Deployed 87afb6702 to main with MkDocs 1.6.1 and mike 1.2.0.dev0

main/provider/aws-secrets-manager/index.html

@@ -4215,8 +4215,12 @@ a <code>path</code> prefix or use <code>Tags</code> filter.</p>
 <span class="w">        </span><span class="c1"># recoveryWindowInDays: 9 (conflicts with forceDeleteWithoutRecovery)</span>
 </code></pre></div>
 <h4 id="additional-metadata-for-pushsecret">Additional Metadata for PushSecret</h4>
-<p>It's possible to configure AWS Secrets Manager to either push secrets in <code>binary</code> format or as plain <code>string</code>.</p>
-<p>To control this behaviour set the following provider metadata:</p>
+<p>Optionally, it is possible to configure additional options for the parameter. These are as follows:
+- kmsKeyID
+- secretPushFormat
+- description
+- tags</p>
+<p>To control this behavior set the following provider metadata:</p>
 <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">PushSecret</span>
 <span class="nt">metadata</span><span class="p">:</span>
@@ -4237,9 +4241,22 @@ a <code>path</code> prefix or use <code>Tags</code> filter.</p>
 <span class="w">        </span><span class="nt">remoteRef</span><span class="p">:</span>
 <span class="w">          </span><span class="nt">remoteKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">teamb-my-first-parameter-3</span><span class="w"> </span><span class="c1"># Remote reference (where the secret is going to be pushed)</span>
 <span class="w">      </span><span class="nt">metadata</span><span class="p">:</span>
-<span class="w">        </span><span class="nt">secretPushFormat</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">string</span>
+<span class="w">        </span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">kubernetes.external-secrets.io/v1alpha1</span>
+<span class="w">        </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">PushSecretMetadata</span>
+<span class="w">        </span><span class="nt">spec</span><span class="p">:</span>
+<span class="w">          </span><span class="nt">kmsKeyID</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">bb123123-b2b0-4f60-ac3a-44a13f0e6b6c</span><span class="w"> </span><span class="c1"># When not set, default to alias/aws/secretsmanager</span>
+<span class="w">          </span><span class="nt">secretPushFormat</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">string</span><span class="w"> </span><span class="c1"># When not set, default to binary</span>
+<span class="w">          </span><span class="nt">description</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;secret</span><span class="nv"> </span><span class="s">&#39;managed-by:secret-manager&#39;</span><span class="nv"> </span><span class="s">from</span><span class="nv"> </span><span class="s">&#39;secret-store:teamb-secret-store&#39;&quot;</span>
+<span class="w">          </span><span class="nt">tags</span><span class="p">:</span>
+<span class="w">            </span><span class="nt">secret-store</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">teamb-secret-store</span>
+<span class="w">            </span><span class="nt">refresh-interval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1h</span>
 </code></pre></div>
-<p><code>secretPushFormat</code> takes two options. <code>binary</code> and <code>string</code>, where <code>binary</code> is the <em>default</em>.</p>
+<ul>
+<li><code>secretPushFormat</code> takes two options. <code>binary</code> and <code>string</code>, where <code>binary</code> is the <em>default</em>.</li>
+<li><code>kmsKeyID</code> takes a KMS Key <code>$ID</code> or <code>$ARN</code> (in case a key source is created in another account) as a string, where <code>alias/aws/secretsmanager</code> is the <em>default</em>.</li>
+<li><code>description</code> Description of the secret.</li>
+<li><code>tags</code> Key-value map of user-defined tags that are attached to the secret.</li>
+</ul>
 <h3 id="json-secret-values">JSON Secret Values</h3>
 <p>SecretsManager supports <em>simple</em> key/value pairs that are stored as json. If you use the API you can store more complex JSON objects. You can access nested values or arrays using <a href="https://github.com/tidwall/gjson/blob/master/SYNTAX.md">gjson syntax</a>:</p>
 <p>Consider the following JSON object that is stored in the SecretsManager key <code>friendslist</code>:

main/snippets/aws-sm-push-secret-with-metadata.yaml

@@ -18,4 +18,12 @@ spec:
         remoteRef:
           remoteKey: teamb-my-first-parameter-3 # Remote reference (where the secret is going to be pushed)
       metadata:
-        secretPushFormat: string
+        apiVersion: kubernetes.external-secrets.io/v1alpha1
+        kind: PushSecretMetadata
+        spec:
+          kmsKeyID: bb123123-b2b0-4f60-ac3a-44a13f0e6b6c # When not set, default to alias/aws/secretsmanager
+          secretPushFormat: string # When not set, default to binary
+          description: "secret 'managed-by:secret-manager' from 'secret-store:teamb-secret-store'"
+          tags:
+            secret-store: teamb-secret-store
+            refresh-interval: 1h