Sākums Izpētīt Palīdzība
Pierakstīties
logic855
/
helm-external-secrets
spogulis no https://github.com/external-secrets/external-secrets
1
0
Atdalīts 0
Faili Problēmas 0 Vikivietne
Pārlūkot izejas kodu

Deployed 7d3d06242 to main with MkDocs 1.6.1 and mike 1.2.0.dev0

Skarlso 3 mēneši atpakaļ
vecāks
2343f2bf35
revīzija
868237bae8
3 mainītis faili ar 22 papildinājumiem un 861 dzēšanām
Dalītais skats Rādīt salīdzināšanas statistiku
  1. 6 861
      main/guides/templating/index.html
  2. 0 0
      main/search/search_index.json
  3. 16 0
      main/snippets/certsans-template-v2-external-secret.yaml

+ 6 - 861
main/guides/templating/index.html
Parādīt failu 

@@ -84,7 +84,7 @@
 
     <div data-md-component="skip">
 
       
         
-        <a href="#advanced-templating-v2" class="md-skip">
 
+        <a href="#macro-syntax-error" class="md-skip">
 
           Skip to content
 
         </a>
 
       
@@ -2083,24 +2083,6 @@
 
         
       
       
-        <label class="md-nav__link md-nav__link--active" for="__toc">
 
-          
-  
-  
-  <span class="md-ellipsis">
 
-    
-  
-    v2
 
-  
-
 
-    
-  </span>
 
-  
-  
-
 
-          <span class="md-nav__icon md-icon"></span>
 
-        </label>
 
-      
       <a href="./" class="md-nav__link md-nav__link--active">
 
         
   
@@ -2118,169 +2100,6 @@
 
 
       </a>
 
       
-        
-
 
-<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
 
-  
-  
-  
-    
-  
-  
-    <label class="md-nav__title" for="__toc">
 
-      <span class="md-nav__icon md-icon"></span>
 
-      Table of contents
 
-    </label>
 
-    <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
 
-      
-        <li class="md-nav__item">
 
-  <a href="#helm" class="md-nav__link">
 
-    <span class="md-ellipsis">
 
-      
-        Helm
 
-      
-    </span>
 
-  </a>
 
-  
-</li>
 
-      
-        <li class="md-nav__item">
 
-  <a href="#examples" class="md-nav__link">
 
-    <span class="md-ellipsis">
 
-      
-        Examples
 
-      
-    </span>
 
-  </a>
 
-  
-    <nav class="md-nav" aria-label="Examples">
 
-      <ul class="md-nav__list">
 
-        
-          <li class="md-nav__item">
 
-  <a href="#mergepolicy" class="md-nav__link">
 
-    <span class="md-ellipsis">
 
-      
-        MergePolicy
 
-      
-    </span>
 
-  </a>
 
-  
-</li>
 
-        
-          <li class="md-nav__item">
 
-  <a href="#templatefrom" class="md-nav__link">
 
-    <span class="md-ellipsis">
 
-      
-        TemplateFrom
 
-      
-    </span>
 
-  </a>
 
-  
-</li>
 
-        
-          <li class="md-nav__item">
 
-  <a href="#extract-keys-and-certificates-from-pkcs12-archive" class="md-nav__link">
 
-    <span class="md-ellipsis">
 
-      
-        Extract Keys and Certificates from PKCS#12 Archive
 
-      
-    </span>
 
-  </a>
 
-  
-</li>
 
-        
-          <li class="md-nav__item">
 
-  <a href="#extract-from-jwk" class="md-nav__link">
 
-    <span class="md-ellipsis">
 
-      
-        Extract from JWK
 
-      
-    </span>
 
-  </a>
 
-  
-</li>
 
-        
-          <li class="md-nav__item">
 
-  <a href="#filter-pem-blocks" class="md-nav__link">
 
-    <span class="md-ellipsis">
 
-      
-        Filter PEM blocks
 
-      
-    </span>
 
-  </a>
 
-  
-</li>
 
-        
-          <li class="md-nav__item">
 
-  <a href="#rsa-decryption-data-from-provider" class="md-nav__link">
 
-    <span class="md-ellipsis">
 
-      
-        RSA Decryption Data From Provider
 
-      
-    </span>
 
-  </a>
 
-  
-</li>
 
-        
-      </ul>
 
-    </nav>
 
-  
-</li>
 
-      
-        <li class="md-nav__item">
 
-  <a href="#templating-with-pushsecret" class="md-nav__link">
 
-    <span class="md-ellipsis">
 
-      
-        Templating with PushSecret
 
-      
-    </span>
 
-  </a>
 
-  
-</li>
 
-      
-        <li class="md-nav__item">
 
-  <a href="#helper-functions" class="md-nav__link">
 
-    <span class="md-ellipsis">
 
-      
-        Helper functions
 
-      
-    </span>
 
-  </a>
 
-  
-</li>
 
-      
-        <li class="md-nav__item">
 
-  <a href="#migrating-from-v1" class="md-nav__link">
 
-    <span class="md-ellipsis">
 
-      
-        Migrating from v1
 
-      
-    </span>
 
-  </a>
 
-  
-    <nav class="md-nav" aria-label="Migrating from v1">
 
-      <ul class="md-nav__list">
 
-        
-          <li class="md-nav__item">
 
-  <a href="#functions-removedreplaced" class="md-nav__link">
 
-    <span class="md-ellipsis">
 
-      
-        Functions removed/replaced
 
-      
-    </span>
 
-  </a>
 
-  
-</li>
 
-        
-      </ul>
 
-    </nav>
 
-  
-</li>
 
-      
-    </ul>
 
-  
-</nav>
 
-      
     </li>
 
   
 
@@ -4968,158 +4787,6 @@
 
     
   
   
-    <label class="md-nav__title" for="__toc">
 
-      <span class="md-nav__icon md-icon"></span>
 
-      Table of contents
 
-    </label>
 
-    <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
 
-      
-        <li class="md-nav__item">
 
-  <a href="#helm" class="md-nav__link">
 
-    <span class="md-ellipsis">
 
-      
-        Helm
 
-      
-    </span>
 
-  </a>
 
-  
-</li>
 
-      
-        <li class="md-nav__item">
 
-  <a href="#examples" class="md-nav__link">
 
-    <span class="md-ellipsis">
 
-      
-        Examples
 
-      
-    </span>
 
-  </a>
 
-  
-    <nav class="md-nav" aria-label="Examples">
 
-      <ul class="md-nav__list">
 
-        
-          <li class="md-nav__item">
 
-  <a href="#mergepolicy" class="md-nav__link">
 
-    <span class="md-ellipsis">
 
-      
-        MergePolicy
 
-      
-    </span>
 
-  </a>
 
-  
-</li>
 
-        
-          <li class="md-nav__item">
 
-  <a href="#templatefrom" class="md-nav__link">
 
-    <span class="md-ellipsis">
 
-      
-        TemplateFrom
 
-      
-    </span>
 
-  </a>
 
-  
-</li>
 
-        
-          <li class="md-nav__item">
 
-  <a href="#extract-keys-and-certificates-from-pkcs12-archive" class="md-nav__link">
 
-    <span class="md-ellipsis">
 
-      
-        Extract Keys and Certificates from PKCS#12 Archive
 
-      
-    </span>
 
-  </a>
 
-  
-</li>
 
-        
-          <li class="md-nav__item">
 
-  <a href="#extract-from-jwk" class="md-nav__link">
 
-    <span class="md-ellipsis">
 
-      
-        Extract from JWK
 
-      
-    </span>
 
-  </a>
 
-  
-</li>
 
-        
-          <li class="md-nav__item">
 
-  <a href="#filter-pem-blocks" class="md-nav__link">
 
-    <span class="md-ellipsis">
 
-      
-        Filter PEM blocks
 
-      
-    </span>
 
-  </a>
 
-  
-</li>
 
-        
-          <li class="md-nav__item">
 
-  <a href="#rsa-decryption-data-from-provider" class="md-nav__link">
 
-    <span class="md-ellipsis">
 
-      
-        RSA Decryption Data From Provider
 
-      
-    </span>
 
-  </a>
 
-  
-</li>
 
-        
-      </ul>
 
-    </nav>
 
-  
-</li>
 
-      
-        <li class="md-nav__item">
 
-  <a href="#templating-with-pushsecret" class="md-nav__link">
 
-    <span class="md-ellipsis">
 
-      
-        Templating with PushSecret
 
-      
-    </span>
 
-  </a>
 
-  
-</li>
 
-      
-        <li class="md-nav__item">
 
-  <a href="#helper-functions" class="md-nav__link">
 
-    <span class="md-ellipsis">
 
-      
-        Helper functions
 
-      
-    </span>
 
-  </a>
 
-  
-</li>
 
-      
-        <li class="md-nav__item">
 
-  <a href="#migrating-from-v1" class="md-nav__link">
 
-    <span class="md-ellipsis">
 
-      
-        Migrating from v1
 
-      
-    </span>
 
-  </a>
 
-  
-    <nav class="md-nav" aria-label="Migrating from v1">
 
-      <ul class="md-nav__list">
 
-        
-          <li class="md-nav__item">
 
-  <a href="#functions-removedreplaced" class="md-nav__link">
 
-    <span class="md-ellipsis">
 
-      
-        Functions removed/replaced
 
-      
-    </span>
 
-  </a>
 
-  
-</li>
 
-        
-      </ul>
 
-    </nav>
 
-  
-</li>
 
-      
-    </ul>
 
-  
 </nav>
 
                   </div>
 
                 </div>
 
@@ -5138,533 +4805,11 @@
 
   
 
 
-<h1 id="advanced-templating-v2">Advanced Templating v2</h1>
 
-<p>With External Secrets Operator you can transform the data from the external secret provider before it is stored as <code>Kind=Secret</code>. You can do this with the <code>Spec.Target.Template</code>.</p>
 
-<p>Each data value is interpreted as a <a href="https://golang.org/pkg/text/template/">Go template</a>. Please note that referencing a non-existing key in the template will raise an error, instead of being suppressed.</p>
 
-<div class="admonition note">
 
-<p class="admonition-title">Note</p>
 
-<p>Consider using camelcase when defining  <strong>.'spec.data.secretkey'</strong>, example: serviceAccountToken</p>
 
-<p>If your secret keys contain <strong><code>-</code> (dashes)</strong>, you will need to reference them using <strong><code>index</code></strong> </br>
 
-Example: <strong><code>\{\{ index .data "service-account-token" \}\}</code></strong></p>
 
-</div>
 
-<h2 id="helm">Helm</h2>
 
-<p>When installing ExternalSecrets via <code>helm</code>, the template must be escaped so that <code>helm</code> will not try to render it. The most straightforward way to accomplish this would be to use backticks (<a href="https://pkg.go.dev/text/template#hdr-Examples">raw string constants</a>):</p>
 
-<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1</span>
 
-<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
 
-<span class="nt">metadata</span><span class="p">:</span>
 
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">template</span>
 
-<span class="nt">spec</span><span class="p">:</span>
 
-<span class="w">  </span><span class="c1"># ...</span>
 
-<span class="w">  </span><span class="nt">target</span><span class="p">:</span>
 
-<span class="w">    </span><span class="nt">template</span><span class="p">:</span>
 
-<span class="w">      </span><span class="nt">engineVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v2</span>
 
-<span class="w">      </span><span class="nt">data</span><span class="p">:</span>
 
-<span class="w">        </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">admin</span>
 
-<span class="w">        </span><span class="c1"># password: &quot;{{ .mysecret }}&quot;               # If you are using plain manifests or gitops tools</span>
 
-<span class="w">        </span><span class="nt">password</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">`{{</span><span class="nv"> </span><span class="s">.mysecret</span><span class="nv"> </span><span class="s">}}`</span><span class="nv"> </span><span class="s">}}&quot;</span><span class="w">         </span><span class="c1"># If you are using helm</span>
 
-<span class="w">  </span><span class="nt">data</span><span class="p">:</span>
 
-<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">mysecret</span>
 
-<span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span>
 
-<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/credentials</span>
 
-</code></pre></div>
 
-<h2 id="examples">Examples</h2>
 
-<p>You can use templates to inject your secrets into a configuration file that you mount into your pod:</p>
 
-<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1</span>
 
-<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
 
-<span class="nt">metadata</span><span class="p">:</span>
 
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">template</span>
 
-<span class="nt">spec</span><span class="p">:</span>
 
-<span class="w">  </span><span class="c1"># ...</span>
 
-<span class="w">  </span><span class="nt">target</span><span class="p">:</span>
 
-<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret-to-be-created</span>
 
-<span class="w">    </span><span class="c1"># this is how the Kind=Secret will look like</span>
 
-<span class="w">    </span><span class="nt">template</span><span class="p">:</span>
 
-<span class="w">      </span><span class="nt">engineVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v2</span>
 
-<span class="w">      </span><span class="nt">data</span><span class="p">:</span>
 
-<span class="w">        </span><span class="c1"># multiline string</span>
 
-<span class="w">        </span><span class="nt">config</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">|</span>
 
-<span class="w">          </span><span class="no">datasources:</span>
 
-<span class="w">          </span><span class="no">- name: Graphite</span>
 
-<span class="w">            </span><span class="no">type: graphite</span>
 
-<span class="w">            </span><span class="no">access: proxy</span>
 
-<span class="w">            </span><span class="no">url: http://localhost:8080</span>
 
-<span class="w">            </span><span class="no">password: &quot;{{ .password }}&quot;</span>
 
-<span class="w">            </span><span class="no">user: &quot;{{ .user }}&quot;</span>
 
-<span class="w">        </span><span class="c1"># using replace function to rewrite secret</span>
 
-<span class="w">        </span><span class="nt">connection</span><span class="p">:</span><span class="w"> </span><span class="s">&#39;{{</span><span class="nv"> </span><span class="s">.dburl</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">replace</span><span class="nv"> </span><span class="s">&quot;postgres://&quot;</span><span class="nv"> </span><span class="s">&quot;postgresql://&quot;</span><span class="nv"> </span><span class="s">}}&#39;</span>
 
-
 
-<span class="w">  </span><span class="nt">data</span><span class="p">:</span>
 
-<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">user</span>
 
-<span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span>
 
-<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/grafana/user</span>
 
-<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">password</span>
 
-<span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span>
 
-<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/grafana/password</span>
 
-<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">dburl</span>
 
-<span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span>
 
-<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/database/url</span>
 
-</code></pre></div>
 
-<p>Another example with two keys in the same secret:</p>
 
-<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1</span>
 
-<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
 
-<span class="nt">metadata</span><span class="p">:</span>
 
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">template</span>
 
-<span class="nt">spec</span><span class="p">:</span>
 
-<span class="w">  </span><span class="c1"># ...</span>
 
-<span class="w">  </span><span class="nt">target</span><span class="p">:</span>
 
-<span class="w">    </span><span class="nt">template</span><span class="p">:</span>
 
-<span class="w">      </span><span class="nt">engineVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v2</span>
 
-<span class="w">      </span><span class="nt">data</span><span class="p">:</span>
 
-<span class="w">        </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">admin</span>
 
-<span class="w">        </span><span class="nt">password</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">.mysecret</span><span class="nv"> </span><span class="s">}}&quot;</span><span class="w">                   </span><span class="c1"># If you are using plain manifests or gitops tools</span>
 
-<span class="w">        </span><span class="c1"># password: &quot;{{ `{{ .mysecret }}` }}&quot;         # If you are using templated tools like helm</span>
 
-<span class="w">  </span><span class="nt">data</span><span class="p">:</span>
 
-<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">mysecret</span>
 
-<span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span>
 
-<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/credentials</span>
 
-</code></pre></div>
 
-<h3 id="mergepolicy">MergePolicy</h3>
 
-<p>By default, the templating mechanism will not use any information available from the original <code>data</code> and <code>dataFrom</code> queries to the provider, and only keep the templated information. It is possible to change this behavior through the use of the <code>mergePolicy</code> field. <code>mergePolicy</code> currently accepts two values: <code>Replace</code> (the default) and <code>Merge</code>. When using <code>Merge</code>, <code>data</code> and <code>dataFrom</code> keys will also be embedded into the templated secret, having lower priority than the template outcome. See the example for more information:</p>
 
-<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1</span>
 
-<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
 
-<span class="nt">metadata</span><span class="p">:</span>
 
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">template</span>
 
-<span class="nt">spec</span><span class="p">:</span>
 
-<span class="w">  </span><span class="c1"># ...</span>
 
-<span class="w">  </span><span class="nt">target</span><span class="p">:</span>
 
-<span class="w">    </span><span class="nt">template</span><span class="p">:</span>
 
-<span class="w">      </span><span class="nt">mergePolicy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Merge</span>
 
-<span class="w">      </span><span class="nt">engineVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v2</span>
 
-<span class="w">      </span><span class="nt">data</span><span class="p">:</span>
 
-<span class="w">        </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">admin</span>
 
-<span class="w">        </span><span class="nt">password</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">.password</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">b64dec</span><span class="nv"> </span><span class="s">}}&quot;</span><span class="w"> </span><span class="c1"># Overwrites the password from the data call and use this output</span>
 
-<span class="w">  </span><span class="nt">data</span><span class="p">:</span>
 
-<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">password</span>
 
-<span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span>
 
-<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/credentials/password</span>
 
-<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">username</span><span class="w"> </span><span class="c1"># Preserves the username in the templated Secret</span>
 
-<span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span>
 
-<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/credentials/username</span>
 
-</code></pre></div>
 
-<h3 id="templatefrom">TemplateFrom</h3>
 
-<p>You do not have to define your templates inline in an ExternalSecret but you can pull <code>ConfigMaps</code> or other Secrets that contain a template. Consider the following example:</p>
 
-<div class="highlight"><pre><span></span><code><span class="c1"># define your template in a config map</span>
 
-<span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v1</span>
 
-<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ConfigMap</span>
 
-<span class="nt">metadata</span><span class="p">:</span>
 
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">grafana-config-tpl</span>
 
-<span class="nt">data</span><span class="p">:</span>
 
-<span class="w">  </span><span class="nt">config.yaml</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">|</span>
 
-<span class="w">    </span><span class="no">datasources:</span>
 
-<span class="w">      </span><span class="no">- name: Graphite</span>
 
-<span class="w">        </span><span class="no">type: graphite</span>
 
-<span class="w">        </span><span class="no">access: proxy</span>
 
-<span class="w">        </span><span class="no">url: &quot;{{ .uri }}&quot;</span>
 
-<span class="w">        </span><span class="no">password: &quot;{{ .password }}&quot;</span>
 
-<span class="w">        </span><span class="no">user: &quot;{{ .user }}&quot;</span>
 
-<span class="w">  </span><span class="nt">templated</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">|</span>
 
-<span class="w">     </span><span class="no"># key and value templated</span>
 
-<span class="w">     </span><span class="no">my-application-{{ .user}}: {{ .password | b64enc }}</span>
 
-<span class="w">     </span><span class="no"># conditional keys</span>
 
-<span class="w">     </span><span class="no">{{- if hasPrefix &quot;oci://&quot; .uri }}</span>
 
-<span class="w">     </span><span class="no">enableOCI: true</span>
 
-<span class="w">     </span><span class="no">{{- else }}</span>
 
-<span class="w">     </span><span class="no">enableOCI: false</span>
 
-<span class="w">     </span><span class="no">{{- end }}</span>
 
-<span class="w">     </span><span class="no"># Fixed values</span>
 
-<span class="w">     </span><span class="no">application-type: grafana</span>
 
-<span class="w">  </span><span class="nt">annotations</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">|</span>
 
-<span class="w">     </span><span class="no">#dynamic timestamp generation</span>
 
-<span class="w">     </span><span class="no">last-synced-for-user/{{ .user }}: {{ now }}</span>
 
-<span class="nn">---</span>
 
-<span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1</span>
 
-<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
 
-<span class="nt">metadata</span><span class="p">:</span>
 
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-template-example</span>
 
-<span class="nt">spec</span><span class="p">:</span>
 
-<span class="w">  </span><span class="c1"># ...</span>
 
-<span class="w">  </span><span class="nt">target</span><span class="p">:</span>
 
-<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret-to-be-created</span>
 
-<span class="w">    </span><span class="nt">template</span><span class="p">:</span>
 
-<span class="w">      </span><span class="nt">engineVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v2</span>
 
-<span class="w">      </span><span class="nt">templateFrom</span><span class="p">:</span>
 
-<span class="w">      </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">target</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Data</span>
 
-<span class="w">        </span><span class="nt">configMap</span><span class="p">:</span>
 
-<span class="w">          </span><span class="c1"># name of the configmap to pull in</span>
 
-<span class="w">          </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">grafana-config-tpl</span>
 
-<span class="w">          </span><span class="c1"># here you define the keys that should be used as template</span>
 
-<span class="w">          </span><span class="nt">items</span><span class="p">:</span>
 
-<span class="w">          </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">config.yaml</span>
 
-<span class="w">            </span><span class="nt">templateAs</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Values</span>
 
-<span class="w">          </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">templated</span>
 
-<span class="w">            </span><span class="nt">templateAs</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">KeysAndValues</span>
 
-<span class="w">      </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">target</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Annotations</span>
 
-<span class="w">        </span><span class="nt">configMap</span><span class="p">:</span>
 
-<span class="w">          </span><span class="c1"># name of the configmap to pull in</span>
 
-<span class="w">          </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">grafana-config-tpl</span>
 
-<span class="w">          </span><span class="c1"># here you define the keys that should be used as template</span>
 
-<span class="w">          </span><span class="nt">items</span><span class="p">:</span>
 
-<span class="w">          </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">annotations</span>
 
-<span class="w">            </span><span class="nt">templateAs</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">KeysAndValues</span>
 
-<span class="w">  </span><span class="nt">data</span><span class="p">:</span>
 
-<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">user</span>
 
-<span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span>
 
-<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/grafana/user</span>
 
-<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">password</span>
 
-<span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span>
 
-<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/grafana/password</span>
 
-<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">uri</span>
 
-<span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span>
 
-<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/grafana/uri</span>
 
-</code></pre></div>
 
-<p><code>TemplateFrom</code> also gives you the ability to Target your template to the Secret's Annotations, Labels or the Data block. It also allows you to render the templated information as <code>Values</code> or as <code>KeysAndValues</code> through the <code>templateAs</code> configuration:</p>
 
-<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1</span>
 
-<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
 
-<span class="nt">metadata</span><span class="p">:</span>
 
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-template-example</span>
 
-<span class="nt">spec</span><span class="p">:</span>
 
-<span class="w">  </span><span class="c1"># ...</span>
 
-<span class="w">  </span><span class="nt">target</span><span class="p">:</span>
 
-<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret-to-be-created</span>
 
-<span class="w">    </span><span class="nt">template</span><span class="p">:</span>
 
-<span class="w">      </span><span class="nt">engineVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v2</span>
 
-<span class="w">      </span><span class="nt">templateFrom</span><span class="p">:</span>
 
-<span class="w">      </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">target</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Annotations</span>
 
-<span class="w">        </span><span class="nt">literal</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;last-sync-for-user/{{</span><span class="nv"> </span><span class="s">.user</span><span class="nv"> </span><span class="s">}}:</span><span class="nv"> </span><span class="s">{{</span><span class="nv"> </span><span class="s">.now</span><span class="nv"> </span><span class="s">}}&quot;</span>
 
-<span class="w">  </span><span class="nt">data</span><span class="p">:</span>
 
-<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">user</span>
 
-<span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span>
 
-<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/grafana/user</span>
 
-<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">password</span>
 
-<span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span>
 
-<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/grafana/password</span>
 
-</code></pre></div>
 
-<p>Lastly, <code>TemplateFrom</code> also supports adding <code>Literal</code> blocks for quick templating. These <code>Literal</code> blocks differ from <code>Template.Data</code> as they are rendered as a a <code>key:value</code> pair (while the <code>Template.Data</code>, you can only template the value).</p>
 
-<p>See an example, how to produce a <code>htpasswd</code> file that can be used by an ingress-controller (for example: https://kubernetes.github.io/ingress-nginx/examples/auth/basic/) where the contents of the <code>htpasswd</code> file needs to be presented via the <code>auth</code> key. We use the <code>htpasswd</code> function to create a <code>bcrytped</code> hash of the password.</p>
 
-<p>Suppose you have multiple key-value pairs within your provider secret like</p>
 
-<div class="highlight"><pre><span></span><code><span class="p">{</span>
 
-<span class="w">  </span><span class="nt">&quot;user1&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;password1&quot;</span><span class="p">,</span>
 
-<span class="w">  </span><span class="nt">&quot;user2&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;password2&quot;</span><span class="p">,</span>
 
-<span class="w">  </span><span class="err">...</span>
 
-<span class="p">}</span>
 
-</code></pre></div>
 
-<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1</span>
 
-<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
 
-<span class="nt">metadata</span><span class="p">:</span>
 
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-template-example</span>
 
-<span class="nt">spec</span><span class="p">:</span>
 
-<span class="w">  </span><span class="c1"># ...</span>
 
-<span class="w">  </span><span class="nt">target</span><span class="p">:</span>
 
-<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret-to-be-created</span>
 
-<span class="w">    </span><span class="nt">template</span><span class="p">:</span>
 
-<span class="w">      </span><span class="nt">engineVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v2</span>
 
-<span class="w">      </span><span class="nt">templateFrom</span><span class="p">:</span>
 
-<span class="w">      </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">target</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Data</span>
 
-<span class="w">        </span><span class="nt">literal</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">|-</span>
 
-<span class="w">          </span><span class="no">{{- $creds := list }}</span>
 
-<span class="w">          </span><span class="no">{{- range $user, $pw := . }}</span>
 
-<span class="w">            </span><span class="no">{{- $creds = append $creds (printf &quot;%s&quot; (htpasswd $user $pw)) }}</span>
 
-<span class="w">          </span><span class="no">{{- end }}</span>
 
-<span class="w">          </span><span class="no">auth: {{ $creds | join &quot;\n&quot; | quote }}</span>
 
-<span class="w">  </span><span class="nt">dataFrom</span><span class="p">:</span>
 
-<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">extract</span><span class="p">:</span>
 
-<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/ingress-controller/valid-users</span>
 
-</code></pre></div>
 
-<h3 id="extract-keys-and-certificates-from-pkcs12-archive">Extract Keys and Certificates from PKCS#12 Archive</h3>
 
-<p>You can use pre-defined functions to extract data from your secrets. Here: extract keys and certificates from a PKCS#12 archive and store it as PEM.</p>
 
-<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1</span>
 
-<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
 
-<span class="nt">metadata</span><span class="p">:</span>
 
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">template</span>
 
-<span class="nt">spec</span><span class="p">:</span>
 
-<span class="w">  </span><span class="c1"># ...</span>
 
-<span class="w">  </span><span class="nt">target</span><span class="p">:</span>
 
-<span class="w">    </span><span class="nt">template</span><span class="p">:</span>
 
-<span class="w">      </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">kubernetes.io/tls</span>
 
-<span class="w">      </span><span class="nt">engineVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v2</span>
 
-<span class="w">      </span><span class="nt">data</span><span class="p">:</span>
 
-<span class="w">        </span><span class="nt">tls.crt</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">.mysecret</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">pkcs12cert</span><span class="nv"> </span><span class="s">}}&quot;</span>
 
-<span class="w">        </span><span class="nt">tls.key</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">.mysecret</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">pkcs12key</span><span class="nv"> </span><span class="s">}}&quot;</span>
 
-
 
-<span class="w">        </span><span class="c1"># if needed unlock the pkcs12 with the password</span>
 
-<span class="w">        </span><span class="nt">tls.crt</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">.mysecret</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">pkcs12certPass</span><span class="nv"> </span><span class="s">&quot;</span><span class="l l-Scalar l-Scalar-Plain">my-password&quot; }}&quot;</span>
 
-</code></pre></div>
 
-<h3 id="extract-from-jwk">Extract from JWK</h3>
 
-<p>You can extract the public or private key parts of a JWK and use them as <a href="https://pkg.go.dev/crypto/x509#ParsePKCS8PrivateKey">PKCS#8</a> private key or PEM-encoded <a href="https://pkg.go.dev/crypto/x509#MarshalPKIXPublicKey">PKIX</a> public key.</p>
 
-<p>A JWK looks similar to this:</p>
 
-<div class="highlight"><pre><span></span><code><span class="p">{</span>
 
-<span class="w">  </span><span class="nt">&quot;kty&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;RSA&quot;</span><span class="p">,</span>
 
-<span class="w">  </span><span class="nt">&quot;kid&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;cc34c0a0-bd5a-4a3c-a50d-a2a7db7643df&quot;</span><span class="p">,</span>
 
-<span class="w">  </span><span class="nt">&quot;use&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;sig&quot;</span><span class="p">,</span>
 
-<span class="w">  </span><span class="nt">&quot;n&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;pjdss...&quot;</span><span class="p">,</span>
 
-<span class="w">  </span><span class="nt">&quot;e&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;AQAB&quot;</span>
 
-<span class="w">  </span><span class="c1">// ...</span>
 
-<span class="p">}</span>
 
-</code></pre></div>
 
-<p>And what you want may be a PEM-encoded public or private key portion of it. Take a look at this example on how to transform it into the desired format:</p>
 
-<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1</span>
 
-<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
 
-<span class="nt">metadata</span><span class="p">:</span>
 
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">template</span>
 
-<span class="nt">spec</span><span class="p">:</span>
 
-<span class="w">  </span><span class="c1"># ...</span>
 
-<span class="w">  </span><span class="nt">target</span><span class="p">:</span>
 
-<span class="w">    </span><span class="nt">template</span><span class="p">:</span>
 
-<span class="w">      </span><span class="nt">engineVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v2</span>
 
-<span class="w">      </span><span class="nt">data</span><span class="p">:</span>
 
-<span class="w">        </span><span class="c1"># .myjwk is a json-encoded JWK string.</span>
 
-<span class="w">        </span><span class="c1">#</span>
 
-<span class="w">        </span><span class="c1"># this template will produce for jwk_pub a PEM encoded public key:</span>
 
-<span class="w">        </span><span class="c1"># -----BEGIN PUBLIC KEY-----</span>
 
-<span class="w">        </span><span class="c1"># MIIBI...</span>
 
-<span class="w">        </span><span class="c1"># ...</span>
 
-<span class="w">        </span><span class="c1"># ...AQAB</span>
 
-<span class="w">        </span><span class="c1"># -----END PUBLIC KEY-----</span>
 
-<span class="w">        </span><span class="nt">jwk_pub</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">.myjwk</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">jwkPublicKeyPem</span><span class="nv"> </span><span class="s">}}&quot;</span>
 
-<span class="w">        </span><span class="c1"># private key is a pem-encoded PKCS#8 private key</span>
 
-<span class="w">        </span><span class="nt">jwk_priv</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">.myjwk</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">jwkPrivateKeyPem</span><span class="nv"> </span><span class="s">}}&quot;</span>
 
-</code></pre></div>
 
-<h3 id="filter-pem-blocks">Filter PEM blocks</h3>
 
-<p>Consider you have a secret that contains both a certificate and a private key encoded in PEM format and it is your goal to use only the certificate from that secret.</p>
 
-<div class="highlight"><pre><span></span><code>-----BEGIN PRIVATE KEY-----
 
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCvxGZOW4IXvGlh
 
- . . .
 
-m8JCpbJXDfSSVxKHgK1Siw4K6pnTsIA2e/Z+Ha2fvtocERjq7VQMAJFaIZSTKo9Q
 
-JwwY+vj0yxWjyzHUzZB33tg=
 
------END PRIVATE KEY-----
 
------BEGIN CERTIFICATE-----
 
-MIIDMDCCAhigAwIBAgIQabPaXuZCQaCg+eQAVptGGDANBgkqhkiG9w0BAQsFADAV
 
- . . .
 
-NtFUGA95RGN9s+pl6XY0YARPHf5O76ErC1OZtDTR5RdyQfcM+94gYZsexsXl0aQO
 
-9YD3Wg==
 
------END CERTIFICATE-----
 
-</code></pre></div>
 
-<p>You can achieve that by using the <code>filterPEM</code> function to extract a specific type of PEM block from that secret. If multiple blocks of that type (here: <code>CERTIFICATE</code>) exist, all of them are returned in the order specified. To extract a specific type of PEM block, pass the type as a string argument to the filterPEM function. Take a look at this example of how to transform a secret which contains a private key and a certificate into the desired format:</p>
 
-<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1</span>
 
-<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
 
-<span class="nt">metadata</span><span class="p">:</span>
 
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">template</span>
 
-<span class="nt">spec</span><span class="p">:</span>
 
-<span class="w">  </span><span class="c1"># ...</span>
 
-<span class="w">  </span><span class="nt">target</span><span class="p">:</span>
 
-<span class="w">    </span><span class="nt">template</span><span class="p">:</span>
 
-<span class="w">      </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">kubernetes.io/tls</span>
 
-<span class="w">      </span><span class="nt">engineVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v2</span>
 
-<span class="w">      </span><span class="nt">data</span><span class="p">:</span>
 
-<span class="w">        </span><span class="nt">tls.crt</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">.mysecret</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">filterPEM</span><span class="nv"> </span><span class="s">&quot;</span><span class="l l-Scalar l-Scalar-Plain">CERTIFICATE&quot; }}&quot;</span>
 
-<span class="w">        </span><span class="nt">tls.key</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">.mysecret</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">filterPEM</span><span class="nv"> </span><span class="s">&quot;</span><span class="l l-Scalar l-Scalar-Plain">PRIVATE KEY&quot; }}&quot;</span>
 
-</code></pre></div>
 
-<p>In case you have a secret that contains a (partial) certificate chain you can extract the <code>leaf</code>, <code>intermediate</code> or <code>root</code> certificate(s) using the <code>filterCertChain</code> function. See the following example on how to use the <code>filterPEM</code> and <code>filterCertChain</code> functions together to split the certificate chain into a <code>tls.crt</code> part only containing the leaf certificate and a <code>ca.crt</code> part with all the intermediate certificates.</p>
 
-<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1</span>
 
-<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
 
-<span class="nt">metadata</span><span class="p">:</span>
 
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">template</span>
 
-<span class="nt">spec</span><span class="p">:</span>
 
-<span class="w">  </span><span class="c1"># ...</span>
 
-<span class="w">  </span><span class="nt">target</span><span class="p">:</span>
 
-<span class="w">    </span><span class="nt">template</span><span class="p">:</span>
 
-<span class="w">      </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">kubernetes.io/tls</span>
 
-<span class="w">      </span><span class="nt">engineVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v2</span>
 
-<span class="w">      </span><span class="nt">data</span><span class="p">:</span>
 
-<span class="w">        </span><span class="nt">ca.crt</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">.mysecret</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">filterPEM</span><span class="nv"> </span><span class="s">&quot;</span><span class="l l-Scalar l-Scalar-Plain">CERTIFICATE&quot; | filterCertChain &quot;intermediate&quot; }}&quot;</span>
 
-<span class="w">        </span><span class="nt">tls.crt</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">.mysecret</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">filterPEM</span><span class="nv"> </span><span class="s">&quot;</span><span class="l l-Scalar l-Scalar-Plain">CERTIFICATE&quot; | filterCertChain &quot;leaf&quot; }}&quot;</span>
 
-<span class="w">        </span><span class="nt">tls.key</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">.mysecret</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">filterPEM</span><span class="nv"> </span><span class="s">&quot;</span><span class="l l-Scalar l-Scalar-Plain">PRIVATE KEY&quot; }}&quot;</span>
 
-</code></pre></div>
 
-<h3 id="rsa-decryption-data-from-provider">RSA Decryption Data From Provider</h3>
 
-<p>When a provider returns RSA-encrypted values, you can decrypt them directly in the template using the <code>rsaDecrypt</code> functions (engine v2).
 
-<code>rsaDecrypt</code> performs decryption with the private key passed through the pipeline: <code>&lt;privateKeyPEM | rsaDecrypt "&lt;SCHEME&gt;" "&lt;HASH&gt;" &lt;ciphertext&gt; &gt;</code>. <code>SCHEME</code> and <code>HASH</code> are strings (for example, <code>"RSA-OAEP"</code> and <code>"SHA1"</code>). The third argument must be the ciphertext in binary form.</p>
 
-<p>Base64 handling: providers often return ciphertext as Base64. You can either:
 
-- decode in the template with <code>b64dec</code> (for example: <code>(.password_encrypted_base64 | b64dec)</code>), or
 
-- set <code>decodingStrategy: Base64</code> on the corresponding <code>spec.data.remoteRef</code> so the template receives binary data.</p>
 
-<p>Prerequisites
 
-- <code>spec.target.template.engineVersion: v2</code>.
 
-- A valid RSA private key in PEM format without passphrase (from another reference in the same ExternalSecret).
 
-- Ciphertext must match the key pair and the chosen algorithm/hash.</p>
 
-<p>Full example:</p>
 
-<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1</span>
 
-<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
 
-<span class="nt">metadata</span><span class="p">:</span>
 
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">rsa-decrypt-template-v2</span>
 
-<span class="nt">spec</span><span class="p">:</span>
 
-<span class="w">  </span><span class="c1"># ...</span>
 
-<span class="w">  </span><span class="nt">target</span><span class="p">:</span>
 
-<span class="w">    </span><span class="nt">template</span><span class="p">:</span>
 
-<span class="w">      </span><span class="nt">engineVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v2</span>
 
-<span class="w">      </span><span class="nt">data</span><span class="p">:</span>
 
-<span class="w">        </span><span class="c1"># Decrypt a binary ciphertext using a private key stored in a Kubernetes Secret.</span>
 
-<span class="w">        </span><span class="c1"># rsaDecrypt(&quot;SCHEME&quot;, &quot;HASH&quot;, ciphertext, privateKeyPEM) decrypts the ciphertext (binary).</span>
 
-<span class="w">        </span><span class="nt">password</span><span class="p">:</span><span class="w"> </span><span class="s">&#39;{{</span><span class="nv"> </span><span class="s">rsaDecrypt</span><span class="nv"> </span><span class="s">&quot;RSA-OAEP&quot;</span><span class="nv"> </span><span class="s">&quot;SHA1&quot;</span><span class="nv"> </span><span class="s">.password_encrypted_binary</span><span class="nv"> </span><span class="s">.privatekey</span><span class="nv"> </span><span class="s">}}&#39;</span>
 
-<span class="w">  </span><span class="nt">data</span><span class="p">:</span>
 
-<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">privatekey</span>
 
-<span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span>
 
-<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">a-secretname-in-cluster</span>
 
-<span class="w">      </span><span class="nt">property</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">privatekey</span>
 
-<span class="w">    </span><span class="nt">sourceRef</span><span class="p">:</span>
 
-<span class="w">      </span><span class="nt">storeRef</span><span class="p">:</span>
 
-<span class="w">        </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span><span class="w"> </span><span class="c1"># or ClusterSecretStore</span>
 
-<span class="w">        </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">kubernetes</span><span class="w"> </span><span class="c1"># name of the k8s provider</span>
 
-<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">password_encrypted_binary</span>
 
-<span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span>
 
-<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/credentials/password_encrypted_binary</span>
 
-<span class="w">  </span><span class="c1"># If ciphertext is Base64 encoded, either decode in-template (b64dec) or use decodingStrategy: Base64</span>
 
-<span class="w">  </span><span class="c1"># Example (decode here -&gt; template receives binary):</span>
 
-<span class="w">  </span><span class="c1"># - secretKey: password_encrypted_base64</span>
 
-<span class="w">  </span><span class="c1">#   remoteRef:</span>
 
-<span class="w">  </span><span class="c1">#     key: /credentials/password_encrypted_base64</span>
 
-<span class="w">  </span><span class="c1">#     decodingStrategy: Base64</span>
 
-<span class="w">  </span><span class="c1"># ...</span>
 
-</code></pre></div>
 
-<p>Useful variations (included as comments in the example):
 
-- Base64 decode in the template with <code>b64dec</code> or via <code>decodingStrategy: Base64</code> on <code>spec.data</code>.
 
-- Use a private key available in the same ExternalSecret (for example: <code>( .private_key | rsaDecrypt ... )</code>).</p>
 
-<p>Error notes
 
-- Referencing a missing key in the template will fail rendering.
 
-- If key/algorithm/hash do not match the ciphertext, decryption will fail and reconciliation will retry.</p>
 
-<h2 id="templating-with-pushsecret">Templating with PushSecret</h2>
 
-<p><code>PushSecret</code> templating is much like <code>ExternalSecrets</code> templating. In-fact under the hood, it's using the same data structure.
 
-Which means, anything described in the above should be possible with push secret as well resulting in a templated secret
 
-created at the provider.</p>
 
-<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span>
 
-<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">PushSecret</span>
 
-<span class="nt">metadata</span><span class="p">:</span>
 
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">template</span>
 
-<span class="nt">spec</span><span class="p">:</span>
 
-<span class="w">  </span><span class="c1"># ...</span>
 
-<span class="w">  </span><span class="nt">template</span><span class="p">:</span>
 
-<span class="w">    </span><span class="nt">engineVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v2</span>
 
-<span class="w">    </span><span class="nt">data</span><span class="p">:</span>
 
-<span class="w">      </span><span class="nt">token</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">.token</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">toString</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">upper</span><span class="nv"> </span><span class="s">}}</span><span class="nv"> </span><span class="s">was</span><span class="nv"> </span><span class="s">templated&quot;</span>
 
-<span class="w">  </span><span class="nt">data</span><span class="p">:</span>
 
-<span class="w">    </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">match</span><span class="p">:</span>
 
-<span class="w">        </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">token</span>
 
-<span class="w">        </span><span class="nt">remoteRef</span><span class="p">:</span>
 
-<span class="w">          </span><span class="nt">remoteKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">create-secret-name</span>
 
-<span class="w">          </span><span class="nt">property</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">token</span>
 
-</code></pre></div>
 
-<h2 id="helper-functions">Helper functions</h2>
 
-<div class="admonition info inline end">
 
-<p class="admonition-title">Info</p>
 
-<p>Note: we removed <code>env</code> and <code>expandenv</code> from sprig functions for security reasons.</p>
 
-</div>
 
-<p>We provide a couple of convenience functions that help you transform your secrets. This is useful when dealing with PKCS#12 archives or JSON Web Keys (JWK).</p>
 
-<p>In addition to that you can use over 200+ <a href="http://masterminds.github.io/sprig/">sprig functions</a>. If you feel a function is missing or might be valuable feel free to open an issue and submit a <a href="../../contributing/process/#submitting-a-pull-request">pull request</a>.</p>
 
-<p><br/></p>
 
-<table>
 
-<thead>
 
-<tr>
 
-<th>Function</th>
 
-<th>Description</th>
 
-</tr>
 
-</thead>
 
-<tbody>
 
-<tr>
 
-<td>pkcs12key</td>
 
-<td>Extracts all private keys from a PKCS#12 archive and encodes them in <strong>PKCS#8 PEM</strong> format.</td>
 
-</tr>
 
-<tr>
 
-<td>pkcs12keyPass</td>
 
-<td>Same as <code>pkcs12key</code>. Uses the provided password to decrypt the PKCS#12 archive.</td>
 
-</tr>
 
-<tr>
 
-<td>pkcs12cert</td>
 
-<td>Extracts all certificates from a PKCS#12 archive and orders them if possible. If disjunct or multiple leaf certs are provided they are returned as-is. <br/> Sort order: <code>leaf / intermediate(s) / root</code>.</td>
 
-</tr>
 
-<tr>
 
-<td>pkcs12certPass</td>
 
-<td>Same as <code>pkcs12cert</code>. Uses the provided password to decrypt the PKCS#12 archive.</td>
 
-</tr>
 
-<tr>
 
-<td>pemToPkcs12</td>
 
-<td>Takes a PEM encoded certificate and key and creates a base64 encoded PKCS#12 archive.</td>
 
-</tr>
 
-<tr>
 
-<td>pemToPkcs12Pass</td>
 
-<td>Same as <code>pemToPkcs12</code>. Uses the provided password to encrypt the PKCS#12 archive.</td>
 
-</tr>
 
-<tr>
 
-<td>fullPemToPkcs12</td>
 
-<td>Takes a PEM encoded certificates chain and key and creates a base64 encoded PKCS#12 archive.</td>
 
-</tr>
 
-<tr>
 
-<td>fullPemToPkcs12Pass</td>
 
-<td>Same as <code>fullPemToPkcs12</code>. Uses the provided password to encrypt the PKCS#12 archive.</td>
 
-</tr>
 
-<tr>
 
-<td>pemTruststoreToPKCS12</td>
 
-<td>Takes a PEM encoded certificates and creates a base64 encoded PKCS#12 archive.</td>
 
-</tr>
 
-<tr>
 
-<td>pemTruststoreToPKCS12Pass</td>
 
-<td>Same as <code>pemTruststoreToPKCS12</code>. Uses the provided password to encrypt the PKCS#12 archive.</td>
 
-</tr>
 
-<tr>
 
-<td>filterPEM</td>
 
-<td>Filters PEM blocks with a specific type from a list of PEM blocks.</td>
 
-</tr>
 
-<tr>
 
-<td>filterCertChain</td>
 
-<td>Filters PEM block(s) with a specific certificate type (<code>leaf</code>, <code>intermediate</code> or <code>root</code>)  from a certificate chain of PEM blocks (PEM blocks with type <code>CERTIFICATE</code>).</td>
 
-</tr>
 
-<tr>
 
-<td>jwkPublicKeyPem</td>
 
-<td>Takes an json-serialized JWK and returns an PEM block of type <code>PUBLIC KEY</code> that contains the public key. <a href="https://golang.org/pkg/crypto/x509/#MarshalPKIXPublicKey">See here</a> for details.</td>
 
-</tr>
 
-<tr>
 
-<td>jwkPrivateKeyPem</td>
 
-<td>Takes an json-serialized JWK as <code>string</code> and returns an PEM block of type <code>PRIVATE KEY</code> that contains the private key in PKCS #8 format. <a href="https://golang.org/pkg/crypto/x509/#MarshalPKCS8PrivateKey">See here</a> for details.</td>
 
-</tr>
 
-<tr>
 
-<td>rsaDecrypt</td>
 
-<td>Decrypts RSA ciphertext using a PEM private key. Usage: <code>&lt;rsaDecrypt "SCHEME" "HASH" ciphertext privateKeyPEM&gt;</code> or <code>&lt;privateKeyPEM \| rsaDecrypt "SCHEME" "HASH" ciphertext&gt;</code>. <strong>SCHEME</strong>: supported values are <code>"None"</code> and <code>"RSA-OAEP"</code>. <strong>HASH</strong>: supported values are <code>"SHA1"</code> and <code>"SHA256"</code>. <strong>Ciphertext</strong> must be binary — use <code>b64dec</code> or <code>decodingStrategy: Base64</code> to convert Base64 payloads.</td>
 
-</tr>
 
-<tr>
 
-<td>toYaml</td>
 
-<td>Takes an interface, marshals it to yaml. It returns a string, even on marshal error (empty string).</td>
 
-</tr>
 
-<tr>
 
-<td>fromYaml</td>
 
-<td>Function converts a YAML document into a map[string]any.</td>
 
-</tr>
 
-</tbody>
 
-</table>
 
-<h2 id="migrating-from-v1">Migrating from v1</h2>
 
-<p>If you are still using <code>v1alpha1</code>, You have to opt-in to use the new engine version by specifying <code>template.engineVersion=v2</code>:</p>
 
-<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
 
-<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
 
-<span class="nt">metadata</span><span class="p">:</span>
 
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret</span>
 
-<span class="nt">spec</span><span class="p">:</span>
 
-<span class="w">  </span><span class="c1"># ...</span>
 
-<span class="w">  </span><span class="nt">target</span><span class="p">:</span>
 
-<span class="w">    </span><span class="nt">template</span><span class="p">:</span>
 
-<span class="w">      </span><span class="nt">engineVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v2</span>
 
-<span class="w">  </span><span class="c1"># ...</span>
 
-</code></pre></div>
 
-<p>The biggest change was that basically all function parameter types were changed from accepting/returning <code>[]byte</code> to <code>string</code>. This is relevant for you because now you don't need to specify <code>toString</code> all the time at the end of a template pipeline.</p>
 
-<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
 
-<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
 
-<span class="c1"># ...</span>
 
-<span class="nt">spec</span><span class="p">:</span>
 
-<span class="w">  </span><span class="nt">target</span><span class="p">:</span>
 
-<span class="w">    </span><span class="nt">template</span><span class="p">:</span>
 
-<span class="w">      </span><span class="nt">engineVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v2</span>
 
-<span class="w">      </span><span class="nt">data</span><span class="p">:</span>
 
-<span class="w">        </span><span class="c1"># this used to be {{ .foobar | toString }}</span>
 
-<span class="w">        </span><span class="nt">egg</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;new:</span><span class="nv"> </span><span class="s">{{</span><span class="nv"> </span><span class="s">.foobar</span><span class="nv"> </span><span class="s">}}&quot;</span>
 
-</code></pre></div>
 
-<h5 id="functions-removedreplaced">Functions removed/replaced</h5>
 
-<ul>
 
-<li><code>base64encode</code> was renamed to <code>b64enc</code>.</li>
 
-<li><code>base64decode</code> was renamed to <code>b64dec</code>. Any errors that occur during decoding are silenced.</li>
 
-<li><code>fromJSON</code> was renamed to <code>fromJson</code>. Any errors that occur during unmarshalling are silenced.</li>
 
-<li><code>toJSON</code> was renamed to <code>toJson</code>. Any errors that occur during marshalling are silenced.</li>
 
-<li><code>pkcs12key</code> and <code>pkcs12keyPass</code> encode the PKCS#8 key directly into PEM format. There is no need to call <code>pemPrivateKey</code> anymore. Also, these functions do extract all private keys from the PKCS#12 archive not just the first one.</li>
 
-<li><code>pkcs12cert</code> and <code>pkcs12certPass</code> encode the certs directly into PEM format. There is no need to call <code>pemCertificate</code> anymore. These functions now <strong>extract all certificates</strong> from the PKCS#12 archive not just the first one.</li>
 
-<li><code>toString</code> implementation was replaced by the <code>sprig</code> implementation and should be api-compatible.</li>
 
-<li><code>toBytes</code> was removed.</li>
 
-<li><code>pemPrivateKey</code> was removed. It's now implemented within the <code>pkcs12*</code> functions.</li>
 
-<li><code>pemCertificate</code> was removed. It's now implemented within the <code>pkcs12*</code> functions.</li>
 
-</ul>
 
+<h1 id="macro-syntax-error"><em>Macro Syntax Error</em></h1>
 
+<p><em>File</em>: <code>guides/templating.md</code></p>
 
+<p><em>Line 12 in Markdown file:</em> <strong>unexpected '.'</strong>
 
+<div class="highlight"><pre><span></span><code>    Example: <span class="gs">**`\{\{ index .data &quot;service-account-token&quot; \}\}`**</span>
 
+</code></pre></div></p>

Failā izmaiņas netiks attēlotas, jo tās ir par lielu
+ 0 - 0
main/search/search_index.json


+ 16 - 0
main/snippets/certsans-template-v2-external-secret.yaml
Parādīt failu 

@@ -0,0 +1,16 @@
 
+apiVersion: external-secrets.io/v1
 
+kind: ExternalSecret
 
+metadata:
 
+  name: cert-sans-example
 
+spec:
 
+  # ...
 
+  target:
 
+    template:
 
+      engineVersion: v2
 
+      data:
 
+        # Store all SANs as a comma-separated string
 
+        sans: '{{ .certificate | filterPEM "CERTIFICATE" | filterCertChain "leaf" | certSANs | join "," }}'
 
+        # Store the first SAN (e.g. primary domain)
 
+        primary-domain: '{{ index (.certificate | filterPEM "CERTIFICATE" | filterCertChain "leaf" | certSANs) 0 }}'
 
+        # Store SANs as a JSON array
 
+        sans-json: '{{ .certificate | filterPEM "CERTIFICATE" | filterCertChain "leaf" | certSANs | toJson }}'

Daži faili netika attēloti, jo izmaiņu fails ir pārāk liels