Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

#150 Update docs

xxxbobrxxx 4 years ago
parent
c900c8deb5
commit
c52a54893f
3 changed files with 64 additions and 0 deletions
Split View Show Diff Stats
  1. 22 0
      docs/provider-hashicorp-vault.md
  2. 21 0
      docs/snippets/vault-jwt-store.yaml
  3. 21 0
      docs/snippets/vault-ldap-store.yaml

+ 22 - 0
docs/provider-hashicorp-vault.md
View File 

@@ -44,3 +44,25 @@ options of optaining credentials for vault:
 
 ```yaml
 
 {% include 'vault-kubernetes-store.yaml' %}
 
 ```
 
+
 
+#### LDAP authentication
 
+
 
+[LDAP authentication](https://www.vaultproject.io/docs/auth/ldap) uses
 
+username/password pair to get an access token. Username is stored directly in
 
+a `Kind=SecretStore` or `Kind=ClusterSecretStore` resource, password is stored
 
+in a `Kind=Secret` referenced by the `secretRef`.
 
+
 
+```yaml
 
+{% include 'vault-ldap-store.yaml' %}
 
+```
 
+
 
+#### JWT/OIDC authentication
 
+
 
+[JWT/OIDC](https://www.vaultproject.io/docs/auth/jwt) uses a
 
+[JWT](https://jwt.io/) token stored in a `Kind=Secret` and referenced by the
 
+`secretRef`. Optionally a `role` field can be defined in a `Kind=SecretStore`
 
+or `Kind=ClusterSecretStore` resource.
 
+
 
+```yaml
 
+{% include 'vault-jwt-store.yaml' %}
 
+```

+ 21 - 0
docs/snippets/vault-jwt-store.yaml
View File 

@@ -0,0 +1,21 @@
 
+apiVerson: external-secrets.io/v1alpha1
 
+kind: SecretStore
 
+metadata:
 
+  name: vault-backend
 
+  namespace: example
 
+spec:
 
+  provider:
 
+    vault:
 
+      server: "https://vault.acme.org"
 
+      path: "secret"
 
+      version: "v2"
 
+      auth:
 
+        # VaultJwt authenticates with Vault using the JWT/OIDC auth mechanism
 
+        # https://www.vaultproject.io/docs/auth/jwt
 
+        jwt:
 
+          # JWT role configured in a Vault server, optional.
 
+          role: "vault-jwt-role"
 
+          secretRef:
 
+            name: "my-secret"
 
+            namespace: "secret-admin"
 
+            key: "jwt-token"

+ 21 - 0
docs/snippets/vault-ldap-store.yaml
View File 

@@ -0,0 +1,21 @@
 
+apiVerson: external-secrets.io/v1alpha1
 
+kind: SecretStore
 
+metadata:
 
+  name: vault-backend
 
+  namespace: example
 
+spec:
 
+  provider:
 
+    vault:
 
+      server: "https://vault.acme.org"
 
+      path: "secret"
 
+      version: "v2"
 
+      auth:
 
+        # VaultLdap authenticates with Vault using the LDAP auth mechanism
 
+        # https://www.vaultproject.io/docs/auth/ldap
 
+        ldap:
 
+          # LDAP username
 
+          username: "username"
 
+          secretRef:
 
+            name: "my-secret"
 
+            namespace: "secret-admin"
 
+            key: "ldap-password"