Ana Sayfa Keşfet Yardım
Giriş Yap
logic855
/
helm-external-secrets
şunun yansıması https://github.com/external-secrets/external-secrets
1
0
Çatalla 0
Dosyalar Sorunlar 0 Wiki
Kaynağa Gözat

Deployed 06e184ae0 to main with MkDocs 1.6.1 and mike 1.2.0.dev0

Skarlso 6 ay önce
ebeveyn
e6c9d288e5
işleme
ecff9c141e
5 değiştirilmiş dosya ile 235 ekleme ve 12 silme
Birleşik Görünüm Farklılık Durumunu Göster
  1. 164 12
      main/provider/beyondtrust/index.html
  2. 0 0
      main/search/search_index.json
  3. 30 0
      main/snippets/beyondtrust-cluster-secret-store.yaml
  4. 34 0
      main/snippets/beyondtrust-push-secret.yaml
  5. 7 0
      main/snippets/beyondtrust-secret.yaml

+ 164 - 12
main/provider/beyondtrust/index.html
Dosyayı Görüntüle 

@@ -3034,6 +3034,39 @@
 
     </span>
 
     </span>
 
   </a>
 
   </a>
 
   
   
+</li>
 
+        
+          <li class="md-nav__item">
 
+  <a href="#creating-a-secret" class="md-nav__link">
 
+    <span class="md-ellipsis">
 
+      
+        Creating a Secret
 
+      
+    </span>
 
+  </a>
 
+  
+</li>
 
+        
+          <li class="md-nav__item">
 
+  <a href="#creating-an-clustersecretstore" class="md-nav__link">
 
+    <span class="md-ellipsis">
 
+      
+        Creating an ClusterSecretStore
 
+      
+    </span>
 
+  </a>
 
+  
+</li>
 
+        
+          <li class="md-nav__item">
 
+  <a href="#creating-an-pushsecret" class="md-nav__link">
 
+    <span class="md-ellipsis">
 
+      
+        Creating an PushSecret
 
+      
+    </span>
 
+  </a>
 
+  
 </li>
 
 </li>
 
         
         
       </ul>
 
       </ul>
 
@@ -4893,6 +4926,39 @@
 
     </span>
 
     </span>
 
   </a>
 
   </a>
 
   
   
+</li>
 
+        
+          <li class="md-nav__item">
 
+  <a href="#creating-a-secret" class="md-nav__link">
 
+    <span class="md-ellipsis">
 
+      
+        Creating a Secret
 
+      
+    </span>
 
+  </a>
 
+  
+</li>
 
+        
+          <li class="md-nav__item">
 
+  <a href="#creating-an-clustersecretstore" class="md-nav__link">
 
+    <span class="md-ellipsis">
 
+      
+        Creating an ClusterSecretStore
 
+      
+    </span>
 
+  </a>
 
+  
+</li>
 
+        
+          <li class="md-nav__item">
 
+  <a href="#creating-an-pushsecret" class="md-nav__link">
 
+    <span class="md-ellipsis">
 
+      
+        Creating an PushSecret
 
+      
+    </span>
 
+  </a>
 
+  
 </li>
 
 </li>
 
         
         
       </ul>
 
       </ul>
 
@@ -5015,24 +5081,110 @@ You can also use a <code>ClusterExternalSecret</code> allowing you to reference
 
 <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1</span>
 
 <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1</span>
 
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
 
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
 
 <span class="nt">metadata</span><span class="p">:</span>
 
 <span class="nt">metadata</span><span class="p">:</span>
 
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">beyondtrust-external-secret</span>
 
+<span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">beyondtrust-external-secret</span>
 
 <span class="nt">spec</span><span class="p">:</span>
 
 <span class="nt">spec</span><span class="p">:</span>
 
-<span class="w">  </span><span class="nt">refreshInterval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1h</span>
 
-<span class="w">  </span><span class="nt">secretStoreRef</span><span class="p">:</span>
 
-<span class="w">    </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
 
-<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secretstore-beyondtrust</span>
 
-<span class="w">  </span><span class="nt">target</span><span class="p">:</span>
 
-<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-beyondtrust-secret</span><span class="w"> </span><span class="c1"># name of secret to create in k8s secrets (etcd)</span>
 
-<span class="w">    </span><span class="nt">creationPolicy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Owner</span>
 
-<span class="w">  </span><span class="nt">data</span><span class="p">:</span>
 
-<span class="w">    </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secretKey</span>
 
-<span class="w">      </span><span class="nt">remoteRef</span><span class="p">:</span>
 
-<span class="w">        </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">system01/managed_account01</span>
 
+<span class="w"> </span><span class="nt">refreshInterval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1h</span>
 
+<span class="w"> </span><span class="nt">secretStoreRef</span><span class="p">:</span>
 
+<span class="w">   </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
 
+<span class="w">   </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secretstore-beyondtrust</span>
 
+<span class="w"> </span><span class="nt">target</span><span class="p">:</span>
 
+<span class="w">   </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-beyondtrust-secret</span><span class="w"> </span><span class="c1"># name of secret to create in k8s secrets (etcd)</span>
 
+<span class="w">   </span><span class="nt">creationPolicy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Owner</span>
 
+<span class="w"> </span><span class="nt">data</span><span class="p">:</span>
 
+<span class="w">   </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secretKey</span>
 
+<span class="w">     </span><span class="nt">remoteRef</span><span class="p">:</span>
 
+<span class="w">       </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">system01/managed_account01</span>
 
 </code></pre></div>
 
 </code></pre></div>
 
 <h3 id="get-the-k8s-secret">Get the K8s secret</h3>
 
 <h3 id="get-the-k8s-secret">Get the K8s secret</h3>
 
 <div class="highlight"><pre><span></span><code><span class="c1"># WARNING: this command will reveal the stored secret in plain text</span>
 
 <div class="highlight"><pre><span></span><code><span class="c1"># WARNING: this command will reveal the stored secret in plain text</span>
 
 kubectl<span class="w"> </span>get<span class="w"> </span>secret<span class="w"> </span>my-beyondtrust-secret<span class="w"> </span>-o<span class="w"> </span><span class="nv">jsonpath</span><span class="o">=</span><span class="s2">&quot;{.data.secretKey}&quot;</span><span class="w"> </span><span class="p">|</span><span class="w"> </span>base64<span class="w"> </span>--decode<span class="w"> </span><span class="o">&amp;&amp;</span><span class="w"> </span><span class="nb">echo</span>
 
 kubectl<span class="w"> </span>get<span class="w"> </span>secret<span class="w"> </span>my-beyondtrust-secret<span class="w"> </span>-o<span class="w"> </span><span class="nv">jsonpath</span><span class="o">=</span><span class="s2">&quot;{.data.secretKey}&quot;</span><span class="w"> </span><span class="p">|</span><span class="w"> </span>base64<span class="w"> </span>--decode<span class="w"> </span><span class="o">&amp;&amp;</span><span class="w"> </span><span class="nb">echo</span>
 
 </code></pre></div>
 
 </code></pre></div>
 
+<h3 id="creating-a-secret">Creating a Secret</h3>
 
+<p>The following example shows how to create a Kubernetes <code>Secret</code> that will later be pushed to BeyondTrust.</p>
 
+<div class="highlight"><pre><span></span><code>kubectl<span class="w"> </span>apply<span class="w"> </span>-f<span class="w"> </span>beyondtrust-secret.yml
 
+</code></pre></div>
 
+<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v1</span>
 
+<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Secret</span>
 
+<span class="nt">metadata</span><span class="p">:</span>
 
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">app-credentials</span>
 
+<span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Opaque</span>
 
+<span class="nt">stringData</span><span class="p">:</span>
 
+<span class="w">  </span><span class="nt">password</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">S3cr3tP@ss</span>
 
+</code></pre></div>
 
+<h3 id="creating-an-clustersecretstore">Creating an ClusterSecretStore</h3>
 
+<p>The following example demonstrates how to create a <code>ClusterSecretStore</code> configured to use the BeyondTrust provider.</p>
 
+<div class="highlight"><pre><span></span><code>kubectl<span class="w"> </span>apply<span class="w"> </span>-f<span class="w"> </span>beyondtrust-cluster-secret-store.yml
 
+</code></pre></div>
 
+<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1</span>
 
+<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ClusterSecretStore</span>
 
+<span class="nt">metadata</span><span class="p">:</span>
 
+<span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">beyondtrust-store</span>
 
+<span class="nt">spec</span><span class="p">:</span>
 
+<span class="w"> </span><span class="nt">provider</span><span class="p">:</span>
 
+<span class="w">   </span><span class="nt">beyondtrust</span><span class="p">:</span>
 
+<span class="w">    </span><span class="nt">auth</span><span class="p">:</span>
 
+<span class="w">      </span><span class="nt">certificate</span><span class="p">:</span>
 
+<span class="w">        </span><span class="nt">secretRef</span><span class="p">:</span>
 
+<span class="w">            </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">bt-certificate</span>
 
+<span class="w">            </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ClientCertificate</span>
 
+<span class="w">      </span><span class="nt">certificateKey</span><span class="p">:</span>
 
+<span class="w">        </span><span class="nt">secretRef</span><span class="p">:</span>
 
+<span class="w">            </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">bt-certificatekey</span>
 
+<span class="w">            </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ClientCertificateKey</span>
 
+<span class="w">      </span><span class="nt">clientSecret</span><span class="p">:</span>
 
+<span class="w">        </span><span class="nt">secretRef</span><span class="p">:</span>
 
+<span class="w">          </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">bt-secret</span>
 
+<span class="w">          </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ClientSecret</span>
 
+<span class="w">      </span><span class="nt">clientId</span><span class="p">:</span>
 
+<span class="w">        </span><span class="nt">secretRef</span><span class="p">:</span>
 
+<span class="w">          </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">bt-id</span>
 
+<span class="w">          </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ClientId</span>
 
+<span class="w">    </span><span class="nt">server</span><span class="p">:</span>
 
+<span class="w">      </span><span class="nt">retrievalType</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">MANAGED_ACCOUNT</span>
 
+<span class="w">      </span><span class="nt">verifyCA</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
 
+<span class="w">      </span><span class="nt">clientTimeOutSeconds</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">45</span>
 
+<span class="w">      </span><span class="nt">apiUrl</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://example.test.com/BeyondTrust/</span>
 
+<span class="w">      </span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;3.1&quot;</span>
 
+</code></pre></div>
 
+<h3 id="creating-an-pushsecret">Creating an PushSecret</h3>
 
+<p>The example below demonstrates how to create a <code>PushSecret</code> resource to push secret data to BeyondTrust.</p>
 
+<div class="highlight"><pre><span></span><code>kubectl<span class="w"> </span>apply<span class="w"> </span>-f<span class="w"> </span>beyondtrust-push-secret.yml
 
+</code></pre></div>
 
+<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
 
+<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">PushSecret</span>
 
+<span class="nt">metadata</span><span class="p">:</span>
 
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">pushsecret-beyondtrust</span>
 
+<span class="nt">spec</span><span class="p">:</span>
 
+<span class="w">  </span><span class="nt">refreshInterval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1h</span>
 
+<span class="w">  </span><span class="nt">secretStoreRefs</span><span class="p">:</span>
 
+<span class="w">    </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">beyondtrust-store</span>
 
+<span class="w">      </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ClusterSecretStore</span>
 
+<span class="w">  </span><span class="nt">selector</span><span class="p">:</span>
 
+<span class="w">    </span><span class="nt">secret</span><span class="p">:</span>
 
+<span class="w">      </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">app-credentials</span>
 
+<span class="w">  </span><span class="nt">data</span><span class="p">:</span>
 
+<span class="w">    </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">match</span><span class="p">:</span>
 
+<span class="w">        </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;password&quot;</span>
 
+<span class="w">        </span><span class="nt">remoteRef</span><span class="p">:</span>
 
+<span class="w">          </span><span class="nt">remoteKey</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;&quot;</span><span class="w"> </span><span class="c1"># not used in Beyondtrust PushSecret</span>
 
+<span class="w">          </span><span class="nt">property</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;&quot;</span><span class="w"> </span><span class="c1"># not used in Beyondtrust PushSecret</span>
 
+<span class="w">      </span><span class="nt">metadata</span><span class="p">:</span>
 
+<span class="w">        </span><span class="nt">secret_type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">CREDENTIAL</span><span class="w"> </span><span class="c1"># (FILE/CREDENTIAL/TEXT)</span>
 
+<span class="w">        </span><span class="nt">title</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Secret Title 505</span>
 
+<span class="w">        </span><span class="nt">username</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">fhernandez</span>
 
+<span class="w">        </span><span class="nt">description</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Secret Title Description</span>
 
+<span class="w">        </span><span class="nt">file_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">credentials.txt</span><span class="w"> </span><span class="c1"># only for FILE secret_type</span>
 
+<span class="w">        </span><span class="nt">notes</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;Example</span><span class="nv"> </span><span class="s">Notes&quot;</span>
 
+<span class="w">        </span><span class="nt">folder_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">folder1</span>
 
+<span class="w">        </span><span class="nt">owner_id</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1</span>
 
+<span class="w">        </span><span class="nt">group_id</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1</span>
 
+<span class="w">        </span><span class="nt">owner_type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">User</span>
 
+<span class="w">        </span><span class="nt">notes</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;This</span><span class="nv"> </span><span class="s">is</span><span class="nv"> </span><span class="s">a</span><span class="nv"> </span><span class="s">sample</span><span class="nv"> </span><span class="s">note</span><span class="nv"> </span><span class="s">for</span><span class="nv"> </span><span class="s">the</span><span class="nv"> </span><span class="s">secret&quot;</span>
 
+<span class="w">        </span><span class="nt">urls</span><span class="p">:</span><span class="w"> </span><span class="c1"># List of URLs associated with the secret (optional)</span>
 
+<span class="w">          </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">url</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://myapp.example.com/login</span>
 
+<span class="w">            </span><span class="nt">id</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;454&quot;</span>
 
+<span class="w">            </span><span class="nt">credential_id</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;25&quot;</span>
 
+</code></pre></div>

Dosya farkı çok büyük olduğundan ihmal edildi
+ 0 - 0
main/search/search_index.json


+ 30 - 0
main/snippets/beyondtrust-cluster-secret-store.yaml
Dosyayı Görüntüle 

@@ -0,0 +1,30 @@
 
+apiVersion: external-secrets.io/v1
 
+kind: ClusterSecretStore
 
+metadata:
 
+ name: beyondtrust-store
 
+spec:
 
+ provider:
 
+   beyondtrust:
 
+    auth:
 
+      certificate:
 
+        secretRef:
 
+            name: bt-certificate
 
+            key: ClientCertificate
 
+      certificateKey:
 
+        secretRef:
 
+            name: bt-certificatekey
 
+            key: ClientCertificateKey
 
+      clientSecret:
 
+        secretRef:
 
+          name: bt-secret
 
+          key: ClientSecret
 
+      clientId:
 
+        secretRef:
 
+          name: bt-id
 
+          key: ClientId
 
+    server:
 
+      retrievalType: MANAGED_ACCOUNT
 
+      verifyCA: true
 
+      clientTimeOutSeconds: 45
 
+      apiUrl: https://example.test.com/BeyondTrust/
 
+      apiVersion: "3.1"

+ 34 - 0
main/snippets/beyondtrust-push-secret.yaml
Dosyayı Görüntüle 

@@ -0,0 +1,34 @@
 
+apiVersion: external-secrets.io/v1alpha1
 
+kind: PushSecret
 
+metadata:
 
+  name: pushsecret-beyondtrust
 
+spec:
 
+  refreshInterval: 1h
 
+  secretStoreRefs:
 
+    - name: beyondtrust-store
 
+      kind: ClusterSecretStore
 
+  selector:
 
+    secret:
 
+      name: app-credentials
 
+  data:
 
+    - match:
 
+        secretKey: "password"
 
+        remoteRef:
 
+          remoteKey: "" # not used in Beyondtrust PushSecret
 
+          property: "" # not used in Beyondtrust PushSecret
 
+      metadata:
 
+        secret_type: CREDENTIAL # (FILE/CREDENTIAL/TEXT)
 
+        title: Secret Title 505
 
+        username: fhernandez
 
+        description: Secret Title Description
 
+        file_name: credentials.txt # only for FILE secret_type
 
+        notes: "Example Notes"
 
+        folder_name: folder1
 
+        owner_id: 1
 
+        group_id: 1
 
+        owner_type: User
 
+        notes: "This is a sample note for the secret"
 
+        urls: # List of URLs associated with the secret (optional)
 
+          - url: https://myapp.example.com/login
 
+            id: "454"
 
+            credential_id: "25"

+ 7 - 0
main/snippets/beyondtrust-secret.yaml
Dosyayı Görüntüle 

@@ -0,0 +1,7 @@
 
+apiVersion: v1
 
+kind: Secret
 
+metadata:
 
+  name: app-credentials
 
+type: Opaque
 
+stringData:
 
+  password: S3cr3tP@ss

Bu fark içinde çok fazla dosya değişikliği olduğu için bazı dosyalar gösterilmiyor