Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Updated docum of PushSecret (#2391)

* Updated docum of PushSecret

Closes #2242

Signed-off-by: Sebastián Gómez <sebastiangomezcorrea@gmail.com>

* Updated image and completed diagram file

Signed-off-by: Sebastián Gómez <sebastiangomezcorrea@gmail.com>

---------

Signed-off-by: Sebastián Gómez <sebastiangomezcorrea@gmail.com>
Sebastián Gómez 2 years ago
parent
5421ec503f
commit
f5a4107b3f
6 changed files with 2324 additions and 2 deletions
Split View Show Diff Stats
  1. 6 1
      docs/api/pushsecret.md
  2. 18 0
      docs/guides/pushsecrets.md
  3. BIN
      docs/pictures/diagrams-pushsecret-backup.png
  4. BIN
      docs/pictures/diagrams-pushsecret-basic.png
  5. 2299 1
      docs/pictures/diagrams.drawio
  6. 1 0
      docs/snippets/full-pushsecret.yaml

+ 6 - 1
docs/api/pushsecret.md
View File 

@@ -1,4 +1,9 @@
 
-The `PushSecret` is namespaced and specifies how to push secrets to secret stores.
 
+![PushSecret](../pictures/diagrams-pushsecret-basic.png)
 
+
 
+The `PushSecret` is namespaced and it describes what data should be pushed to the secret provider.
 
+
 
+* tells the operator what secrets should be pushed by using `spec.selector`.
 
+* you can specify what secret keys should be pushed by using `spec.data`
 
 
 ``` yaml
 
 {% include 'full-pushsecret.yaml' %}

+ 18 - 0
docs/guides/pushsecrets.md
View File 

@@ -0,0 +1,18 @@
 
+
 
+Contrary to what `ExternalSecret` does by pulling secrets from secret providers and creating `kind=Secret` in your cluster, `PushSecret` reads a local `kind=Secret` and pushes its content to a secret provider.
 
+
 
+If there's already a secret in the secrets provided with the intended name of the secret to be created by the `PushSecret` you'll see the `PushSecret` in Error state, and when described you'll see a message saying `secret not managed by external-secrets`.
 
+
 
+By default, the secret created in the secret provided will not be deleted even after deleting the `PushSecret`, unless you set `spec.deletionPolicy` to Delete. 
+
 
+``` yaml
 
+{% include 'full-pushsecret.yaml' %}
 
+```
 
+
 
+## Backup use case
 
+
 
+An interesting use case for `kind=PushSecret` is backing up your current secret from one provider to another one.
 
+
 
+Imagine you have your secrets in GCP and you want to back them up in Azure Key Vault. You would then create a `SecretStore` for each provider, and an `ExternalSecret` to pull the secrets from GCP. This will generetae `kind=Secret` in your cluster that you can use as the source of a `PushSecret` configured with the Azure `SecretStore`. 
+
 
+![PushSecretBackup](../pictures/diagrams-pushsecret-backup.png)

BIN
docs/pictures/diagrams-pushsecret-backup.png
View File


BIN
docs/pictures/diagrams-pushsecret-basic.png
View File


File diff suppressed because it is too large
+ 2299 - 1
docs/pictures/diagrams.drawio


+ 1 - 0
docs/snippets/full-pushsecret.yaml
View File 

@@ -4,6 +4,7 @@ metadata:
 
   name: pushsecret-example # Customisable
 
   namespace: default # Same of the SecretStores
 
 spec:
 
+  deletionPolicy: Delete # the provider' secret will be deleted if the PushSecret is deleted
 
   refreshInterval: 10s # Refresh interval for which push secret will reconcile
 
   secretStoreRefs: # A list of secret stores to push secrets to
 
     - name: aws-parameterstore