Deployed 57b73730e to main with MkDocs 1.6.1 and mike 1.2.0.dev0

main/provider/1password-sdk/index.html

@@ -5097,14 +5097,15 @@ that has the same title as another label we won't know which one to update and a
 <span class="nt">metadata</span><span class="p">:</span>
 <span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">source-secret</span>
 <span class="nt">stringData</span><span class="p">:</span>
-<span class="w">  </span><span class="nt">source-key</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;my-secret&quot;</span>
+<span class="w">  </span><span class="nt">api-key</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;my-api-key&quot;</span>
+<span class="w">  </span><span class="nt">api-url</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;https://example.com/api&quot;</span>
 </code></pre></div>
 <p>Looks like this:</p>
 <div class="highlight"><pre><span></span><code><span class="nn">---</span>
 <span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">PushSecret</span>
 <span class="nt">metadata</span><span class="p">:</span>
-<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">pushsecret-example</span><span class="w"> </span><span class="c1"># Customisable</span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">pushsecret-example</span><span class="w"> </span><span class="c1"># customizable</span>
 <span class="nt">spec</span><span class="p">:</span>
 <span class="w">  </span><span class="nt">deletionPolicy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Delete</span>
 <span class="w">  </span><span class="nt">refreshInterval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1h0m0s</span>
@@ -5116,18 +5117,56 @@ that has the same title as another label we won't know which one to update and a
 <span class="w">      </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">source-secret</span><span class="w"> </span><span class="c1"># Source Kubernetes secret</span>
 <span class="w">  </span><span class="nt">data</span><span class="p">:</span>
 <span class="w">    </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">match</span><span class="p">:</span>
-<span class="w">        </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">source-key</span><span class="w"> </span><span class="c1"># Source Kubernetes secret key to be pushed</span>
+<span class="w">        </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">api-key</span><span class="w"> </span><span class="c1"># Source Kubernetes secret key to be pushed</span>
 <span class="w">        </span><span class="nt">remoteRef</span><span class="p">:</span>
-<span class="w">          </span><span class="nt">remoteKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1pw-secret-name</span><span class="w"> </span><span class="c1"># 1Password item/secret name</span>
-<span class="w">          </span><span class="nt">property</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">password</span><span class="w">         </span><span class="c1"># (Optional) 1Password field type, default password</span>
+<span class="w">          </span><span class="nt">remoteKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1pw-item-name</span><span class="w">     </span><span class="c1"># 1Password item name</span>
+<span class="w">          </span><span class="nt">property</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">password</span><span class="w">           </span><span class="c1"># Field label within the 1Password item</span>
 <span class="w">      </span><span class="nt">metadata</span><span class="p">:</span>
 <span class="w">        </span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">kubernetes.external-secrets.io/v1alpha1</span>
 <span class="w">        </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">PushSecretMetadata</span>
 <span class="w">        </span><span class="nt">spec</span><span class="p">:</span>
-<span class="w">          </span><span class="nt">tags</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">[</span><span class="s">&quot;tag1&quot;</span><span class="p p-Indicator">,</span><span class="w"> </span><span class="s">&quot;tag2&quot;</span><span class="p p-Indicator">]</span><span class="w">    </span><span class="c1"># Optional metadata to be pushed with the secret</span>
+<span class="w">          </span><span class="nt">tags</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">[</span><span class="s">&quot;tag1&quot;</span><span class="p p-Indicator">,</span><span class="w"> </span><span class="s">&quot;tag2&quot;</span><span class="p p-Indicator">]</span><span class="w">  </span><span class="c1"># (Optional) tags on the 1Password item (item-level, not field-level)</span>
+<span class="w">                                  </span><span class="c1"># Tags are shared across all fields of the same remoteKey — last write wins if entries differ</span>
+<span class="w">          </span><span class="nt">fieldType</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">concealed</span><span class="w">    </span><span class="c1"># (Optional) field type (default: concealed)</span>
+<span class="w">                                  </span><span class="c1"># Accepted values (case-insensitive): text|string|concealed|password|url|email|phone|date|monthYear</span>
+<span class="w">    </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">match</span><span class="p">:</span>
+<span class="w">        </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">api-url</span>
+<span class="w">        </span><span class="nt">remoteRef</span><span class="p">:</span>
+<span class="w">          </span><span class="nt">remoteKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1pw-item-name</span><span class="w">     </span><span class="c1"># Same 1Password item — adds a second field</span>
+<span class="w">          </span><span class="nt">property</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">api-endpoint</span>
+<span class="w">      </span><span class="nt">metadata</span><span class="p">:</span>
+<span class="w">        </span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">kubernetes.external-secrets.io/v1alpha1</span>
+<span class="w">        </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">PushSecretMetadata</span>
+<span class="w">        </span><span class="nt">spec</span><span class="p">:</span>
+<span class="w">          </span><span class="nt">fieldType</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">url</span>
 </code></pre></div>
 <p>Once all fields of a secret are deleted, the entire secret is deleted if the PushSecret object is removed and
 policy is set to <code>delete</code>.</p>
+<p>To sync the entire secret into a single 1Password item, the following configuration can be used:</p>
+<div class="highlight"><pre><span></span><code><span class="nn">---</span>
+<span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
+<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">PushSecret</span>
+<span class="nt">metadata</span><span class="p">:</span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">pushsecret-all-keys-example</span><span class="w"> </span><span class="c1"># customizable</span>
+<span class="nt">spec</span><span class="p">:</span>
+<span class="w">  </span><span class="nt">deletionPolicy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Delete</span>
+<span class="w">  </span><span class="nt">refreshInterval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1h0m0s</span>
+<span class="w">  </span><span class="nt">secretStoreRefs</span><span class="p">:</span>
+<span class="w">    </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">onepassword</span>
+<span class="w">      </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
+<span class="w">  </span><span class="nt">selector</span><span class="p">:</span>
+<span class="w">    </span><span class="nt">secret</span><span class="p">:</span>
+<span class="w">      </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">source-secret</span><span class="w"> </span><span class="c1"># Source Kubernetes secret</span>
+<span class="w">  </span><span class="nt">data</span><span class="p">:</span>
+<span class="w">    </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">match</span><span class="p">:</span>
+<span class="w">        </span><span class="nt">remoteRef</span><span class="p">:</span>
+<span class="w">          </span><span class="nt">remoteKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1pw-item-name-all-keys</span><span class="w"> </span><span class="c1"># 1Password item name, each Kubernetes secret key becomes a separate concealed field</span>
+<span class="w">      </span><span class="nt">metadata</span><span class="p">:</span>
+<span class="w">        </span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">kubernetes.external-secrets.io/v1alpha1</span>
+<span class="w">        </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">PushSecretMetadata</span>
+<span class="w">        </span><span class="nt">spec</span><span class="p">:</span>
+<span class="w">          </span><span class="nt">tags</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">[</span><span class="s">&quot;tag1&quot;</span><span class="p p-Indicator">,</span><span class="w"> </span><span class="s">&quot;tag2&quot;</span><span class="p p-Indicator">]</span><span class="w">  </span><span class="c1"># (Optional) tags on the 1Password item</span>
+</code></pre></div>
 <h3 id="supported-functionality">Supported Functionality</h3>
 <p>Please check the documentation on 1password for <a href="https://developer.1password.com/docs/sdks/functionality">Supported Functionality</a>.</p>
 

main/snippets/1passwordsdk-push-secret-all-keys.yaml

@@ -0,0 +1,23 @@
+---
+apiVersion: external-secrets.io/v1alpha1
+kind: PushSecret
+metadata:
+  name: pushsecret-all-keys-example # customizable
+spec:
+  deletionPolicy: Delete
+  refreshInterval: 1h0m0s
+  secretStoreRefs:
+    - name: onepassword
+      kind: SecretStore
+  selector:
+    secret:
+      name: source-secret # Source Kubernetes secret
+  data:
+    - match:
+        remoteRef:
+          remoteKey: 1pw-item-name-all-keys # 1Password item name, each Kubernetes secret key becomes a separate concealed field
+      metadata:
+        apiVersion: kubernetes.external-secrets.io/v1alpha1
+        kind: PushSecretMetadata
+        spec:
+          tags: ["tag1", "tag2"]  # (Optional) tags on the 1Password item

main/snippets/1passwordsdk-push-secret.yaml

@@ -2,7 +2,7 @@
 apiVersion: external-secrets.io/v1alpha1
 kind: PushSecret
 metadata:
-  name: pushsecret-example # Customisable
+  name: pushsecret-example # customizable
 spec:
   deletionPolicy: Delete
   refreshInterval: 1h0m0s
@@ -14,12 +14,25 @@ spec:
       name: source-secret # Source Kubernetes secret
   data:
     - match:
-        secretKey: source-key # Source Kubernetes secret key to be pushed
+        secretKey: api-key # Source Kubernetes secret key to be pushed
         remoteRef:
-          remoteKey: 1pw-secret-name # 1Password item/secret name
-          property: password         # (Optional) 1Password field type, default password
+          remoteKey: 1pw-item-name     # 1Password item name
+          property: password           # Field label within the 1Password item
       metadata:
         apiVersion: kubernetes.external-secrets.io/v1alpha1
         kind: PushSecretMetadata
         spec:
-          tags: ["tag1", "tag2"]    # Optional metadata to be pushed with the secret
+          tags: ["tag1", "tag2"]  # (Optional) tags on the 1Password item (item-level, not field-level)
+                                  # Tags are shared across all fields of the same remoteKey — last write wins if entries differ
+          fieldType: concealed    # (Optional) field type (default: concealed)
+                                  # Accepted values (case-insensitive): text|string|concealed|password|url|email|phone|date|monthYear
+    - match:
+        secretKey: api-url
+        remoteRef:
+          remoteKey: 1pw-item-name     # Same 1Password item — adds a second field
+          property: api-endpoint
+      metadata:
+        apiVersion: kubernetes.external-secrets.io/v1alpha1
+        kind: PushSecretMetadata
+        spec:
+          fieldType: url