Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Deployed cc6f50c to v0.4.3 with MkDocs 1.2.3 and mike 1.1.2

Docs 4 years ago
parent
033167b6ed
commit
b996a350ed
3 changed files with 393 additions and 14 deletions
Split View Show Diff Stats
  1. 393 14
      v0.4.3/guides-templating/index.html
  2. 0 0
      v0.4.3/search/search_index.json
  3. BIN
      v0.4.3/sitemap.xml.gz

+ 393 - 14
v0.4.3/guides-templating/index.html
View File 

@@ -68,7 +68,7 @@
 
     <div data-md-component="skip">
 
       
         
-        <a href="#macro-rendering-error" class="md-skip">
 
+        <a href="#advanced-templating-v2" class="md-skip">
 
           Skip to content
 
         </a>
 
       
@@ -426,10 +426,102 @@
 
         
       
       
+        <label class="md-nav__link md-nav__link--active" for="__toc">
 
+          v2
 
+          <span class="md-nav__icon md-icon"></span>
 
+        </label>
 
+      
       <a href="./" class="md-nav__link md-nav__link--active">
 
         v2
 
       </a>
 
       
+        
+
 
+<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
 
+  
+  
+  
+    
+  
+  
+    <label class="md-nav__title" for="__toc">
 
+      <span class="md-nav__icon md-icon"></span>
 
+      Table of contents
 
+    </label>
 
+    <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
 
+      
+        <li class="md-nav__item">
 
+  <a href="#examples" class="md-nav__link">
 
+    Examples
 
+  </a>
 
+  
+    <nav class="md-nav" aria-label="Examples">
 
+      <ul class="md-nav__list">
 
+        
+          <li class="md-nav__item">
 
+  <a href="#templatefrom" class="md-nav__link">
 
+    TemplateFrom
 
+  </a>
 
+  
+</li>
 
+        
+          <li class="md-nav__item">
 
+  <a href="#extract-keys-and-certificates-from-pkcs12-archive" class="md-nav__link">
 
+    Extract Keys and Certificates from PKCS#12 Archive
 
+  </a>
 
+  
+</li>
 
+        
+          <li class="md-nav__item">
 
+  <a href="#extract-from-jwk" class="md-nav__link">
 
+    Extract from JWK
 
+  </a>
 
+  
+</li>
 
+        
+          <li class="md-nav__item">
 
+  <a href="#filter-pem-blocks" class="md-nav__link">
 
+    Filter PEM blocks
 
+  </a>
 
+  
+</li>
 
+        
+      </ul>
 
+    </nav>
 
+  
+</li>
 
+      
+        <li class="md-nav__item">
 
+  <a href="#helper-functions" class="md-nav__link">
 
+    Helper functions
 
+  </a>
 
+  
+</li>
 
+      
+        <li class="md-nav__item">
 
+  <a href="#migrating-from-v1" class="md-nav__link">
 
+    Migrating from v1
 
+  </a>
 
+  
+    <nav class="md-nav" aria-label="Migrating from v1">
 
+      <ul class="md-nav__list">
 
+        
+          <li class="md-nav__item">
 
+  <a href="#functions-removedreplaced" class="md-nav__link">
 
+    Functions removed/replaced
 
+  </a>
 
+  
+</li>
 
+        
+      </ul>
 
+    </nav>
 
+  
+</li>
 
+      
+    </ul>
 
+  
+</nav>
 
+      
     </li>
 
   
 
@@ -1214,6 +1306,82 @@
 
     
   
   
+    <label class="md-nav__title" for="__toc">
 
+      <span class="md-nav__icon md-icon"></span>
 
+      Table of contents
 
+    </label>
 
+    <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
 
+      
+        <li class="md-nav__item">
 
+  <a href="#examples" class="md-nav__link">
 
+    Examples
 
+  </a>
 
+  
+    <nav class="md-nav" aria-label="Examples">
 
+      <ul class="md-nav__list">
 
+        
+          <li class="md-nav__item">
 
+  <a href="#templatefrom" class="md-nav__link">
 
+    TemplateFrom
 
+  </a>
 
+  
+</li>
 
+        
+          <li class="md-nav__item">
 
+  <a href="#extract-keys-and-certificates-from-pkcs12-archive" class="md-nav__link">
 
+    Extract Keys and Certificates from PKCS#12 Archive
 
+  </a>
 
+  
+</li>
 
+        
+          <li class="md-nav__item">
 
+  <a href="#extract-from-jwk" class="md-nav__link">
 
+    Extract from JWK
 
+  </a>
 
+  
+</li>
 
+        
+          <li class="md-nav__item">
 
+  <a href="#filter-pem-blocks" class="md-nav__link">
 
+    Filter PEM blocks
 
+  </a>
 
+  
+</li>
 
+        
+      </ul>
 
+    </nav>
 
+  
+</li>
 
+      
+        <li class="md-nav__item">
 
+  <a href="#helper-functions" class="md-nav__link">
 
+    Helper functions
 
+  </a>
 
+  
+</li>
 
+      
+        <li class="md-nav__item">
 
+  <a href="#migrating-from-v1" class="md-nav__link">
 
+    Migrating from v1
 
+  </a>
 
+  
+    <nav class="md-nav" aria-label="Migrating from v1">
 
+      <ul class="md-nav__list">
 
+        
+          <li class="md-nav__item">
 
+  <a href="#functions-removedreplaced" class="md-nav__link">
 
+    Functions removed/replaced
 
+  </a>
 
+  
+</li>
 
+        
+      </ul>
 
+    </nav>
 
+  
+</li>
 
+      
+    </ul>
 
+  
 </nav>
 
                   </div>
 
                 </div>
 
@@ -1229,20 +1397,231 @@
 
 </a>
 
 
 
-<h1 id="macro-rendering-error"><em>Macro Rendering Error</em></h1>
 
-<p><strong>TemplateNotFound</strong>: pem-filter-template-v2-external-secret.yaml</p>
 
-<div class="highlight"><pre><span></span><code>Traceback (most recent call last):
 
-  File &quot;/usr/lib/python3.8/site-packages/mkdocs_macros/plugin.py&quot;, line 473, in render
 
-    return md_template.render(**page_variables)
 
-  File &quot;/usr/lib/python3.8/site-packages/jinja2/environment.py&quot;, line 1291, in render
 
-    self.environment.handle_exception()
 
-  File &quot;/usr/lib/python3.8/site-packages/jinja2/environment.py&quot;, line 925, in handle_exception
 
-    raise rewrite_traceback_stack(source=source)
 
-  File &quot;&lt;template&gt;&quot;, line 74, in top-level template code
 
-  File &quot;/usr/lib/python3.8/site-packages/jinja2/loaders.py&quot;, line 214, in get_source
 
-    raise TemplateNotFound(template)
 
-jinja2.exceptions.TemplateNotFound: pem-filter-template-v2-external-secret.yaml
 
+<h1 id="advanced-templating-v2">Advanced Templating v2</h1>
 
+<p>With External Secrets Operator you can transform the data from the external secret provider before it is stored as <code>Kind=Secret</code>. You can do this with the <code>Spec.Target.Template</code>. Each data value is interpreted as a <a href="https://golang.org/pkg/text/template/">golang template</a>.</p>
 
+<h2 id="examples">Examples</h2>
 
+<p>You can use templates to inject your secrets into a configuration file that you mount into your pod:</p>
 
+<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span><span class="w"></span>
 
+<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span><span class="w"></span>
 
+<span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">template</span><span class="w"></span>
 
+<span class="nt">spec</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">  </span><span class="c1"># ...</span><span class="w"></span>
 
+<span class="w">  </span><span class="nt">target</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret-to-be-created</span><span class="w"></span>
 
+<span class="w">    </span><span class="c1"># this is how the Kind=Secret will look like</span><span class="w"></span>
 
+<span class="w">    </span><span class="nt">template</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">      </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">kubernetes.io/tls</span><span class="w"></span>
 
+<span class="w">      </span><span class="nt">engineVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v2</span><span class="w"></span>
 
+<span class="w">      </span><span class="nt">data</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">        </span><span class="c1"># multiline string</span><span class="w"></span>
 
+<span class="w">        </span><span class="nt">config</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">|</span><span class="w"></span>
 
+<span class="w">          </span><span class="no">datasources:</span><span class="w"></span>
 
+<span class="w">          </span><span class="no">- name: Graphite</span><span class="w"></span>
 
+<span class="w">            </span><span class="no">type: graphite</span><span class="w"></span>
 
+<span class="w">            </span><span class="no">access: proxy</span><span class="w"></span>
 
+<span class="w">            </span><span class="no">url: http://localhost:8080</span><span class="w"></span>
 
+<span class="w">            </span><span class="no">password: &quot;{{ .password }}&quot;</span><span class="w"></span>
 
+<span class="w">            </span><span class="no">user: &quot;{{ .user }}&quot;</span><span class="w"></span>
 
+
 
+<span class="w">  </span><span class="nt">data</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">user</span><span class="w"></span>
 
+<span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/grafana/user</span><span class="w"></span>
 
+<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">password</span><span class="w"></span>
 
+<span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/grafana/password</span><span class="w"></span>
 
+</code></pre></div>
 
+<h3 id="templatefrom">TemplateFrom</h3>
 
+<p>You do not have to define your templates inline in an ExternalSecret but you can pull <code>ConfigMaps</code> or other Secrets that contain a template. Consider the following example:</p>
 
+<div class="highlight"><pre><span></span><code><span class="c1"># define your template in a config map</span><span class="w"></span>
 
+<span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v1</span><span class="w"></span>
 
+<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ConfigMap</span><span class="w"></span>
 
+<span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">grafana-config-tpl</span><span class="w"></span>
 
+<span class="nt">data</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">  </span><span class="nt">config.yaml</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">|</span><span class="w"></span>
 
+<span class="w">    </span><span class="no">datasources:</span><span class="w"></span>
 
+<span class="w">      </span><span class="no">- name: Graphite</span><span class="w"></span>
 
+<span class="w">        </span><span class="no">type: graphite</span><span class="w"></span>
 
+<span class="w">        </span><span class="no">access: proxy</span><span class="w"></span>
 
+<span class="w">        </span><span class="no">url: http://localhost:8080</span><span class="w"></span>
 
+<span class="w">        </span><span class="no">password: &quot;{{ .password }}&quot;</span><span class="w"></span>
 
+<span class="w">        </span><span class="no">user: &quot;{{ .user }}&quot;</span><span class="w"></span>
 
+<span class="nn">---</span><span class="w"></span>
 
+<span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span><span class="w"></span>
 
+<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span><span class="w"></span>
 
+<span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-template-example</span><span class="w"></span>
 
+<span class="nt">spec</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">  </span><span class="c1"># ...</span><span class="w"></span>
 
+<span class="w">  </span><span class="nt">target</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret-to-be-created</span><span class="w"></span>
 
+<span class="w">    </span><span class="nt">template</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">      </span><span class="nt">engineVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v2</span><span class="w"></span>
 
+<span class="w">      </span><span class="nt">templateFrom</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">      </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">configMap</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">          </span><span class="c1"># name of the configmap to pull in</span><span class="w"></span>
 
+<span class="w">          </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">grafana-config-tpl</span><span class="w"></span>
 
+<span class="w">          </span><span class="c1"># here you define the keys that should be used as template</span><span class="w"></span>
 
+<span class="w">          </span><span class="nt">items</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">          </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">config.yaml</span><span class="w"></span>
 
+<span class="w">  </span><span class="nt">data</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">user</span><span class="w"></span>
 
+<span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/grafana/user</span><span class="w"></span>
 
+<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">password</span><span class="w"></span>
 
+<span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/grafana/password</span><span class="w"></span>
 
+</code></pre></div>
 
+<h3 id="extract-keys-and-certificates-from-pkcs12-archive">Extract Keys and Certificates from PKCS#12 Archive</h3>
 
+<p>You can use pre-defined functions to extract data from your secrets. Here: extract keys and certificates from a PKCS#12 archive and store it as PEM.</p>
 
+<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span><span class="w"></span>
 
+<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span><span class="w"></span>
 
+<span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">template</span><span class="w"></span>
 
+<span class="nt">spec</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">  </span><span class="c1"># ...</span><span class="w"></span>
 
+<span class="w">  </span><span class="nt">target</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">    </span><span class="nt">template</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">      </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">kubernetes.io/tls</span><span class="w"></span>
 
+<span class="w">      </span><span class="nt">engineVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v2</span><span class="w"></span>
 
+<span class="w">      </span><span class="nt">data</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">        </span><span class="nt">tls.crt</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">.mysecret</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">pkcs12cert</span><span class="nv"> </span><span class="s">}}&quot;</span><span class="w"></span>
 
+<span class="w">        </span><span class="nt">tls.key</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">.mysecret</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">pkcs12key</span><span class="nv"> </span><span class="s">}}&quot;</span><span class="w"></span>
 
+
 
+<span class="w">        </span><span class="c1"># if needed unlock the pkcs12 with the password</span><span class="w"></span>
 
+<span class="w">        </span><span class="nt">tls.crt</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">.mysecret</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">pkcs12certPass</span><span class="nv"> </span><span class="s">&quot;</span><span class="l l-Scalar l-Scalar-Plain">my-password&quot; }}&quot;</span><span class="w"></span>
 
+</code></pre></div>
 
+<h3 id="extract-from-jwk">Extract from JWK</h3>
 
+<p>You can extract the public or private key parts of a JWK and use them as <a href="https://pkg.go.dev/crypto/x509#ParsePKCS8PrivateKey">PKCS#8</a> private key or PEM-encoded <a href="https://pkg.go.dev/crypto/x509#MarshalPKIXPublicKey">PKIX</a> public key.</p>
 
+<p>A JWK looks similar to this:</p>
 
+<div class="highlight"><pre><span></span><code><span class="p">{</span><span class="w"></span>
 
+<span class="w">  </span><span class="nt">&quot;kty&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;RSA&quot;</span><span class="p">,</span><span class="w"></span>
 
+<span class="w">  </span><span class="nt">&quot;kid&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;cc34c0a0-bd5a-4a3c-a50d-a2a7db7643df&quot;</span><span class="p">,</span><span class="w"></span>
 
+<span class="w">  </span><span class="nt">&quot;use&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;sig&quot;</span><span class="p">,</span><span class="w"></span>
 
+<span class="w">  </span><span class="nt">&quot;n&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;pjdss...&quot;</span><span class="p">,</span><span class="w"></span>
 
+<span class="w">  </span><span class="nt">&quot;e&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;AQAB&quot;</span><span class="w"></span>
 
+<span class="w">  </span><span class="err">//</span><span class="w"> </span><span class="err">...</span><span class="w"></span>
 
+<span class="p">}</span><span class="w"></span>
 
+</code></pre></div>
 
+<p>And what you want may be a PEM-encoded public or private key portion of it. Take a look at this example on how to transform it into the desired format:</p>
 
+<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span><span class="w"></span>
 
+<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span><span class="w"></span>
 
+<span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">template</span><span class="w"></span>
 
+<span class="nt">spec</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">  </span><span class="c1"># ...</span><span class="w"></span>
 
+<span class="w">  </span><span class="nt">target</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">    </span><span class="nt">template</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">      </span><span class="nt">engineVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v2</span><span class="w"></span>
 
+<span class="w">      </span><span class="nt">data</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">        </span><span class="c1"># .myjwk is a json-encoded JWK string.</span><span class="w"></span>
 
+<span class="w">        </span><span class="c1">#</span><span class="w"></span>
 
+<span class="w">        </span><span class="c1"># this template will produce for jwk_pub a PEM encoded public key:</span><span class="w"></span>
 
+<span class="w">        </span><span class="c1"># -----BEGIN PUBLIC KEY-----</span><span class="w"></span>
 
+<span class="w">        </span><span class="c1"># MIIBI...</span><span class="w"></span>
 
+<span class="w">        </span><span class="c1"># ...</span><span class="w"></span>
 
+<span class="w">        </span><span class="c1"># ...AQAB</span><span class="w"></span>
 
+<span class="w">        </span><span class="c1"># -----END PUBLIC KEY-----</span><span class="w"></span>
 
+<span class="w">        </span><span class="nt">jwk_pub</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">.myjwk</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">jwkPublicKeyPem</span><span class="nv"> </span><span class="s">}}&quot;</span><span class="w"></span>
 
+<span class="w">        </span><span class="c1"># private key is a pem-encoded PKCS#8 private key</span><span class="w"></span>
 
+<span class="w">        </span><span class="nt">jwk_priv</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">.myjwk</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">jwkPrivateKeyPem</span><span class="nv"> </span><span class="s">}}&quot;</span><span class="w"></span>
 
+</code></pre></div>
 
+<h3 id="filter-pem-blocks">Filter PEM blocks</h3>
 
+<p>Consider you have a secret that contains both a certificate and a private key encoded in PEM format and it is your goal to use only the certificate from that secret.</p>
 
+<div class="highlight"><pre><span></span><code>-----BEGIN PRIVATE KEY-----
 
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCvxGZOW4IXvGlh
 
+ . . .
 
+m8JCpbJXDfSSVxKHgK1Siw4K6pnTsIA2e/Z+Ha2fvtocERjq7VQMAJFaIZSTKo9Q
 
+JwwY+vj0yxWjyzHUzZB33tg=
 
+-----END PRIVATE KEY-----
 
+-----BEGIN CERTIFICATE-----
 
+MIIDMDCCAhigAwIBAgIQabPaXuZCQaCg+eQAVptGGDANBgkqhkiG9w0BAQsFADAV
 
+ . . .
 
+NtFUGA95RGN9s+pl6XY0YARPHf5O76ErC1OZtDTR5RdyQfcM+94gYZsexsXl0aQO
 
+9YD3Wg==
 
+-----END CERTIFICATE-----
 
+</code></pre></div>
 
+<p>You can achieve that by using the <code>filterPEM</code> function to extract a specific type of PEM block from that secret. If multiple blocks of that type (here: <code>CERTIFICATE</code>) exist then all of them are returned in the order they are specified.</p>
 
+<h2 id="helper-functions">Helper functions</h2>
 
+<div class="admonition info inline end">
 
+<p class="admonition-title">Info</p>
 
+<p>Note: we removed <code>env</code> and <code>expandenv</code> from sprig functions for security reasons.</p>
 
+</div>
 
+<p>We provide a couple of convenience functions that help you transform your secrets. This is useful when dealing with PKCS#12 archives or JSON Web Keys (JWK).</p>
 
+<p>In addition to that you can use over 200+ <a href="http://masterminds.github.io/sprig/">sprig functions</a>. If you feel a function is missing or might be valuable feel free to open an issue and submit a <a href="../contributing-process/#submitting-a-pull-request">pull request</a>.</p>
 
+<p><br/></p>
 
+<table>
 
+<thead>
 
+<tr>
 
+<th>Function</th>
 
+<th>Description</th>
 
+</tr>
 
+</thead>
 
+<tbody>
 
+<tr>
 
+<td>pkcs12key</td>
 
+<td>Extracts all private keys from a PKCS#12 archive and encodes them in <strong>PKCS#8 PEM</strong> format.</td>
 
+</tr>
 
+<tr>
 
+<td>pkcs12keyPass</td>
 
+<td>Same as <code>pkcs12key</code>. Uses the provided password to decrypt the PKCS#12 archive.</td>
 
+</tr>
 
+<tr>
 
+<td>pkcs12cert</td>
 
+<td>Extracts all certificates from a PKCS#12 archive and orders them if possible. If disjunct or multiple leaf certs are provided they are returned as-is. <br/> Sort order: <code>leaf / intermediate(s) / root</code>.</td>
 
+</tr>
 
+<tr>
 
+<td>pkcs12certPass</td>
 
+<td>Same as <code>pkcs12cert</code>. Uses the provided password to decrypt the PKCS#12 archive.</td>
 
+</tr>
 
+<tr>
 
+<td>filterPEM</td>
 
+<td>Filters PEM blocks with a specific type from a list of PEM blocks.</td>
 
+</tr>
 
+</tbody>
 
+</table>
 
+<p>| jwkPublicKeyPem | Takes an json-serialized JWK and returns an PEM block of type <code>PUBLIC KEY</code> that contains the public key. <a href="https://golang.org/pkg/crypto/x509/#MarshalPKIXPublicKey">See here</a> for details. |
 
+| jwkPrivateKeyPem | Takes an json-serialized JWK as <code>string</code> and returns an PEM block of type <code>PRIVATE KEY</code> that contains the private key in PKCS #8 format. <a href="https://golang.org/pkg/crypto/x509/#MarshalPKCS8PrivateKey">See here</a> for details. |</p>
 
+<h2 id="migrating-from-v1">Migrating from v1</h2>
 
+<p>You have to opt-in to use the new engine version by specifying <code>template.engineVersion=v2</code>:</p>
 
+<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span><span class="w"></span>
 
+<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span><span class="w"></span>
 
+<span class="nt">metadata</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret</span><span class="w"></span>
 
+<span class="nt">spec</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">  </span><span class="c1"># ...</span><span class="w"></span>
 
+<span class="w">  </span><span class="nt">target</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">    </span><span class="nt">template</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">      </span><span class="nt">engineVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v2</span><span class="w"></span>
 
+<span class="w">  </span><span class="c1"># ...</span><span class="w"></span>
 
+</code></pre></div>
 
+<p>The biggest change was that basically all function parameter types were changed from accepting/returning <code>[]byte</code> to <code>string</code>. This is relevant for you because now you don't need to specify <code>toString</code> all the time at the end of a template pipeline.</p>
 
+<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span><span class="w"></span>
 
+<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span><span class="w"></span>
 
+<span class="c1"># ...</span><span class="w"></span>
 
+<span class="nt">spec</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">  </span><span class="nt">target</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">    </span><span class="nt">template</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">      </span><span class="nt">engineVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v2</span><span class="w"></span>
 
+<span class="w">      </span><span class="nt">data</span><span class="p">:</span><span class="w"></span>
 
+<span class="w">        </span><span class="c1"># this used to be {{ .foobar | toString }}</span><span class="w"></span>
 
+<span class="w">        </span><span class="nt">egg</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;new:</span><span class="nv"> </span><span class="s">{{</span><span class="nv"> </span><span class="s">.foobar</span><span class="nv"> </span><span class="s">}}&quot;</span><span class="w"></span>
 
 </code></pre></div>
 
+<h5 id="functions-removedreplaced">Functions removed/replaced</h5>
 
+<ul>
 
+<li><code>base64encode</code> was renamed to <code>b64enc</code>.</li>
 
+<li><code>base64decode</code> was renamed to <code>b64dec</code>. Any errors that occurr during decoding are silenced.</li>
 
+<li><code>fromJSON</code> was renamed to <code>fromJson</code>. Any errors that occurr during unmarshalling are silenced.</li>
 
+<li><code>toJSON</code> was renamed to <code>toJson</code>. Any errors that occurr during marshalling are silenced.</li>
 
+<li><code>pkcs12key</code> and <code>pkcs12keyPass</code> encode the PKCS#8 key directly into PEM format. There is no need to call <code>pemPrivateKey</code> anymore. Also, these functions do extract all private keys from the PKCS#12 archive not just the first one.</li>
 
+<li><code>pkcs12cert</code> and <code>pkcs12certPass</code> encode the certs directly into PEM format. There is no need to call <code>pemCertificate</code> anymore. These functions now <strong>extract all certificates</strong> from the PKCS#12 archive not just the first one.</li>
 
+<li><code>toString</code> implementation was replaced by the <code>sprig</code> implementation and should be api-compatible.</li>
 
+<li><code>toBytes</code> was removed.</li>
 
+<li><code>pemPrivateKey</code> was removed. It's now implemented within the <code>pkcs12*</code> functions.</li>
 
+<li><code>pemCertificate</code> was removed. It's now implemented within the <code>pkcs12*</code> functions.</li>
 
+</ul>
 
 
               
             </article>

File diff suppressed because it is too large
+ 0 - 0
v0.4.3/search/search_index.json


BIN
v0.4.3/sitemap.xml.gz
View File


Some files were not shown because too many files changed in this diff