Deployed dd8c004f to main with MkDocs 1.6.0 and mike 1.2.0.dev0

main/provider/aws-parameter-store/index.html

@@ -2035,6 +2035,15 @@
     <nav class="md-nav" aria-label="Creating a Push Secret">
       <ul class="md-nav__list">
         
+          <li class="md-nav__item">
+  <a href="#additional-metadata-for-pushsecret" class="md-nav__link">
+    <span class="md-ellipsis">
+      Additional Metadata for PushSecret
+    </span>
+  </a>
+  
+</li>
+        
           <li class="md-nav__item">
   <a href="#check-successful-secret-sync" class="md-nav__link">
     <span class="md-ellipsis">
@@ -3354,6 +3363,15 @@
     <nav class="md-nav" aria-label="Creating a Push Secret">
       <ul class="md-nav__list">
         
+          <li class="md-nav__item">
+  <a href="#additional-metadata-for-pushsecret" class="md-nav__link">
+    <span class="md-ellipsis">
+      Additional Metadata for PushSecret
+    </span>
+  </a>
+  
+</li>
+        
           <li class="md-nav__item">
   <a href="#check-successful-secret-sync" class="md-nav__link">
     <span class="md-ellipsis">
@@ -3586,6 +3604,32 @@ Please estimate your costs before using ESO. Cost depends on the RefreshInterval
 <span class="w">        </span><span class="nt">remoteRef</span><span class="p">:</span>
 <span class="w">          </span><span class="nt">remoteKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-first-parameter</span><span class="w"> </span><span class="c1"># Remote reference (where the secret is going to be pushed)</span>
 </code></pre></div>
+<h4 id="additional-metadata-for-pushsecret">Additional Metadata for PushSecret</h4>
+<p>Optionally, it is possible to configure additional options for the parameter such as <code>Type</code> and encryption Key. To control this behaviour you can set the following provider's <code>metadata</code>:</p>
+<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
+<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">PushSecret</span>
+<span class="nt">metadata</span><span class="p">:</span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">pushsecret-example</span><span class="w"> </span><span class="c1"># Customisable</span>
+<span class="w">  </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">default</span><span class="w"> </span><span class="c1"># Same of the SecretStores</span>
+<span class="nt">spec</span><span class="p">:</span>
+<span class="w">  </span><span class="nt">deletionPolicy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Delete</span><span class="w"> </span><span class="c1"># the provider&#39; secret will be deleted if the PushSecret is deleted</span>
+<span class="w">  </span><span class="nt">refreshInterval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">10s</span><span class="w"> </span><span class="c1"># Refresh interval for which push secret will reconcile</span>
+<span class="w">  </span><span class="nt">secretStoreRefs</span><span class="p">:</span><span class="w"> </span><span class="c1"># A list of secret stores to push secrets to</span>
+<span class="w">    </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">aws-parameterstore</span>
+<span class="w">      </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
+<span class="w">  </span><span class="nt">selector</span><span class="p">:</span>
+<span class="w">    </span><span class="nt">secret</span><span class="p">:</span>
+<span class="w">      </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">pokedex-credentials</span><span class="w"> </span><span class="c1"># Source Kubernetes secret to be pushed</span>
+<span class="w">  </span><span class="nt">data</span><span class="p">:</span>
+<span class="w">    </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">match</span><span class="p">:</span>
+<span class="w">        </span><span class="nt">remoteRef</span><span class="p">:</span>
+<span class="w">          </span><span class="nt">remoteKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-first-parameter</span><span class="w"> </span><span class="c1"># Remote reference (where the secret is going to be pushed)</span>
+<span class="w">      </span><span class="nt">metadata</span><span class="p">:</span>
+<span class="w">        </span><span class="nt">parameterStoreType</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;SecureString&quot;</span>
+<span class="w">        </span><span class="nt">parameterStoreKeyID</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;bb123123-b2b0-4f60-ac3a-44a13f0e6b6c&quot;</span>
+</code></pre></div>
+<p><code>parameterStoreType</code> takes three options. <code>String</code>, <code>StringList</code>, and <code>SecureString</code>, where <code>String</code> is the <em>default</em>.</p>
+<p><code>parameterStoreKeyID</code> takes a KMS Key <code>$ID</code> or <code>$ARN</code> (in case a key source is created in another account) as a string, where <code>alias/aws/ssm</code> is the <em>default</em>. This property is only used if <code>parameterStoreType</code> is set as <code>SecureString</code>.</p>
 <h4 id="check-successful-secret-sync">Check successful secret sync</h4>
 <p>To be able to check that the secret has been succesfully synced you can run the following command:</p>
 <div class="highlight"><pre><span></span><code>kubectl<span class="w"> </span>get<span class="w"> </span>pushsecret<span class="w"> </span>pushsecret-example

main/snippets/aws-pm-push-secret-with-metadata.yaml

@@ -0,0 +1,21 @@
+apiVersion: external-secrets.io/v1alpha1
+kind: PushSecret
+metadata:
+  name: pushsecret-example # Customisable
+  namespace: default # Same of the SecretStores
+spec:
+  deletionPolicy: Delete # the provider' secret will be deleted if the PushSecret is deleted
+  refreshInterval: 10s # Refresh interval for which push secret will reconcile
+  secretStoreRefs: # A list of secret stores to push secrets to
+    - name: aws-parameterstore
+      kind: SecretStore
+  selector:
+    secret:
+      name: pokedex-credentials # Source Kubernetes secret to be pushed
+  data:
+    - match:
+        remoteRef:
+          remoteKey: my-first-parameter # Remote reference (where the secret is going to be pushed)
+      metadata:
+        parameterStoreType: "SecureString"
+        parameterStoreKeyID: "bb123123-b2b0-4f60-ac3a-44a13f0e6b6c"