Deployed 02c6f625 to main with MkDocs 1.5.3 and mike 1.2.0.dev0

main/introduction/stability-support/index.html

@@ -4122,8 +4122,8 @@ We aim for a 2-3 month minor release cycle, i.e. a given release is supported fo
 </tr>
 <tr>
 <td><a href="https://external-secrets.io/latest/provider/conjur">Conjur</a></td>
-<td style="text-align: center;">alpha</td>
-<td style="text-align: right;"><a href="https://github.com/davidh-cyberark/">@davidh-cyberark</a></td>
+<td style="text-align: center;">stable</td>
+<td style="text-align: right;"><a href="https://github.com/davidh-cyberark/">@davidh-cyberark</a> <a href="https://github.com/szh">@szh</a></td>
 </tr>
 <tr>
 <td><a href="https://external-secrets.io/latest/provider/delinea">Delinea</a></td>
@@ -4340,8 +4340,8 @@ We aim for a 2-3 month minor release cycle, i.e. a given release is supported fo
 </tr>
 <tr>
 <td>Conjur</td>
-<td style="text-align: center;"></td>
-<td style="text-align: center;"></td>
+<td style="text-align: center;">x</td>
+<td style="text-align: center;">x</td>
 <td style="text-align: center;"></td>
 <td style="text-align: center;"></td>
 <td style="text-align: center;">x</td>

main/provider/conjur/index.html

@@ -2073,28 +2073,47 @@
 </li>
         
           <li class="md-nav__item">
-  <a href="#external-secret-store-with-apikey-authentication" class="md-nav__link">
+  <a href="#external-secret-store" class="md-nav__link">
     <span class="md-ellipsis">
-      External secret store with apiKey authentication
+      External secret store
     </span>
   </a>
   
-    <nav class="md-nav" aria-label="External secret store with apiKey authentication">
+    <nav class="md-nav" aria-label="External secret store">
       <ul class="md-nav__list">
         
           <li class="md-nav__item">
-  <a href="#step-1-create-an-external-secret-store" class="md-nav__link">
+  <a href="#option-1-external-secret-store-with-apikey-authentication" class="md-nav__link">
     <span class="md-ellipsis">
-      Step 1: Create an external secret store
+      Option 1: External secret store with apiKey authentication
+    </span>
+  </a>
+  
+    <nav class="md-nav" aria-label="Option 1: External secret store with apiKey authentication">
+      <ul class="md-nav__list">
+        
+          <li class="md-nav__item">
+  <a href="#step-1-define-an-external-secret-store" class="md-nav__link">
+    <span class="md-ellipsis">
+      Step 1: Define an external secret store
     </span>
   </a>
   
 </li>
         
           <li class="md-nav__item">
-  <a href="#step-2-create-kubernetes-secrets" class="md-nav__link">
+  <a href="#step-2-create-kubernetes-secrets-for-conjur-credentials" class="md-nav__link">
+    <span class="md-ellipsis">
+      Step 2: Create Kubernetes secrets for Conjur credentials
+    </span>
+  </a>
+  
+</li>
+        
+          <li class="md-nav__item">
+  <a href="#step-3-create-the-external-secrets-store" class="md-nav__link">
     <span class="md-ellipsis">
-      Step 2: Create Kubernetes secrets
+      Step 3: Create the external secrets store
     </span>
   </a>
   
@@ -2106,17 +2125,17 @@
 </li>
         
           <li class="md-nav__item">
-  <a href="#external-secret-store-with-jwt-authentication" class="md-nav__link">
+  <a href="#option-2-external-secret-store-with-jwt-authentication" class="md-nav__link">
     <span class="md-ellipsis">
-      External secret store with JWT authentication
+      Option 2: External secret store with JWT authentication
     </span>
   </a>
   
-    <nav class="md-nav" aria-label="External secret store with JWT authentication">
+    <nav class="md-nav" aria-label="Option 2: External secret store with JWT authentication">
       <ul class="md-nav__list">
         
           <li class="md-nav__item">
-  <a href="#step-1-define-an-external-secret-store" class="md-nav__link">
+  <a href="#step-1-define-an-external-secret-store_1" class="md-nav__link">
     <span class="md-ellipsis">
       Step 1: Define an external secret store
     </span>
@@ -2125,43 +2144,63 @@
 </li>
         
           <li class="md-nav__item">
-  <a href="#step-2-define-an-external-secret" class="md-nav__link">
+  <a href="#step-2-create-the-external-secrets-store" class="md-nav__link">
     <span class="md-ellipsis">
-      Step 2: Define an external secret
+      Step 2: Create the external secrets store
     </span>
   </a>
   
+</li>
+        
+      </ul>
+    </nav>
+  
+</li>
+        
+      </ul>
+    </nav>
+  
 </li>
         
           <li class="md-nav__item">
-  <a href="#step-3-create-the-external-secrets-store" class="md-nav__link">
+  <a href="#define-an-external-secret" class="md-nav__link">
     <span class="md-ellipsis">
-      Step 3: Create the external secrets store
+      Define an external secret
     </span>
   </a>
   
-</li>
+    <nav class="md-nav" aria-label="Define an external secret">
+      <ul class="md-nav__list">
         
           <li class="md-nav__item">
-  <a href="#step-4-create-the-external-secret" class="md-nav__link">
+  <a href="#find-by-name-and-find-by-tag" class="md-nav__link">
     <span class="md-ellipsis">
-      Step 4: Create the external secret
+      Find by Name and Find by Tag
     </span>
   </a>
   
+</li>
+        
+      </ul>
+    </nav>
+  
 </li>
         
           <li class="md-nav__item">
-  <a href="#step-5-get-the-k8s-secret" class="md-nav__link">
+  <a href="#create-the-external-secret" class="md-nav__link">
     <span class="md-ellipsis">
-      Step 5: Get the K8s secret
+      Create the external secret
     </span>
   </a>
   
 </li>
         
-      </ul>
-    </nav>
+          <li class="md-nav__item">
+  <a href="#get-the-k8s-secret" class="md-nav__link">
+    <span class="md-ellipsis">
+      Get the K8s secret
+    </span>
+  </a>
   
 </li>
         
@@ -4001,28 +4040,47 @@
 </li>
         
           <li class="md-nav__item">
-  <a href="#external-secret-store-with-apikey-authentication" class="md-nav__link">
+  <a href="#external-secret-store" class="md-nav__link">
+    <span class="md-ellipsis">
+      External secret store
+    </span>
+  </a>
+  
+    <nav class="md-nav" aria-label="External secret store">
+      <ul class="md-nav__list">
+        
+          <li class="md-nav__item">
+  <a href="#option-1-external-secret-store-with-apikey-authentication" class="md-nav__link">
     <span class="md-ellipsis">
-      External secret store with apiKey authentication
+      Option 1: External secret store with apiKey authentication
     </span>
   </a>
   
-    <nav class="md-nav" aria-label="External secret store with apiKey authentication">
+    <nav class="md-nav" aria-label="Option 1: External secret store with apiKey authentication">
       <ul class="md-nav__list">
         
           <li class="md-nav__item">
-  <a href="#step-1-create-an-external-secret-store" class="md-nav__link">
+  <a href="#step-1-define-an-external-secret-store" class="md-nav__link">
     <span class="md-ellipsis">
-      Step 1: Create an external secret store
+      Step 1: Define an external secret store
     </span>
   </a>
   
 </li>
         
           <li class="md-nav__item">
-  <a href="#step-2-create-kubernetes-secrets" class="md-nav__link">
+  <a href="#step-2-create-kubernetes-secrets-for-conjur-credentials" class="md-nav__link">
     <span class="md-ellipsis">
-      Step 2: Create Kubernetes secrets
+      Step 2: Create Kubernetes secrets for Conjur credentials
+    </span>
+  </a>
+  
+</li>
+        
+          <li class="md-nav__item">
+  <a href="#step-3-create-the-external-secrets-store" class="md-nav__link">
+    <span class="md-ellipsis">
+      Step 3: Create the external secrets store
     </span>
   </a>
   
@@ -4034,17 +4092,17 @@
 </li>
         
           <li class="md-nav__item">
-  <a href="#external-secret-store-with-jwt-authentication" class="md-nav__link">
+  <a href="#option-2-external-secret-store-with-jwt-authentication" class="md-nav__link">
     <span class="md-ellipsis">
-      External secret store with JWT authentication
+      Option 2: External secret store with JWT authentication
     </span>
   </a>
   
-    <nav class="md-nav" aria-label="External secret store with JWT authentication">
+    <nav class="md-nav" aria-label="Option 2: External secret store with JWT authentication">
       <ul class="md-nav__list">
         
           <li class="md-nav__item">
-  <a href="#step-1-define-an-external-secret-store" class="md-nav__link">
+  <a href="#step-1-define-an-external-secret-store_1" class="md-nav__link">
     <span class="md-ellipsis">
       Step 1: Define an external secret store
     </span>
@@ -4053,43 +4111,63 @@
 </li>
         
           <li class="md-nav__item">
-  <a href="#step-2-define-an-external-secret" class="md-nav__link">
+  <a href="#step-2-create-the-external-secrets-store" class="md-nav__link">
     <span class="md-ellipsis">
-      Step 2: Define an external secret
+      Step 2: Create the external secrets store
     </span>
   </a>
   
+</li>
+        
+      </ul>
+    </nav>
+  
+</li>
+        
+      </ul>
+    </nav>
+  
 </li>
         
           <li class="md-nav__item">
-  <a href="#step-3-create-the-external-secrets-store" class="md-nav__link">
+  <a href="#define-an-external-secret" class="md-nav__link">
     <span class="md-ellipsis">
-      Step 3: Create the external secrets store
+      Define an external secret
     </span>
   </a>
   
-</li>
+    <nav class="md-nav" aria-label="Define an external secret">
+      <ul class="md-nav__list">
         
           <li class="md-nav__item">
-  <a href="#step-4-create-the-external-secret" class="md-nav__link">
+  <a href="#find-by-name-and-find-by-tag" class="md-nav__link">
     <span class="md-ellipsis">
-      Step 4: Create the external secret
+      Find by Name and Find by Tag
     </span>
   </a>
   
+</li>
+        
+      </ul>
+    </nav>
+  
 </li>
         
           <li class="md-nav__item">
-  <a href="#step-5-get-the-k8s-secret" class="md-nav__link">
+  <a href="#create-the-external-secret" class="md-nav__link">
     <span class="md-ellipsis">
-      Step 5: Get the K8s secret
+      Create the external secret
     </span>
   </a>
   
 </li>
         
-      </ul>
-    </nav>
+          <li class="md-nav__item">
+  <a href="#get-the-k8s-secret" class="md-nav__link">
+    <span class="md-ellipsis">
+      Get the K8s secret
+    </span>
+  </a>
   
 </li>
         
@@ -4141,13 +4219,11 @@
 <h3 id="prerequisites">Prerequisites</h3>
 <p>Before installing the Conjur provider, you need:</p>
 <ul>
-<li>A running Conjur Server, with:<ul>
+<li>A running Conjur Server, with:</li>
 <li>An accessible Conjur endpoint (for example: <code>https://myapi.example.com</code>).</li>
 <li>Your configured Conjur authentication info (such as <code>hostid</code>, <code>apikey</code>, or JWT service ID). For more information on configuring Conjur, see <a href="https://docs.cyberark.com/conjur-open-source/Latest/en/Content/Operations/Policy/policy-statement-ref.htm">Policy statement reference</a>.</li>
 <li>Support for your authentication method (<code>apikey</code> is supported by default, <code>jwt</code> requires additional configuration).</li>
 <li><strong>Optional</strong>: Conjur server certificate (see <a href="#conjur-server-certificate">below</a>).</li>
-</ul>
-</li>
 <li>A Kubernetes cluster with ESO installed.</li>
 </ul>
 <h3 id="conjur-server-certificate">Conjur server certificate</h3>
@@ -4174,9 +4250,15 @@
 <span class="w">        </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;my-cert-secret-namespace&quot;</span>
 <span class="w">  </span><span class="l l-Scalar l-Scalar-Plain">....</span>
 </code></pre></div>
-<h3 id="external-secret-store-with-apikey-authentication">External secret store with apiKey authentication</h3>
+<h3 id="external-secret-store">External secret store</h3>
+<p>The Conjur provider is configured as an external secret store in ESO. The Conjur provider supports these two methods to authenticate to Conjur:</p>
+<ul>
+<li><a href="#option-1-external-secret-store-with-apikey-authentication"><code>apikey</code></a>: uses a Conjur <code>hostid</code> and <code>apikey</code> to authenticate with Conjur</li>
+<li><a href="#option-2-external-secret-store-with-jwt-authentication"><code>jwt</code></a>: uses a JWT to authenticate with Conjur</li>
+</ul>
+<h4 id="option-1-external-secret-store-with-apikey-authentication">Option 1: External secret store with apiKey authentication</h4>
 <p>This method uses a Conjur <code>hostid</code> and <code>apikey</code> to authenticate with Conjur. It is the simplest method to set up and use because your Conjur instance requires no additional configuration.</p>
-<h4 id="step-1-create-an-external-secret-store">Step 1: Create an external secret store</h4>
+<h5 id="step-1-define-an-external-secret-store">Step 1: Define an external secret store</h5>
 <div class="admonition tip">
 <p class="admonition-title">Tip</p>
 <p>Save as the file as: <code>conjur-secret-store.yaml</code></p>
@@ -4203,7 +4285,7 @@
 <span class="w">            </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">conjur-creds</span>
 <span class="w">            </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">apikey</span>
 </code></pre></div>
-<h4 id="step-2-create-kubernetes-secrets">Step 2: Create Kubernetes secrets</h4>
+<h5 id="step-2-create-kubernetes-secrets-for-conjur-credentials">Step 2: Create Kubernetes secrets for Conjur credentials</h5>
 <p>To connect to the Conjur server, the <strong>ESO Conjur provider</strong> needs to retrieve the <code>apikey</code> credentials from K8s secrets.</p>
 <div class="admonition note">
 <p class="admonition-title">Note</p>
@@ -4220,13 +4302,27 @@ kubectl<span class="w"> </span>-n<span class="w"> </span>external-secrets<span c
 <p class="admonition-title">Note</p>
 <p><code>conjur-creds</code> is the <code>name</code> defined in the <code>userRef</code> and <code>apikeyRef</code> fields of the <code>conjur-secret-store.yml</code> file.</p>
 </div>
-<h3 id="external-secret-store-with-jwt-authentication">External secret store with JWT authentication</h3>
+<h5 id="step-3-create-the-external-secrets-store">Step 3: Create the external secrets store</h5>
+<div class="admonition important">
+<p class="admonition-title">Important</p>
+<p>Unless you are using a <a href="../../api/clustersecretstore/">ClusterSecretStore</a>, credentials must reside in the same namespace as the SecretStore.</p>
+</div>
+<div class="highlight"><pre><span></span><code><span class="c1"># WARNING: creates the store in the &quot;external-secrets&quot; namespace, update the value as needed</span>
+<span class="c1">#</span>
+kubectl<span class="w"> </span>apply<span class="w"> </span>-n<span class="w"> </span>external-secrets<span class="w"> </span>-f<span class="w"> </span>conjur-secret-store.yaml
+
+<span class="c1"># WARNING: running the delete command will delete the secret store configuration</span>
+<span class="c1">#</span>
+<span class="c1"># If there is a need to delete the external secretstore</span>
+<span class="c1"># kubectl delete secretstore -n external-secrets conjur</span>
+</code></pre></div>
+<h4 id="option-2-external-secret-store-with-jwt-authentication">Option 2: External secret store with JWT authentication</h4>
 <p>This method uses JWT tokens to authenticate with Conjur. You can use the following methods to retrieve a JWT token for authentication:</p>
 <ul>
 <li>JWT token from a referenced Kubernetes service account</li>
 <li>JWT token stored in a Kubernetes secret</li>
 </ul>
-<h4 id="step-1-define-an-external-secret-store">Step 1: Define an external secret store</h4>
+<h5 id="step-1-define-an-external-secret-store_1">Step 1: Define an external secret store</h5>
 <p>When you use JWT authentication, the following must be specified in the <code>SecretStore</code>:</p>
 <ul>
 <li><code>account</code> -  The name of the Conjur account</li>
@@ -4289,9 +4385,20 @@ kubectl<span class="w"> </span>-n<span class="w"> </span>external-secrets<span c
 <p>You can use an external JWT issuer or the Kubernetes API server to create the token. For example, a Kubernetes service account token can be created with this command:</p>
 <div class="highlight"><pre><span></span><code>kubectl<span class="w"> </span>create<span class="w"> </span>token<span class="w"> </span>my-service-account<span class="w"> </span>--audience<span class="o">=</span><span class="s1">&#39;https://conjur.company.com&#39;</span><span class="w"> </span>--duration<span class="o">=</span>3600s
 </code></pre></div>
-<p>Save the secret store file as <code>conjur-secret-store.yaml</code> (the filename used in subsequent steps).</p>
-<h4 id="step-2-define-an-external-secret">Step 2: Define an external secret</h4>
-<p>Save the external secret file as: <code>conjur-external-secret.yaml</code></p>
+<p>Save the secret store file as <code>conjur-secret-store.yaml</code>.</p>
+<h5 id="step-2-create-the-external-secrets-store">Step 2: Create the external secrets store</h5>
+<div class="highlight"><pre><span></span><code><span class="c1"># WARNING: creates the store in the &quot;external-secrets&quot; namespace, update the value as needed</span>
+<span class="c1">#</span>
+kubectl<span class="w"> </span>apply<span class="w"> </span>-n<span class="w"> </span>external-secrets<span class="w"> </span>-f<span class="w"> </span>conjur-secret-store.yaml
+
+<span class="c1"># WARNING: running the delete command will delete the secret store configuration</span>
+<span class="c1">#</span>
+<span class="c1"># If there is a need to delete the external secretstore</span>
+<span class="c1"># kubectl delete secretstore -n external-secrets conjur</span>
+</code></pre></div>
+<h3 id="define-an-external-secret">Define an external secret</h3>
+<p>After you have configured the Conjur provider secret store, you can fetch secrets from Conjur.</p>
+<p>Here is an example of how to fetch a single secret from Conjur:</p>
 <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
 <span class="nt">metadata</span><span class="p">:</span>
@@ -4307,21 +4414,37 @@ kubectl<span class="w"> </span>-n<span class="w"> </span>external-secrets<span c
 <span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span>
 <span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">data/app1/secret00</span>
 </code></pre></div>
-<div class="admonition important">
-<p class="admonition-title">Important</p>
-<p>Unless you are using a <a href="../../api/clustersecretstore/">ClusterSecretStore</a>, credentials must reside in the same namespace as the SecretStore.</p>
-</div>
-<h4 id="step-3-create-the-external-secrets-store">Step 3: Create the external secrets store</h4>
-<div class="highlight"><pre><span></span><code><span class="c1"># WARNING: creates the store in the &quot;external-secrets&quot; namespace, update the value as needed</span>
-<span class="c1">#</span>
-kubectl<span class="w"> </span>apply<span class="w"> </span>-n<span class="w"> </span>external-secrets<span class="w"> </span>-f<span class="w"> </span>conjur-secret-store.yaml
-
-<span class="c1"># WARNING: running the delete command will delete the secret store configuration</span>
-<span class="c1">#</span>
-<span class="c1"># If there is a need to delete the external secretstore</span>
-<span class="c1"># kubectl delete secretstore -n external-secrets conjur</span>
+<p>Save the external secret file as <code>conjur-external-secret.yaml</code>.</p>
+<h4 id="find-by-name-and-find-by-tag">Find by Name and Find by Tag</h4>
+<p>The Conjur provider also supports the Find by Name and Find by Tag ESO features. This means that
+you can use a regular expression or tags to dynamically fetch multiple secrets from Conjur.</p>
+<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span>
+<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
+<span class="nt">metadata</span><span class="p">:</span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">conjur-find-by-name</span>
+<span class="nt">spec</span><span class="p">:</span>
+<span class="w">  </span><span class="nt">refreshInterval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">10s</span>
+<span class="w">  </span><span class="nt">secretStoreRef</span><span class="p">:</span>
+<span class="w">    </span><span class="c1"># This name must match the metadata.name in the `SecretStore`</span>
+<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">conjur</span>
+<span class="w">    </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
+<span class="w">  </span><span class="nt">target</span><span class="p">:</span>
+<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">k8s-secret-to-be-created</span>
+<span class="w">  </span><span class="nt">dataFrom</span><span class="p">:</span>
+<span class="w">    </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">find</span><span class="p">:</span>
+<span class="w">        </span><span class="c1"># You can use *either* `name` or `tags` to filter the secrets. Here are basic examples of both:</span>
+<span class="w">        </span><span class="nt">name</span><span class="p">:</span>
+<span class="w">          </span><span class="c1"># Match all secrets in the app1 namespace (e.g., `app1/secret00`, `app1/secret01`, etc.)</span>
+<span class="w">          </span><span class="nt">regexp</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;^app1</span><span class="err">\</span><span class="s">/.+$&quot;</span>
+<span class="w">        </span><span class="nt">tags</span><span class="p">:</span>
+<span class="w">          </span><span class="c1"># Only fetch Conjur secrets with the following annotations</span>
+<span class="w">          </span><span class="nt">environment</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;prod&quot;</span>
+<span class="w">          </span><span class="nt">application</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;app1&quot;</span>
 </code></pre></div>
-<h4 id="step-4-create-the-external-secret">Step 4: Create the external secret</h4>
+<p>If you use these features, we strongly recommend that you limit the permissions of the Conjur host
+to only the secrets that it needs to access. This is more secure and it reduces the load on
+both the Conjur server and ESO.</p>
+<h3 id="create-the-external-secret">Create the external secret</h3>
 <div class="highlight"><pre><span></span><code><span class="c1"># WARNING: creates the external-secret in the &quot;external-secrets&quot; namespace, update the value as needed</span>
 <span class="c1">#</span>
 kubectl<span class="w"> </span>apply<span class="w"> </span>-n<span class="w"> </span>external-secrets<span class="w"> </span>-f<span class="w"> </span>conjur-external-secret.yaml
@@ -4331,7 +4454,7 @@ kubectl<span class="w"> </span>apply<span class="w"> </span>-n<span class="w"> <
 <span class="c1"># If there is a need to delete the external secret</span>
 <span class="c1"># kubectl delete externalsecret -n external-secrets conjur</span>
 </code></pre></div>
-<h4 id="step-5-get-the-k8s-secret">Step 5: Get the K8s secret</h4>
+<h3 id="get-the-k8s-secret">Get the K8s secret</h3>
 <ul>
 <li>Log in to your Conjur server and verify that your secret exists</li>
 <li>Review the value of your Kubernetes secret to verify that it contains the same value as the Conjur server</li>
@@ -4347,7 +4470,7 @@ kubectl<span class="w"> </span>get<span class="w"> </span>secret<span class="w">
 <li><a href="https://docs.cyberark.com/conjur-open-source/Latest/en/Content/Operations/Services/cjr-authn-jwt-guidelines.htm">Configure Conjur JWT authentication</a></li>
 </ul>
 <h3 id="license">License</h3>
-<p>Copyright (c) 2023 CyberArk Software Ltd. All rights reserved.</p>
+<p>Copyright (c) 2023-2024 CyberArk Software Ltd. All rights reserved.</p>
 <p>Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at</p>

main/snippets/conjur-external-secret-find.yaml

@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: conjur-find-by-name
+spec:
+  refreshInterval: 10s
+  secretStoreRef:
+    # This name must match the metadata.name in the `SecretStore`
+    name: conjur
+    kind: SecretStore
+  target:
+    name: k8s-secret-to-be-created
+  dataFrom:
+    - find:
+        # You can use *either* `name` or `tags` to filter the secrets. Here are basic examples of both:
+        name:
+          # Match all secrets in the app1 namespace (e.g., `app1/secret00`, `app1/secret01`, etc.)
+          regexp: "^app1\/.+$"
+        tags:
+          # Only fetch Conjur secrets with the following annotations
+          environment: "prod"
+          application: "app1"