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.GCPSMAuth">
|
|
|
+GCPSMAuth
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Auth defines the information necessary to authenticate against GCP</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>projectID</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>ProjectID project where secret is located</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.GCPWorkloadIdentity">GCPWorkloadIdentity
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.GCPSMAuth">GCPSMAuth</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>serviceAccountRef</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.ServiceAccountSelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>clusterLocation</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>clusterName</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>clusterProjectID</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.GeneratorRef">GeneratorRef
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SourceRef">SourceRef</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>GeneratorRef points to a generator custom resource.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>apiVersion</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Specify the apiVersion of the generator resource</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>kind</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Specify the Kind of the resource, e.g. Password, ACRAccessToken etc.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>name</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Specify the name of the generator resource</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.GenericStore">GenericStore
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+<p>GenericStore is a common interface for interacting with ClusterSecretStore
|
|
|
+or a namespaced SecretStore.</p>
|
|
|
+</p>
|
|
|
+<h3 id="external-secrets.io/v1beta1.GenericStoreValidator">GenericStoreValidator
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<h3 id="external-secrets.io/v1beta1.GitlabAuth">GitlabAuth
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.GitlabProvider">GitlabProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>SecretRef</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.GitlabSecretRef">
|
|
|
+GitlabSecretRef
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.GitlabProvider">GitlabProvider
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SecretStoreProvider">SecretStoreProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>Configures a store to sync secrets with a GitLab instance.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>url</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>URL configures the GitLab instance URL. Defaults to <a href="https://gitlab.com/">https://gitlab.com/</a>.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>auth</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.GitlabAuth">
|
|
|
+GitlabAuth
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Auth configures how secret-manager authenticates with a GitLab instance.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>projectID</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>ProjectID specifies a project where secrets are located.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>inheritFromGroups</code></br>
|
|
|
+<em>
|
|
|
+bool
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>InheritFromGroups specifies whether parent groups should be discovered and checked for secrets.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>groupIDs</code></br>
|
|
|
+<em>
|
|
|
+[]string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>GroupIDs specify, which gitlab groups to pull secrets from. Group secrets are read from left to right followed by the project variables.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>environment</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Environment environment_scope of gitlab CI/CD variables (Please see <a href="https://docs.gitlab.com/ee/ci/environments/#create-a-static-environment">https://docs.gitlab.com/ee/ci/environments/#create-a-static-environment</a> on how to create environments)</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.GitlabSecretRef">GitlabSecretRef
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.GitlabAuth">GitlabAuth</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>accessToken</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>AccessToken is used for authentication.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.IBMAuth">IBMAuth
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.IBMProvider">IBMProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>secretRef</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.IBMAuthSecretRef">
|
|
|
+IBMAuthSecretRef
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>containerAuth</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.IBMAuthContainerAuth">
|
|
|
+IBMAuthContainerAuth
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.IBMAuthContainerAuth">IBMAuthContainerAuth
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.IBMAuth">IBMAuth</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>IBM Container-based auth with IAM Trusted Profile.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>profile</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>the IBM Trusted Profile</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>tokenLocation</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Location the token is mounted on the pod</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>iamEndpoint</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.IBMAuthSecretRef">IBMAuthSecretRef
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.IBMAuth">IBMAuth</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>secretApiKeySecretRef</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>The SecretAccessKey is used for authentication</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.IBMProvider">IBMProvider
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SecretStoreProvider">SecretStoreProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>Configures an store to sync secrets using a IBM Cloud Secrets Manager
|
|
|
+backend.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>auth</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.IBMAuth">
|
|
|
+IBMAuth
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Auth configures how secret-manager authenticates with the IBM secrets manager.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>serviceUrl</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>ServiceURL is the Endpoint URL that is specific to the Secrets Manager service instance</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.KubernetesAuth">KubernetesAuth
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.KubernetesProvider">KubernetesProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>cert</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.CertAuth">
|
|
|
+CertAuth
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>has both clientCert and clientKey as secretKeySelector</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>token</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.TokenAuth">
|
|
|
+TokenAuth
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>use static token to authenticate with</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>serviceAccount</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.ServiceAccountSelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>points to a service account that should be used for authentication</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.KubernetesProvider">KubernetesProvider
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SecretStoreProvider">SecretStoreProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>Configures a store to sync secrets with a Kubernetes instance.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>server</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.KubernetesServer">
|
|
|
+KubernetesServer
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>configures the Kubernetes server Address.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>auth</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.KubernetesAuth">
|
|
|
+KubernetesAuth
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Auth configures how secret-manager authenticates with a Kubernetes instance.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>remoteNamespace</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Remote namespace to fetch the secrets from</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.KubernetesServer">KubernetesServer
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.KubernetesProvider">KubernetesProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>url</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>configures the Kubernetes server Address.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>caBundle</code></br>
|
|
|
+<em>
|
|
|
+[]byte
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>CABundle is a base64-encoded CA certificate</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>caProvider</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.CAProvider">
|
|
|
+CAProvider
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>see: <a href="https://external-secrets.io/v0.4.1/spec/#external-secrets.io/v1alpha1.CAProvider">https://external-secrets.io/v0.4.1/spec/#external-secrets.io/v1alpha1.CAProvider</a></p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.NoSecretError">NoSecretError
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+<p>NoSecretError shall be returned when a GetSecret can not find the
|
|
|
+desired secret. This is used for deletionPolicy.</p>
|
|
|
+</p>
|
|
|
+<h3 id="external-secrets.io/v1beta1.OnePasswordAuth">OnePasswordAuth
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.OnePasswordProvider">OnePasswordProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>OnePasswordAuth contains a secretRef for credentials.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>secretRef</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.OnePasswordAuthSecretRef">
|
|
|
+OnePasswordAuthSecretRef
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.OnePasswordAuthSecretRef">OnePasswordAuthSecretRef
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.OnePasswordAuth">OnePasswordAuth</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>OnePasswordAuthSecretRef holds secret references for 1Password credentials.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>connectTokenSecretRef</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>The ConnectToken is used for authentication to a 1Password Connect Server.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.OnePasswordProvider">OnePasswordProvider
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SecretStoreProvider">SecretStoreProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>OnePasswordProvider configures a store to sync secrets using the 1Password Secret Manager provider.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>auth</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.OnePasswordAuth">
|
|
|
+OnePasswordAuth
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Auth defines the information necessary to authenticate against OnePassword Connect Server</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>connectHost</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>ConnectHost defines the OnePassword Connect Server to connect to</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>vaults</code></br>
|
|
|
+<em>
|
|
|
+map[string]int
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Vaults defines which OnePassword vaults to search in which order</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.OracleAuth">OracleAuth
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.OracleProvider">OracleProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>tenancy</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Tenancy is the tenancy OCID where user is located.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>user</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>User is an access OCID specific to the account.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>secretRef</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.OracleSecretRef">
|
|
|
+OracleSecretRef
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>SecretRef to pass through sensitive information.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.OracleProvider">OracleProvider
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SecretStoreProvider">SecretStoreProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>Configures an store to sync secrets using a Oracle Vault
|
|
|
+backend.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>region</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Region is the region where vault is located.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>vault</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Vault is the vault’s OCID of the specific vault where secret is located.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>auth</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.OracleAuth">
|
|
|
+OracleAuth
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Auth configures how secret-manager authenticates with the Oracle Vault.
|
|
|
+If empty, use the instance principal, otherwise the user credentials specified in Auth.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.OracleSecretRef">OracleSecretRef
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.OracleAuth">OracleAuth</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>privatekey</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>PrivateKey is the user’s API Signing Key in PEM format, used for authentication.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>fingerprint</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Fingerprint is the fingerprint of the API private key.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.Provider">Provider
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+<p>Provider is a common interface for interacting with secret backends.</p>
|
|
|
+</p>
|
|
|
+<h3 id="external-secrets.io/v1beta1.SecretStore">SecretStore
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+<p>SecretStore represents a secure external location for storing secrets, which can be referenced as part of <code>storeRef</code> fields.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>metadata</code></br>
|
|
|
+<em>
|
|
|
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta">
|
|
|
+Kubernetes meta/v1.ObjectMeta
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+Refer to the Kubernetes API documentation for the fields of the
|
|
|
+<code>metadata</code> field.
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>spec</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SecretStoreSpec">
|
|
|
+SecretStoreSpec
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<br/>
|
|
|
+<br/>
|
|
|
+<table>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>controller</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Used to select the correct KES controller (think: ingress.ingressClassName)
|
|
|
+The KES controller is instantiated with a specific controller name and filters ES based on this property</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>provider</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SecretStoreProvider">
|
|
|
+SecretStoreProvider
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Used to configure the provider. Only one provider may be set</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>retrySettings</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SecretStoreRetrySettings">
|
|
|
+SecretStoreRetrySettings
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Used to configure http retries if failed</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>refreshInterval</code></br>
|
|
|
+<em>
|
|
|
+int
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Used to configure store refresh interval in seconds. Empty or 0 will default to the controller config.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>conditions</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ClusterSecretStoreCondition">
|
|
|
+[]ClusterSecretStoreCondition
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Used to constraint a ClusterSecretStore to specific namespaces. Relevant only to ClusterSecretStore</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</table>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>status</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SecretStoreStatus">
|
|
|
+SecretStoreStatus
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.SecretStoreConditionType">SecretStoreConditionType
|
|
|
+(<code>string</code> alias)</p></h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SecretStoreStatusCondition">SecretStoreStatusCondition</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Value</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody><tr><td><p>"Ready"</p></td>
|
|
|
+<td></td>
|
|
|
+</tr></tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.SecretStoreProvider">SecretStoreProvider
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SecretStoreSpec">SecretStoreSpec</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>SecretStoreProvider contains the provider-specific configuration.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>aws</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.AWSProvider">
|
|
|
+AWSProvider
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>AWS configures this store to sync secrets using AWS Secret Manager provider</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>azurekv</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.AzureKVProvider">
|
|
|
+AzureKVProvider
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>AzureKV configures this store to sync secrets using Azure Key Vault provider</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>akeyless</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.AkeylessProvider">
|
|
|
+AkeylessProvider
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Akeyless configures this store to sync secrets using Akeyless Vault provider</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>vault</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.VaultProvider">
|
|
|
+VaultProvider
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Vault configures this store to sync secrets using Hashi provider</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>gcpsm</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.GCPSMProvider">
|
|
|
+GCPSMProvider
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>GCPSM configures this store to sync secrets using Google Cloud Platform Secret Manager provider</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>oracle</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.OracleProvider">
|
|
|
+OracleProvider
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Oracle configures this store to sync secrets using Oracle Vault provider</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>ibm</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.IBMProvider">
|
|
|
+IBMProvider
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>IBM configures this store to sync secrets using IBM Cloud provider</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>yandexcertificatemanager</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.YandexCertificateManagerProvider">
|
|
|
+YandexCertificateManagerProvider
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>YandexCertificateManager configures this store to sync secrets using Yandex Certificate Manager provider</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>yandexlockbox</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.YandexLockboxProvider">
|
|
|
+YandexLockboxProvider
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>YandexLockbox configures this store to sync secrets using Yandex Lockbox provider</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>gitlab</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.GitlabProvider">
|
|
|
+GitlabProvider
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Gitlab configures this store to sync secrets using Gitlab Variables provider</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>alibaba</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.AlibabaProvider">
|
|
|
+AlibabaProvider
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Alibaba configures this store to sync secrets using Alibaba Cloud provider</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>onepassword</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.OnePasswordProvider">
|
|
|
+OnePasswordProvider
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>OnePassword configures this store to sync secrets using the 1Password Cloud provider</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>webhook</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.WebhookProvider">
|
|
|
+WebhookProvider
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Webhook configures this store to sync secrets using a generic templated webhook</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>kubernetes</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.KubernetesProvider">
|
|
|
+KubernetesProvider
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Kubernetes configures this store to sync secrets using a Kubernetes cluster provider</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>fake</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.FakeProvider">
|
|
|
+FakeProvider
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Fake configures a store with static key/value pairs</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>senhasegura</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SenhaseguraProvider">
|
|
|
+SenhaseguraProvider
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Senhasegura configures this store to sync secrets using senhasegura provider</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>doppler</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.DopplerProvider">
|
|
|
+DopplerProvider
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Doppler configures this store to sync secrets using the Doppler provider</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.SecretStoreRef">SecretStoreRef
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretSpec">ExternalSecretSpec</a>,
|
|
|
+<a href="#external-secrets.io/v1beta1.SourceRef">SourceRef</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>name</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Name of the SecretStore resource</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>kind</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
|
|
|
+Defaults to <code>SecretStore</code></p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.SecretStoreRetrySettings">SecretStoreRetrySettings
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SecretStoreSpec">SecretStoreSpec</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>maxRetries</code></br>
|
|
|
+<em>
|
|
|
+int32
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>retryInterval</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.SecretStoreSpec">SecretStoreSpec
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ClusterSecretStore">ClusterSecretStore</a>,
|
|
|
+<a href="#external-secrets.io/v1beta1.SecretStore">SecretStore</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>SecretStoreSpec defines the desired state of SecretStore.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>controller</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Used to select the correct KES controller (think: ingress.ingressClassName)
|
|
|
+The KES controller is instantiated with a specific controller name and filters ES based on this property</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>provider</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SecretStoreProvider">
|
|
|
+SecretStoreProvider
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Used to configure the provider. Only one provider may be set</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>retrySettings</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SecretStoreRetrySettings">
|
|
|
+SecretStoreRetrySettings
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Used to configure http retries if failed</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>refreshInterval</code></br>
|
|
|
+<em>
|
|
|
+int
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Used to configure store refresh interval in seconds. Empty or 0 will default to the controller config.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>conditions</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ClusterSecretStoreCondition">
|
|
|
+[]ClusterSecretStoreCondition
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Used to constraint a ClusterSecretStore to specific namespaces. Relevant only to ClusterSecretStore</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.SecretStoreStatus">SecretStoreStatus
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ClusterSecretStore">ClusterSecretStore</a>,
|
|
|
+<a href="#external-secrets.io/v1beta1.SecretStore">SecretStore</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>SecretStoreStatus defines the observed state of the SecretStore.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>conditions</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SecretStoreStatusCondition">
|
|
|
+[]SecretStoreStatusCondition
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.SecretStoreStatusCondition">SecretStoreStatusCondition
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SecretStoreStatus">SecretStoreStatus</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>type</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SecretStoreConditionType">
|
|
|
+SecretStoreConditionType
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>status</code></br>
|
|
|
+<em>
|
|
|
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#conditionstatus-v1-core">
|
|
|
+Kubernetes core/v1.ConditionStatus
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>reason</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>message</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>lastTransitionTime</code></br>
|
|
|
+<em>
|
|
|
+<a href="https://godoc.org/k8s.io/apimachinery/pkg/apis/meta/v1#Time">
|
|
|
+Kubernetes meta/v1.Time
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.SecretsClient">SecretsClient
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+<p>SecretsClient provides access to secrets.</p>
|
|
|
+</p>
|
|
|
+<h3 id="external-secrets.io/v1beta1.SenhaseguraAuth">SenhaseguraAuth
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SenhaseguraProvider">SenhaseguraProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>SenhaseguraAuth tells the controller how to do auth in senhasegura.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>clientId</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>clientSecretSecretRef</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.SenhaseguraModuleType">SenhaseguraModuleType
|
|
|
+(<code>string</code> alias)</p></h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SenhaseguraProvider">SenhaseguraProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>SenhaseguraModuleType enum defines senhasegura target module to fetch secrets</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Value</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody><tr><td><p>"DSM"</p></td>
|
|
|
+<td><pre><code> SenhaseguraModuleDSM is the senhasegura DevOps Secrets Management module
|
|
|
+see: https://senhasegura.com/devops
|
|
|
+</code></pre>
|
|
|
+</td>
|
|
|
+</tr></tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.SenhaseguraProvider">SenhaseguraProvider
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SecretStoreProvider">SecretStoreProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>SenhaseguraProvider setup a store to sync secrets with senhasegura.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>url</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>URL of senhasegura</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>module</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SenhaseguraModuleType">
|
|
|
+SenhaseguraModuleType
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Module defines which senhasegura module should be used to get secrets</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>auth</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SenhaseguraAuth">
|
|
|
+SenhaseguraAuth
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Auth defines parameters to authenticate in senhasegura</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>ignoreSslCertificate</code></br>
|
|
|
+<em>
|
|
|
+bool
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>IgnoreSslCertificate defines if SSL certificate must be ignored</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.SourceRef">SourceRef
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretData">ExternalSecretData</a>,
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretDataFromRemoteRef">ExternalSecretDataFromRemoteRef</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>SourceRef allows you to override the source
|
|
|
+from which the secret will be pulled from.
|
|
|
+You can define at maximum one property.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>storeRef</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SecretStoreRef">
|
|
|
+SecretStoreRef
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>generatorRef</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.GeneratorRef">
|
|
|
+GeneratorRef
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>GeneratorRef points to a generator custom resource in</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.TemplateEngineVersion">TemplateEngineVersion
|
|
|
+(<code>string</code> alias)</p></h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretTemplate">ExternalSecretTemplate</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Value</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody><tr><td><p>"v1"</p></td>
|
|
|
+<td></td>
|
|
|
+</tr><tr><td><p>"v2"</p></td>
|
|
|
+<td></td>
|
|
|
+</tr></tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.TemplateFrom">TemplateFrom
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.ExternalSecretTemplate">ExternalSecretTemplate</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>configMap</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.TemplateRef">
|
|
|
+TemplateRef
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>secret</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.TemplateRef">
|
|
|
+TemplateRef
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>scope</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.TemplateScope">
|
|
|
+TemplateScope
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>target</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.TemplateTarget">
|
|
|
+TemplateTarget
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>literal</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.TemplateRef">TemplateRef
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.TemplateFrom">TemplateFrom</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>name</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>items</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.TemplateRefItem">
|
|
|
+[]TemplateRefItem
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.TemplateRefItem">TemplateRefItem
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.TemplateRef">TemplateRef</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>key</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.TemplateScope">TemplateScope
|
|
|
+(<code>string</code> alias)</p></h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.TemplateFrom">TemplateFrom</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Value</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody><tr><td><p>"KeysAndValues"</p></td>
|
|
|
+<td></td>
|
|
|
+</tr><tr><td><p>"Values"</p></td>
|
|
|
+<td></td>
|
|
|
+</tr></tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.TemplateTarget">TemplateTarget
|
|
|
+(<code>string</code> alias)</p></h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.TemplateFrom">TemplateFrom</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Value</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody><tr><td><p>"Annotations"</p></td>
|
|
|
+<td></td>
|
|
|
+</tr><tr><td><p>"Data"</p></td>
|
|
|
+<td></td>
|
|
|
+</tr><tr><td><p>"Labels"</p></td>
|
|
|
+<td></td>
|
|
|
+</tr><tr><td><p>"StringData"</p></td>
|
|
|
+<td></td>
|
|
|
+</tr></tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.TokenAuth">TokenAuth
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.KubernetesAuth">KubernetesAuth</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>bearerToken</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.ValidationResult">ValidationResult
|
|
|
+(<code>byte</code> alias)</p></h3>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Value</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody><tr><td><p>2</p></td>
|
|
|
+<td><p>Error indicates that there is a misconfiguration.</p>
|
|
|
+</td>
|
|
|
+</tr><tr><td><p>0</p></td>
|
|
|
+<td><p>Ready indicates that the client is confgured correctly
|
|
|
+and can be used.</p>
|
|
|
+</td>
|
|
|
+</tr><tr><td><p>1</p></td>
|
|
|
+<td><p>Unknown indicates that the client can be used
|
|
|
+but information is missing and it can not be validated.</p>
|
|
|
+</td>
|
|
|
+</tr></tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.VaultAppRole">VaultAppRole
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.VaultAuth">VaultAuth</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>VaultAppRole authenticates with Vault using the App Role auth mechanism,
|
|
|
+with the role and secret stored in a Kubernetes Secret resource.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>path</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Path where the App Role authentication backend is mounted
|
|
|
+in Vault, e.g: “approle”</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>roleId</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>RoleID configured in the App Role authentication backend when setting
|
|
|
+up the authentication backend in Vault.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>secretRef</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Reference to a key in a Secret that contains the App Role secret used
|
|
|
+to authenticate with Vault.
|
|
|
+The <code>key</code> field must be specified and denotes which entry within the Secret
|
|
|
+resource is used as the app role secret.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.VaultAuth">VaultAuth
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.VaultProvider">VaultProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>VaultAuth is the configuration used to authenticate with a Vault server.
|
|
|
+Only one of <code>tokenSecretRef</code>, <code>appRole</code>, <code>kubernetes</code>, <code>ldap</code>, <code>jwt</code> or <code>cert</code>
|
|
|
+can be specified.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>tokenSecretRef</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>TokenSecretRef authenticates with Vault by presenting a token.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>appRole</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.VaultAppRole">
|
|
|
+VaultAppRole
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>AppRole authenticates with Vault using the App Role auth mechanism,
|
|
|
+with the role and secret stored in a Kubernetes Secret resource.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>kubernetes</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.VaultKubernetesAuth">
|
|
|
+VaultKubernetesAuth
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Kubernetes authenticates with Vault by passing the ServiceAccount
|
|
|
+token stored in the named Secret resource to the Vault server.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>ldap</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.VaultLdapAuth">
|
|
|
+VaultLdapAuth
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Ldap authenticates with Vault by passing username/password pair using
|
|
|
+the LDAP authentication method</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>jwt</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.VaultJwtAuth">
|
|
|
+VaultJwtAuth
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Jwt authenticates with Vault by passing role and JWT token using the
|
|
|
+JWT/OIDC authentication method</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>cert</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.VaultCertAuth">
|
|
|
+VaultCertAuth
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate
|
|
|
+Cert authentication method</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.VaultCertAuth">VaultCertAuth
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.VaultAuth">VaultAuth</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>VaultJwtAuth authenticates with Vault using the JWT/OIDC authentication
|
|
|
+method, with the role name and token stored in a Kubernetes Secret resource.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>clientCert</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>ClientCert is a certificate to authenticate using the Cert Vault
|
|
|
+authentication method</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>secretRef</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>SecretRef to a key in a Secret resource containing client private key to
|
|
|
+authenticate with Vault using the Cert authentication method</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.VaultJwtAuth">VaultJwtAuth
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.VaultAuth">VaultAuth</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>VaultJwtAuth authenticates with Vault using the JWT/OIDC authentication
|
|
|
+method, with the role name and a token stored in a Kubernetes Secret resource or
|
|
|
+a Kubernetes service account token retrieved via <code>TokenRequest</code>.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>path</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Path where the JWT authentication backend is mounted
|
|
|
+in Vault, e.g: “jwt”</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>role</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Role is a JWT role to authenticate using the JWT/OIDC Vault
|
|
|
+authentication method</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>secretRef</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Optional SecretRef that refers to a key in a Secret resource containing JWT token to
|
|
|
+authenticate with Vault using the JWT/OIDC authentication method.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>kubernetesServiceAccountToken</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.VaultKubernetesServiceAccountTokenAuth">
|
|
|
+VaultKubernetesServiceAccountTokenAuth
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Optional ServiceAccountToken specifies the Kubernetes service account for which to request
|
|
|
+a token for with the <code>TokenRequest</code> API.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.VaultKVStoreVersion">VaultKVStoreVersion
|
|
|
+(<code>string</code> alias)</p></h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.VaultProvider">VaultProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Value</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody><tr><td><p>"v1"</p></td>
|
|
|
+<td></td>
|
|
|
+</tr><tr><td><p>"v2"</p></td>
|
|
|
+<td></td>
|
|
|
+</tr></tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.VaultKubernetesAuth">VaultKubernetesAuth
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.VaultAuth">VaultAuth</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>Authenticate against Vault using a Kubernetes ServiceAccount token stored in
|
|
|
+a Secret.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>mountPath</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Path where the Kubernetes authentication backend is mounted in Vault, e.g:
|
|
|
+“kubernetes”</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>serviceAccountRef</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.ServiceAccountSelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Optional service account field containing the name of a kubernetes ServiceAccount.
|
|
|
+If the service account is specified, the service account secret token JWT will be used
|
|
|
+for authenticating with Vault. If the service account selector is not supplied,
|
|
|
+the secretRef will be used instead.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>secretRef</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Optional secret field containing a Kubernetes ServiceAccount JWT used
|
|
|
+for authenticating with Vault. If a name is specified without a key,
|
|
|
+<code>token</code> is the default. If one is not specified, the one bound to
|
|
|
+the controller will be used.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>role</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>A required field containing the Vault Role to assume. A Role binds a
|
|
|
+Kubernetes ServiceAccount with a set of Vault policies.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.VaultKubernetesServiceAccountTokenAuth">VaultKubernetesServiceAccountTokenAuth
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.VaultJwtAuth">VaultJwtAuth</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>VaultKubernetesServiceAccountTokenAuth authenticates with Vault using a temporary
|
|
|
+Kubernetes service account token retrieved by the <code>TokenRequest</code> API.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>serviceAccountRef</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.ServiceAccountSelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Service account field containing the name of a kubernetes ServiceAccount.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>audiences</code></br>
|
|
|
+<em>
|
|
|
+[]string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Optional audiences field that will be used to request a temporary Kubernetes service
|
|
|
+account token for the service account referenced by <code>serviceAccountRef</code>.
|
|
|
+Defaults to a single audience <code>vault</code> it not specified.
|
|
|
+Deprecated: use serviceAccountRef.Audiences instead</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>expirationSeconds</code></br>
|
|
|
+<em>
|
|
|
+int64
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Optional expiration time in seconds that will be used to request a temporary
|
|
|
+Kubernetes service account token for the service account referenced by
|
|
|
+<code>serviceAccountRef</code>.
|
|
|
+Deprecated: this will be removed in the future.
|
|
|
+Defaults to 10 minutes.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.VaultLdapAuth">VaultLdapAuth
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.VaultAuth">VaultAuth</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>VaultLdapAuth authenticates with Vault using the LDAP authentication method,
|
|
|
+with the username and password stored in a Kubernetes Secret resource.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>path</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Path where the LDAP authentication backend is mounted
|
|
|
+in Vault, e.g: “ldap”</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>username</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Username is a LDAP user name used to authenticate using the LDAP Vault
|
|
|
+authentication method</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>secretRef</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>SecretRef to a key in a Secret resource containing password for the LDAP
|
|
|
+user used to authenticate with Vault using the LDAP authentication
|
|
|
+method</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.VaultProvider">VaultProvider
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SecretStoreProvider">SecretStoreProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>Configures an store to sync secrets using a HashiCorp Vault
|
|
|
+KV backend.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>auth</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.VaultAuth">
|
|
|
+VaultAuth
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Auth configures how secret-manager authenticates with the Vault server.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>server</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Server is the connection address for the Vault server, e.g: “<a href="https://vault.example.com:8200"">https://vault.example.com:8200”</a>.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>path</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Path is the mount path of the Vault KV backend endpoint, e.g:
|
|
|
+“secret”. The v2 KV secret engine version specific “/data” path suffix
|
|
|
+for fetching secrets from Vault is optional and will be appended
|
|
|
+if not present in specified path.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>version</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.VaultKVStoreVersion">
|
|
|
+VaultKVStoreVersion
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Version is the Vault KV secret engine version. This can be either “v1” or
|
|
|
+“v2”. Version defaults to “v2”.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>namespace</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows
|
|
|
+Vault environments to support Secure Multi-tenancy. e.g: “ns1”.
|
|
|
+More about namespaces can be found here <a href="https://www.vaultproject.io/docs/enterprise/namespaces">https://www.vaultproject.io/docs/enterprise/namespaces</a></p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>caBundle</code></br>
|
|
|
+<em>
|
|
|
+[]byte
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>PEM encoded CA bundle used to validate Vault server certificate. Only used
|
|
|
+if the Server URL is using HTTPS protocol. This parameter is ignored for
|
|
|
+plain HTTP protocol connection. If not set the system root certificates
|
|
|
+are used to validate the TLS connection.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>caProvider</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.CAProvider">
|
|
|
+CAProvider
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>The provider for the CA bundle to use to validate Vault server certificate.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>readYourWrites</code></br>
|
|
|
+<em>
|
|
|
+bool
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>ReadYourWrites ensures isolated read-after-write semantics by
|
|
|
+providing discovered cluster replication states in each request.
|
|
|
+More information about eventual consistency in Vault can be found here
|
|
|
+<a href="https://www.vaultproject.io/docs/enterprise/consistency">https://www.vaultproject.io/docs/enterprise/consistency</a></p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>forwardInconsistent</code></br>
|
|
|
+<em>
|
|
|
+bool
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>ForwardInconsistent tells Vault to forward read-after-write requests to the Vault
|
|
|
+leader instead of simply retrying within a loop. This can increase performance if
|
|
|
+the option is enabled serverside.
|
|
|
+<a href="https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header">https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header</a></p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.WebhookCAProvider">WebhookCAProvider
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.WebhookProvider">WebhookProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>Defines a location to fetch the cert for the webhook provider from.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>type</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.WebhookCAProviderType">
|
|
|
+WebhookCAProviderType
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>The type of provider to use such as “Secret”, or “ConfigMap”.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>name</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>The name of the object located at the provider type.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>key</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>The key the value inside of the provider type to use, only used with “Secret” type</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>namespace</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>The namespace the Provider type is in.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.WebhookCAProviderType">WebhookCAProviderType
|
|
|
+(<code>string</code> alias)</p></h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.WebhookCAProvider">WebhookCAProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Value</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody><tr><td><p>"ConfigMap"</p></td>
|
|
|
+<td></td>
|
|
|
+</tr><tr><td><p>"Secret"</p></td>
|
|
|
+<td></td>
|
|
|
+</tr></tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.WebhookProvider">WebhookProvider
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SecretStoreProvider">SecretStoreProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>AkeylessProvider Configures an store to sync secrets using Akeyless KV.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>method</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Webhook Method</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>url</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Webhook url to call</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>headers</code></br>
|
|
|
+<em>
|
|
|
+map[string]string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Headers</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>body</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Body</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>timeout</code></br>
|
|
|
+<em>
|
|
|
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#duration-v1-meta">
|
|
|
+Kubernetes meta/v1.Duration
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Timeout</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>result</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.WebhookResult">
|
|
|
+WebhookResult
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Result formatting</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>secrets</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.WebhookSecret">
|
|
|
+[]WebhookSecret
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Secrets to fill in templates
|
|
|
+These secrets will be passed to the templating function as key value pairs under the given name</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>caBundle</code></br>
|
|
|
+<em>
|
|
|
+[]byte
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>PEM encoded CA bundle used to validate webhook server certificate. Only used
|
|
|
+if the Server URL is using HTTPS protocol. This parameter is ignored for
|
|
|
+plain HTTP protocol connection. If not set the system root certificates
|
|
|
+are used to validate the TLS connection.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>caProvider</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.WebhookCAProvider">
|
|
|
+WebhookCAProvider
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>The provider for the CA bundle to use to validate webhook server certificate.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.WebhookResult">WebhookResult
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.WebhookProvider">WebhookProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>jsonPath</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Json path of return value</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.WebhookSecret">WebhookSecret
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.WebhookProvider">WebhookProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>name</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Name of this secret in templates</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>secretRef</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Secret ref to fill in credentials</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.YandexCertificateManagerAuth">YandexCertificateManagerAuth
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.YandexCertificateManagerProvider">YandexCertificateManagerProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>authorizedKeySecretRef</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>The authorized key used for authentication</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.YandexCertificateManagerCAProvider">YandexCertificateManagerCAProvider
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.YandexCertificateManagerProvider">YandexCertificateManagerProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>certSecretRef</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.YandexCertificateManagerProvider">YandexCertificateManagerProvider
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SecretStoreProvider">SecretStoreProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>YandexCertificateManagerProvider Configures a store to sync secrets using the Yandex Certificate Manager provider.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>apiEndpoint</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Yandex.Cloud API endpoint (e.g. ‘api.cloud.yandex.net:443’)</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>auth</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.YandexCertificateManagerAuth">
|
|
|
+YandexCertificateManagerAuth
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Auth defines the information necessary to authenticate against Yandex Certificate Manager</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>caProvider</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.YandexCertificateManagerCAProvider">
|
|
|
+YandexCertificateManagerCAProvider
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>The provider for the CA bundle to use to validate Yandex.Cloud server certificate.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.YandexLockboxAuth">YandexLockboxAuth
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.YandexLockboxProvider">YandexLockboxProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>authorizedKeySecretRef</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>The authorized key used for authentication</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.YandexLockboxCAProvider">YandexLockboxCAProvider
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.YandexLockboxProvider">YandexLockboxProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>certSecretRef</code></br>
|
|
|
+<em>
|
|
|
+github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<h3 id="external-secrets.io/v1beta1.YandexLockboxProvider">YandexLockboxProvider
|
|
|
+</h3>
|
|
|
+<p>
|
|
|
+(<em>Appears on:</em>
|
|
|
+<a href="#external-secrets.io/v1beta1.SecretStoreProvider">SecretStoreProvider</a>)
|
|
|
+</p>
|
|
|
+<p>
|
|
|
+<p>YandexLockboxProvider Configures a store to sync secrets using the Yandex Lockbox provider.</p>
|
|
|
+</p>
|
|
|
+<table>
|
|
|
+<thead>
|
|
|
+<tr>
|
|
|
+<th>Field</th>
|
|
|
+<th>Description</th>
|
|
|
+</tr>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>apiEndpoint</code></br>
|
|
|
+<em>
|
|
|
+string
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>Yandex.Cloud API endpoint (e.g. ‘api.cloud.yandex.net:443’)</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>auth</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.YandexLockboxAuth">
|
|
|
+YandexLockboxAuth
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<p>Auth defines the information necessary to authenticate against Yandex Lockbox</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+<tr>
|
|
|
+<td>
|
|
|
+<code>caProvider</code></br>
|
|
|
+<em>
|
|
|
+<a href="#external-secrets.io/v1beta1.YandexLockboxCAProvider">
|
|
|
+YandexLockboxCAProvider
|
|
|
+</a>
|
|
|
+</em>
|
|
|
+</td>
|
|
|
+<td>
|
|
|
+<em>(Optional)</em>
|
|
|
+<p>The provider for the CA bundle to use to validate Yandex.Cloud server certificate.</p>
|
|
|
+</td>
|
|
|
+</tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+<hr/>
|
|
|
+<p><em>
|
|
|
+Generated with <code>gen-crd-api-reference-docs</code>.
|
|
|
+</em></p>
|
|
|
+
|
|
|
+
|
|
|
+ </article>
|
|
|
+ </div>
|
|
|
+ </div>
|
|
|
+
|
|
|
+ </main>
|
|
|
+
|
|
|
+ <footer class="md-footer">
|
|
|
+
|
|
|
+ <div class="md-footer-meta md-typeset">
|
|
|
+ <div class="md-footer-meta__inner md-grid">
|
|
|
+ <div class="md-copyright">
|
|
|
+
|
|
|
+ <div class="md-copyright__highlight">
|
|
|
+ © 2022 The external-secrets Authors.<br/>
|
|
|
+© 2022 The Linux Foundation. All rights reserved.<br/><br/>
|
|
|
+The Linux Foundation has registered trademarks and uses trademarks.<br/>
|
|
|
+For a list of trademarks of The Linux Foundation, please see our <a href="https://www.linuxfoundation.org/trademark-usage/">Trademark Usage page</a>.
|
|
|
+
|
|
|
+ </div>
|
|
|
+
|
|
|
+
|
|
|
+ Made with
|
|
|
+ <a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
|
|
|
+ Material for MkDocs
|
|
|
+ </a>
|
|
|
+
|
|
|
+</div>
|
|
|
+
|
|
|
+ </div>
|
|
|
+ </div>
|
|
|
+</footer>
|
|
|
+
|
|
|
+ </div>
|
|
|
+ <div class="md-dialog" data-md-component="dialog">
|
|
|
+ <div class="md-dialog__inner md-typeset"></div>
|
|
|
+ </div>
|
|
|
+ <script id="__config" type="application/json">{"base": "..", "features": ["navigation.tabs", "navigation.indexes", "navigation.expand"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../assets/javascripts/workers/search.092fa1f6.min.js", "version": {"provider": "mike"}}</script>
|
|
|
+
|
|
|
+
|
|
|
+ <script src="../assets/javascripts/bundle.e3b2bf44.min.js"></script>
|
|
|
+
|
|
|
+
|
|
|
+ </body>
|
|
|
+</html>
|
gusfcarvalho