Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Using Bitwarden notes for multiline secrets (#2635)

* Using Bitwarden notes for multiline secrets

Signed-off-by: Laszlo Fogas <laszlo@gimlet.io>

* Update docs/snippets/bitwarden-secret.yaml

Signed-off-by: Moritz Johner <moolen@users.noreply.github.com>

---------

Signed-off-by: Laszlo Fogas <laszlo@gimlet.io>
Signed-off-by: Moritz Johner <moolen@users.noreply.github.com>
Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
Laszlo Fogas 2 years ago
parent
13512b979e
commit
95bb5f9345
3 changed files with 21 additions and 0 deletions
Split View Show Diff Stats
  1. 1 0
      docs/examples/bitwarden.md
  2. 11 0
      docs/snippets/bitwarden-secret-store.yaml
  3. 9 0
      docs/snippets/bitwarden-secret.yaml

+ 1 - 0
docs/examples/bitwarden.md
View File 

@@ -87,6 +87,7 @@ Here the two ClusterSecretStore to deploy
 
 
 * If you need the `username` or the `password` of a secret, you have to use `bitwarden-login`
 
 * If you need a custom field of a secret, you have to use `bitwarden-fields`
 
+* If you need to use a Bitwarden Note for multiline strings (SSH keys, service account json files), you have to use `bitwarden-notes`
 
 * The `key` is the ID of a secret, which can be find in the URL with the `itemId` value:
 
   `https://myvault.com/#/vault?itemId=........-....-....-....-............`
 
 * The `property` is the name of the field:

+ 11 - 0
docs/snippets/bitwarden-secret-store.yaml
View File 

@@ -23,4 +23,15 @@ spec:
 
       url: "http://bitwarden-cli:8087/object/item/{{ .remoteRef.key }}"
 
       result:
 
         jsonPath: "$.data.fields[?@.name==\"{{ .remoteRef.property }}\"].value"
 
+---
 
+apiVersion: external-secrets.io/v1beta1
 
+kind: ClusterSecretStore
 
+metadata:
 
+  name: bitwarden-notes
 
+spec:
 
+  provider:
 
+    webhook:
 
+      url: "http://bitwarden-cli:8087/object/item/{{ .remoteRef.key }}"
 
+      result:
 
+        jsonPath: "$.data.notes"
 
 {% endraw %}

+ 9 - 0
docs/snippets/bitwarden-secret.yaml
View File 

@@ -21,6 +21,8 @@ spec:
 
           {{ .postgres_replication_password }}
 
         db_url: |-
 
           postgresql://{{ .username }}:{{ .password }}@my-postgresql:5432/mydb
 
+        service_account_key: |-
 
+          {{ .service_account_key }}
 
   data:
 
     - secretKey: username
 
       sourceRef:
 
@@ -54,4 +56,11 @@ spec:
 
       remoteRef:
 
         key: aaaabbbb-cccc-dddd-eeee-000011112222
 
         property: postgres-replication-password
 
+    - secretKey: service_account_key
 
+      sourceRef:
 
+        storeRef:
 
+          name: bitwarden-notes
 
+          kind: ClusterSecretStore  # or SecretStore
 
+      remoteRef:
 
+        key: service_account_key
 
 {% endraw %}