|
|
@@ -12083,6 +12083,7 @@ External Secrets meta/v1.SecretKeySelector
|
|
|
</em>
|
|
|
</td>
|
|
|
<td>
|
|
|
+<em>(Optional)</em>
|
|
|
<p>The AccessKeyID is used for authentication</p>
|
|
|
</td>
|
|
|
</tr>
|
|
|
@@ -12096,6 +12097,7 @@ External Secrets meta/v1.SecretKeySelector
|
|
|
</em>
|
|
|
</td>
|
|
|
<td>
|
|
|
+<em>(Optional)</em>
|
|
|
<p>The SecretAccessKey is used for authentication</p>
|
|
|
</td>
|
|
|
</tr>
|
|
|
@@ -12109,6 +12111,7 @@ External Secrets meta/v1.SecretKeySelector
|
|
|
</em>
|
|
|
</td>
|
|
|
<td>
|
|
|
+<em>(Optional)</em>
|
|
|
<p>The SessionToken used for authentication
|
|
|
This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
|
|
|
see: <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html">https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html</a></p>
|
|
|
@@ -12124,7 +12127,7 @@ see: <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_te
|
|
|
<a href="#external-secrets.io/v1beta1.VaultIamAuth">VaultIamAuth</a>)
|
|
|
</p>
|
|
|
<p>
|
|
|
-<p>Authenticate against AWS using service account tokens.</p>
|
|
|
+<p>VaultAwsJWTAuth Authenticate against AWS using service account tokens.</p>
|
|
|
</p>
|
|
|
<table>
|
|
|
<thead>
|
|
|
@@ -12144,6 +12147,7 @@ External Secrets meta/v1.ServiceAccountSelector
|
|
|
</em>
|
|
|
</td>
|
|
|
<td>
|
|
|
+<em>(Optional)</em>
|
|
|
</td>
|
|
|
</tr>
|
|
|
</tbody>
|
|
|
@@ -12155,7 +12159,7 @@ External Secrets meta/v1.ServiceAccountSelector
|
|
|
<a href="#external-secrets.io/v1beta1.VaultAuth">VaultAuth</a>)
|
|
|
</p>
|
|
|
<p>
|
|
|
-<p>VaultJwtAuth authenticates with Vault using the JWT/OIDC authentication
|
|
|
+<p>VaultCertAuth authenticates with Vault using the JWT/OIDC authentication
|
|
|
method, with the role name and token stored in a Kubernetes Secret resource.</p>
|
|
|
</p>
|
|
|
<table>
|
|
|
@@ -12191,6 +12195,7 @@ External Secrets meta/v1.SecretKeySelector
|
|
|
</em>
|
|
|
</td>
|
|
|
<td>
|
|
|
+<em>(Optional)</em>
|
|
|
<p>SecretRef to a key in a Secret resource containing client private key to
|
|
|
authenticate with Vault using the Cert authentication method</p>
|
|
|
</td>
|
|
|
@@ -12225,6 +12230,7 @@ External Secrets meta/v1.SecretKeySelector
|
|
|
</em>
|
|
|
</td>
|
|
|
<td>
|
|
|
+<em>(Optional)</em>
|
|
|
<p>CertSecretRef is a certificate added to the transport layer
|
|
|
when communicating with the Vault server.
|
|
|
If no key for the Secret is specified, external-secret will default to ‘tls.crt’.</p>
|
|
|
@@ -12240,6 +12246,7 @@ External Secrets meta/v1.SecretKeySelector
|
|
|
</em>
|
|
|
</td>
|
|
|
<td>
|
|
|
+<em>(Optional)</em>
|
|
|
<p>KeySecretRef to a key in a Secret resource containing client private key
|
|
|
added to the transport layer when communicating with the Vault server.
|
|
|
If no key for the Secret is specified, external-secret will default to ‘tls.key’.</p>
|
|
|
@@ -12272,6 +12279,7 @@ string
|
|
|
</em>
|
|
|
</td>
|
|
|
<td>
|
|
|
+<em>(Optional)</em>
|
|
|
<p>Path where the AWS auth method is enabled in Vault, e.g: “aws”</p>
|
|
|
</td>
|
|
|
</tr>
|
|
|
@@ -12283,6 +12291,7 @@ string
|
|
|
</em>
|
|
|
</td>
|
|
|
<td>
|
|
|
+<em>(Optional)</em>
|
|
|
<p>AWS region</p>
|
|
|
</td>
|
|
|
</tr>
|
|
|
@@ -12294,6 +12303,7 @@ string
|
|
|
</em>
|
|
|
</td>
|
|
|
<td>
|
|
|
+<em>(Optional)</em>
|
|
|
<p>This is the AWS role to be assumed before talking to vault</p>
|
|
|
</td>
|
|
|
</tr>
|
|
|
@@ -12327,6 +12337,7 @@ string
|
|
|
</em>
|
|
|
</td>
|
|
|
<td>
|
|
|
+<em>(Optional)</em>
|
|
|
<p>X-Vault-AWS-IAM-Server-ID is an additional header used by Vault IAM auth method to mitigate against different types of replay attacks. More details here: <a href="https://developer.hashicorp.com/vault/docs/auth/aws">https://developer.hashicorp.com/vault/docs/auth/aws</a></p>
|
|
|
</td>
|
|
|
</tr>
|
|
|
@@ -12637,7 +12648,7 @@ string
|
|
|
</em>
|
|
|
</td>
|
|
|
<td>
|
|
|
-<p>Username is a LDAP user name used to authenticate using the LDAP Vault
|
|
|
+<p>Username is an LDAP username used to authenticate using the LDAP Vault
|
|
|
authentication method</p>
|
|
|
</td>
|
|
|
</tr>
|
|
|
@@ -12651,6 +12662,7 @@ External Secrets meta/v1.SecretKeySelector
|
|
|
</em>
|
|
|
</td>
|
|
|
<td>
|
|
|
+<em>(Optional)</em>
|
|
|
<p>SecretRef to a key in a Secret resource containing password for the LDAP
|
|
|
user used to authenticate with Vault using the LDAP authentication
|
|
|
method</p>
|
|
|
@@ -12861,7 +12873,7 @@ string
|
|
|
</td>
|
|
|
<td>
|
|
|
<p>Path where the UserPassword authentication backend is mounted
|
|
|
-in Vault, e.g: “user”</p>
|
|
|
+in Vault, e.g: “userpass”</p>
|
|
|
</td>
|
|
|
</tr>
|
|
|
<tr>
|
|
|
@@ -12872,7 +12884,7 @@ string
|
|
|
</em>
|
|
|
</td>
|
|
|
<td>
|
|
|
-<p>Username is a user name used to authenticate using the UserPass Vault
|
|
|
+<p>Username is a username used to authenticate using the UserPass Vault
|
|
|
authentication method</p>
|
|
|
</td>
|
|
|
</tr>
|
|
|
@@ -12886,6 +12898,7 @@ External Secrets meta/v1.SecretKeySelector
|
|
|
</em>
|
|
|
</td>
|
|
|
<td>
|
|
|
+<em>(Optional)</em>
|
|
|
<p>SecretRef to a key in a Secret resource containing password for the
|
|
|
user used to authenticate with Vault using the UserPass authentication
|
|
|
method</p>
|
Skarlso