Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Deployed 00bc81c8 to main with MkDocs 1.4.3 and mike 1.1.2

moolen 3 years ago
parent
4a6dec61bd
commit
fa757ec088
5 changed files with 54 additions and 6 deletions
Split View Show Diff Stats
  1. 29 4
      main/provider/ibm-secrets-manager/index.html
  2. 0 0
      main/search/search_index.json
  3. BIN
      main/sitemap.xml.gz
  4. 21 0
      main/snippets/ibm-external-secret-by-name.yaml
  5. 4 2
      main/snippets/ibm-external-secret.yaml

+ 29 - 4
main/provider/ibm-secrets-manager/index.html
View File 

@@ -2507,7 +2507,8 @@
 
 <span class="w">  </span><span class="nt">keyB</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">...</span><span class="w"> </span><span class="c1">#valB</span>
 
 </code></pre></div>
 
 <h3 id="creating-external-secret">Creating external secret</h3>
 
-<p>To create a kubernetes secret from the IBM Secrets Manager, a <code>Kind=ExternalSecret</code> is needed.</p>
 
+<p>To create a kubernetes secret from the IBM Secrets Manager, a <code>Kind=ExternalSecret</code> is needed.
 
+Below example creates a kubernetes secret based on ID of the secret in Secrets Manager.</p>
 
 <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span>
 
 <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
 
 <span class="nt">metadata</span><span class="p">:</span>
 
@@ -2523,12 +2524,36 @@
 
 <span class="w">  </span><span class="nt">data</span><span class="p">:</span>
 
 <span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">username</span>
 
 <span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span>
 
-<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database_user</span>
 
+<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">username_password/&lt;SECRET_ID&gt;</span>
 
+<span class="w">      </span><span class="nt">property</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">username</span>
 
+<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">password</span>
 
+<span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span>
 
+<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">username_password/&lt;SECRET_ID&gt;</span>
 
+<span class="w">      </span><span class="nt">property</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">password</span>
 
+</code></pre></div>
 
+<p>Alternatively, secret name can be specified instead of secret ID.</p>
 
+<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span>
 
+<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
 
+<span class="nt">metadata</span><span class="p">:</span>
 
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database-credentials</span>
 
+<span class="nt">spec</span><span class="p">:</span>
 
+<span class="w">  </span><span class="nt">refreshInterval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">60m</span>
 
+<span class="w">  </span><span class="nt">secretStoreRef</span><span class="p">:</span>
 
+<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ibm-store</span>
 
+<span class="w">    </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
 
+<span class="w">  </span><span class="nt">target</span><span class="p">:</span>
 
+<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database-credentials</span>
 
+<span class="w">    </span><span class="nt">creationPolicy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Owner</span>
 
+<span class="w">  </span><span class="nt">data</span><span class="p">:</span>
 
+<span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">username</span>
 
+<span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span>
 
+<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">username_password/&lt;SECRET_NAME&gt;</span>
 
+<span class="w">      </span><span class="nt">property</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">username</span>
 
 <span class="w">  </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">password</span>
 
 <span class="w">    </span><span class="nt">remoteRef</span><span class="p">:</span>
 
-<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database_password</span>
 
+<span class="w">      </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">username_password/&lt;SECRET_NAME&gt;</span>
 
+<span class="w">      </span><span class="nt">property</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">password</span>
 
 </code></pre></div>
 
-<p>Currently we can only get the secret by its id and not its name, so something like <code>565287ce-578f-8d96-a746-9409d531fe2a</code>.</p>
 
 <h3 id="getting-the-kubernetes-secret">Getting the Kubernetes secret</h3>
 
 <p>The operator will fetch the IBM Secret Manager secret and inject it as a <code>Kind=Secret</code>
 
 <div class="highlight"><pre><span></span><code>kubectl get secret secret-to-be-created -n &lt;namespace&gt; | -o jsonpath=&#39;{.data.test}&#39; | base64 -d

File diff suppressed because it is too large
+ 0 - 0
main/search/search_index.json


BIN
main/sitemap.xml.gz
View File


+ 21 - 0
main/snippets/ibm-external-secret-by-name.yaml
View File 

@@ -0,0 +1,21 @@
 
+apiVersion: external-secrets.io/v1beta1
 
+kind: ExternalSecret
 
+metadata:
 
+  name: database-credentials
 
+spec:
 
+  refreshInterval: 60m
 
+  secretStoreRef:
 
+    name: ibm-store
 
+    kind: SecretStore
 
+  target:
 
+    name: database-credentials
 
+    creationPolicy: Owner
 
+  data:
 
+  - secretKey: username
 
+    remoteRef:
 
+      key: username_password/<SECRET_NAME>
 
+      property: username
 
+  - secretKey: password
 
+    remoteRef:
 
+      key: username_password/<SECRET_NAME>
 
+      property: password

+ 4 - 2
main/snippets/ibm-external-secret.yaml
View File 

@@ -13,7 +13,9 @@ spec:
 
   data:
 
   - secretKey: username
 
     remoteRef:
 
-      key: database_user
 
+      key: username_password/<SECRET_ID>
 
+      property: username
 
   - secretKey: password
 
     remoteRef:
 
-      key: database_password
 
+      key: username_password/<SECRET_ID>
 
+      property: password

Some files were not shown because too many files changed in this diff