|
|
@@ -831,7 +831,7 @@ management. Vault itself implements lots of different secret engines, as of now
|
|
|
trade-offs. Depending on the authentication method you need to adapt your environment.</p>
|
|
|
<h4 id="token-based-authentication">Token-based authentication</h4>
|
|
|
<p>A static token is stored in a <code>Kind=Secret</code> and is used to authenticate with vault.</p>
|
|
|
-<div class="highlight"><pre><span></span><span class="nt">apiVerson</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
|
|
|
+<div class="highlight"><pre><span></span><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
|
|
|
<span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
|
|
|
<span class="nt">metadata</span><span class="p">:</span>
|
|
|
<span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">vault-backend</span>
|
|
|
@@ -854,7 +854,7 @@ trade-offs. Depending on the authentication method you need to adapt your enviro
|
|
|
<h4 id="approle-authentication-example">AppRole authentication example</h4>
|
|
|
<p><a href="https://www.vaultproject.io/docs/auth/approle">AppRole authentication</a> reads the secret id from a
|
|
|
<code>Kind=Secret</code> and uses the specified <code>roleId</code> to aquire a temporary token to fetch secrets.</p>
|
|
|
-<div class="highlight"><pre><span></span><span class="nt">apiVerson</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
|
|
|
+<div class="highlight"><pre><span></span><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
|
|
|
<span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
|
|
|
<span class="nt">metadata</span><span class="p">:</span>
|
|
|
<span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">vault-backend</span>
|
|
|
@@ -889,7 +889,7 @@ options of optaining credentials for vault:</p>
|
|
|
<li>by using transient credentials from the mounted service account token within the
|
|
|
external-secrets operator</li>
|
|
|
</ol>
|
|
|
-<div class="highlight"><pre><span></span><span class="nt">apiVerson</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
|
|
|
+<div class="highlight"><pre><span></span><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
|
|
|
<span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
|
|
|
<span class="nt">metadata</span><span class="p">:</span>
|
|
|
<span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">vault-backend</span>
|
|
|
@@ -927,7 +927,7 @@ options of optaining credentials for vault:</p>
|
|
|
username/password pair to get an access token. Username is stored directly in
|
|
|
a <code>Kind=SecretStore</code> or <code>Kind=ClusterSecretStore</code> resource, password is stored
|
|
|
in a <code>Kind=Secret</code> referenced by the <code>secretRef</code>.</p>
|
|
|
-<div class="highlight"><pre><span></span><span class="nt">apiVerson</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
|
|
|
+<div class="highlight"><pre><span></span><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
|
|
|
<span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
|
|
|
<span class="nt">metadata</span><span class="p">:</span>
|
|
|
<span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">vault-backend</span>
|
|
|
@@ -955,7 +955,7 @@ in a <code>Kind=Secret</code> referenced by the <code>secretRef</code>.</p>
|
|
|
<a href="https://jwt.io/">JWT</a> token stored in a <code>Kind=Secret</code> and referenced by the
|
|
|
<code>secretRef</code>. Optionally a <code>role</code> field can be defined in a <code>Kind=SecretStore</code>
|
|
|
or <code>Kind=ClusterSecretStore</code> resource.</p>
|
|
|
-<div class="highlight"><pre><span></span><span class="nt">apiVerson</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
|
|
|
+<div class="highlight"><pre><span></span><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
|
|
|
<span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
|
|
|
<span class="nt">metadata</span><span class="p">:</span>
|
|
|
<span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">vault-backend</span>
|
paul-the-alien[bot]