|
|
@@ -1932,9 +1932,20 @@ should match snapshot of default values:
|
|
|
projectID:
|
|
|
description: ProjectID project where secret is located
|
|
|
type: string
|
|
|
+ secretVersionSelectionPolicy:
|
|
|
+ default: LatestOrFail
|
|
|
+ description: |-
|
|
|
+ SecretVersionSelectionPolicy specifies how the provider selects a secret version
|
|
|
+ when "latest" is disabled or destroyed.
|
|
|
+ Possible values are:
|
|
|
+ - LatestOrFail: the provider always uses "latest", or fails if that version is disabled/destroyed.
|
|
|
+ - LatestOrFetch: the provider falls back to fetching the latest version if the version is DESTROYED or DISABLED
|
|
|
+ type: string
|
|
|
type: object
|
|
|
github:
|
|
|
- description: Github configures this store to push Github Action secrets using Github API provider
|
|
|
+ description: |-
|
|
|
+ Github configures this store to push GitHub Action secrets using GitHub API provider.
|
|
|
+ Note: This provider only supports write operations (PushSecret) and cannot fetch secrets from GitHub
|
|
|
properties:
|
|
|
appID:
|
|
|
description: appID specifies the Github APP that will be used to authenticate the client
|
|
|
@@ -3144,6 +3155,62 @@ should match snapshot of default values:
|
|
|
type: string
|
|
|
type: object
|
|
|
type: object
|
|
|
+ ngrok:
|
|
|
+ description: Ngrok configures this store to sync secrets using the ngrok provider.
|
|
|
+ properties:
|
|
|
+ apiUrl:
|
|
|
+ default: https://api.ngrok.com
|
|
|
+ description: APIURL is the URL of the ngrok API.
|
|
|
+ type: string
|
|
|
+ auth:
|
|
|
+ description: Auth configures how the ngrok provider authenticates with the ngrok API.
|
|
|
+ maxProperties: 1
|
|
|
+ minProperties: 1
|
|
|
+ properties:
|
|
|
+ apiKey:
|
|
|
+ description: APIKey is the API Key used to authenticate with ngrok. See https://ngrok.com/docs/api/#authentication
|
|
|
+ properties:
|
|
|
+ secretRef:
|
|
|
+ description: SecretRef is a reference to a secret containing the ngrok API key.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: |-
|
|
|
+ A key in the referenced Secret.
|
|
|
+ Some instances of this field may be defaulted, in others it may be required.
|
|
|
+ maxLength: 253
|
|
|
+ minLength: 1
|
|
|
+ pattern: ^[-._a-zA-Z0-9]+$
|
|
|
+ type: string
|
|
|
+ name:
|
|
|
+ description: The name of the Secret resource being referred to.
|
|
|
+ maxLength: 253
|
|
|
+ minLength: 1
|
|
|
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
|
|
|
+ type: string
|
|
|
+ namespace:
|
|
|
+ description: |-
|
|
|
+ The namespace of the Secret resource being referred to.
|
|
|
+ Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
|
|
|
+ maxLength: 63
|
|
|
+ minLength: 1
|
|
|
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ vault:
|
|
|
+ description: Vault configures the ngrok vault to sync secrets with.
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: Name is the name of the ngrok vault to sync secrets with.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ type: object
|
|
|
+ required:
|
|
|
+ - auth
|
|
|
+ - vault
|
|
|
+ type: object
|
|
|
onboardbase:
|
|
|
description: Onboardbase configures this store to sync secrets using the Onboardbase provider
|
|
|
properties:
|
|
|
@@ -4040,6 +4107,12 @@ should match snapshot of default values:
|
|
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
|
|
type: string
|
|
|
type: object
|
|
|
+ path:
|
|
|
+ default: cert
|
|
|
+ description: |-
|
|
|
+ Path where the Certificate authentication backend is mounted
|
|
|
+ in Vault, e.g: "cert"
|
|
|
+ type: string
|
|
|
secretRef:
|
|
|
description: |-
|
|
|
SecretRef to a key in a Secret resource containing client private key to
|
|
|
@@ -4693,6 +4766,108 @@ should match snapshot of default values:
|
|
|
required:
|
|
|
- server
|
|
|
type: object
|
|
|
+ volcengine:
|
|
|
+ description: Volcengine configures this store to sync secrets using the Volcengine provider
|
|
|
+ properties:
|
|
|
+ auth:
|
|
|
+ description: |-
|
|
|
+ Auth defines the authentication method to use.
|
|
|
+ If not specified, the provider will try to use IRSA (IAM Role for Service Account).
|
|
|
+ properties:
|
|
|
+ secretRef:
|
|
|
+ description: |-
|
|
|
+ SecretRef defines the static credentials to use for authentication.
|
|
|
+ If not set, IRSA is used.
|
|
|
+ properties:
|
|
|
+ accessKeyID:
|
|
|
+ description: AccessKeyID is the reference to the secret containing the Access Key ID.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: |-
|
|
|
+ A key in the referenced Secret.
|
|
|
+ Some instances of this field may be defaulted, in others it may be required.
|
|
|
+ maxLength: 253
|
|
|
+ minLength: 1
|
|
|
+ pattern: ^[-._a-zA-Z0-9]+$
|
|
|
+ type: string
|
|
|
+ name:
|
|
|
+ description: The name of the Secret resource being referred to.
|
|
|
+ maxLength: 253
|
|
|
+ minLength: 1
|
|
|
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
|
|
|
+ type: string
|
|
|
+ namespace:
|
|
|
+ description: |-
|
|
|
+ The namespace of the Secret resource being referred to.
|
|
|
+ Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
|
|
|
+ maxLength: 63
|
|
|
+ minLength: 1
|
|
|
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ secretAccessKey:
|
|
|
+ description: SecretAccessKey is the reference to the secret containing the Secret Access Key.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: |-
|
|
|
+ A key in the referenced Secret.
|
|
|
+ Some instances of this field may be defaulted, in others it may be required.
|
|
|
+ maxLength: 253
|
|
|
+ minLength: 1
|
|
|
+ pattern: ^[-._a-zA-Z0-9]+$
|
|
|
+ type: string
|
|
|
+ name:
|
|
|
+ description: The name of the Secret resource being referred to.
|
|
|
+ maxLength: 253
|
|
|
+ minLength: 1
|
|
|
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
|
|
|
+ type: string
|
|
|
+ namespace:
|
|
|
+ description: |-
|
|
|
+ The namespace of the Secret resource being referred to.
|
|
|
+ Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
|
|
|
+ maxLength: 63
|
|
|
+ minLength: 1
|
|
|
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ token:
|
|
|
+ description: Token is the reference to the secret containing the STS(Security Token Service) Token.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: |-
|
|
|
+ A key in the referenced Secret.
|
|
|
+ Some instances of this field may be defaulted, in others it may be required.
|
|
|
+ maxLength: 253
|
|
|
+ minLength: 1
|
|
|
+ pattern: ^[-._a-zA-Z0-9]+$
|
|
|
+ type: string
|
|
|
+ name:
|
|
|
+ description: The name of the Secret resource being referred to.
|
|
|
+ maxLength: 253
|
|
|
+ minLength: 1
|
|
|
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
|
|
|
+ type: string
|
|
|
+ namespace:
|
|
|
+ description: |-
|
|
|
+ The namespace of the Secret resource being referred to.
|
|
|
+ Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
|
|
|
+ maxLength: 63
|
|
|
+ minLength: 1
|
|
|
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ required:
|
|
|
+ - accessKeyID
|
|
|
+ - secretAccessKey
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ region:
|
|
|
+ description: Region specifies the Volcengine region to connect to.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - region
|
|
|
+ type: object
|
|
|
webhook:
|
|
|
description: Webhook configures this store to sync secrets using a generic templated webhook
|
|
|
properties:
|
Gergely Brautigam