apiVersion: external-secrets.io/v1 kind: ClusterSecretStore metadata: {} spec: conditions: - namespaceRegexes: [] # minItems 0 of type string namespaceSelector: matchExpressions: - key: string operator: string values: [] # minItems 0 of type string matchLabels: {} namespaces: [] # minItems 0 of type string controller: string provider: akeyless: akeylessGWApiURL: string authSecretRef: kubernetesAuth: accessID: string k8sConfName: string secretRef: key: string name: string namespace: string serviceAccountRef: audiences: [] # minItems 0 of type string name: string namespace: string secretRef: accessID: key: string name: string namespace: string accessType: key: string name: string namespace: string accessTypeParam: key: string name: string namespace: string caBundle: c3RyaW5n caProvider: key: string name: string namespace: string type: "Secret" # "Secret", "ConfigMap" alibaba: auth: rrsa: oidcProviderArn: string oidcTokenFilePath: string roleArn: string sessionName: string secretRef: accessKeyIDSecretRef: key: string name: string namespace: string accessKeySecretSecretRef: key: string name: string namespace: string regionID: string aws: additionalRoles: [] # minItems 0 of type string auth: jwt: serviceAccountRef: audiences: [] # minItems 0 of type string name: string namespace: string secretRef: accessKeyIDSecretRef: key: string name: string namespace: string secretAccessKeySecretRef: key: string name: string namespace: string sessionTokenSecretRef: key: string name: string namespace: string externalID: string prefix: string region: string role: string secretsManager: forceDeleteWithoutRecovery: true recoveryWindowInDays: 1 service: "SecretsManager" # "SecretsManager", "ParameterStore" sessionTags: - key: string value: string transitiveTagKeys: [] # minItems 0 of type string azurekv: authSecretRef: clientCertificate: key: string name: string namespace: string clientId: key: string name: string namespace: string clientSecret: key: string name: string namespace: string tenantId: key: string name: string namespace: string authType: "ServicePrincipal" environmentType: "PublicCloud" identityId: string serviceAccountRef: audiences: [] # minItems 0 of type string name: string namespace: string tenantId: string vaultUrl: string beyondtrust: auth: apiKey: secretRef: key: string name: string namespace: string value: string certificate: secretRef: key: string name: string namespace: string value: string certificateKey: secretRef: key: string name: string namespace: string value: string clientId: secretRef: key: string name: string namespace: string value: string clientSecret: secretRef: key: string name: string namespace: string value: string server: apiUrl: string apiVersion: external-secrets.io/v1 clientTimeOutSeconds: 1 retrievalType: string separator: string verifyCA: true bitwardensecretsmanager: apiURL: string auth: secretRef: credentials: key: string name: string namespace: string bitwardenServerSDKURL: string caBundle: string caProvider: key: string name: string namespace: string type: "Secret" # "Secret", "ConfigMap" identityURL: string organizationID: string projectID: string chef: auth: secretRef: privateKeySecretRef: key: string name: string namespace: string serverUrl: string username: string cloudrusm: auth: secretRef: accessKeyIDSecretRef: key: string name: string namespace: string accessKeySecretSecretRef: key: string name: string namespace: string projectID: string conjur: auth: apikey: account: string apiKeyRef: key: string name: string namespace: string userRef: key: string name: string namespace: string jwt: account: string hostId: string secretRef: key: string name: string namespace: string serviceAccountRef: audiences: [] # minItems 0 of type string name: string namespace: string serviceID: string caBundle: string caProvider: key: string name: string namespace: string type: "Secret" # "Secret", "ConfigMap" url: string delinea: clientId: secretRef: key: string name: string namespace: string value: string clientSecret: secretRef: key: string name: string namespace: string value: string tenant: string tld: string urlTemplate: string device42: auth: secretRef: credentials: key: string name: string namespace: string host: string doppler: auth: secretRef: dopplerToken: key: string name: string namespace: string config: string format: "json" # "json", "dotnet-json", "env", "yaml", "docker" nameTransformer: "upper-camel" # "upper-camel", "camel", "lower-snake", "tf-var", "dotnet-env", "lower-kebab" project: string fake: data: - key: string value: string version: string fortanix: apiKey: secretRef: key: string name: string namespace: string apiUrl: string gcpsm: auth: secretRef: secretAccessKeySecretRef: key: string name: string namespace: string workloadIdentity: clusterLocation: string clusterName: string clusterProjectID: string serviceAccountRef: audiences: [] # minItems 0 of type string name: string namespace: string location: string projectID: string github: appID: 1 auth: privateKey: key: string name: string namespace: string environment: string installationID: 1 organization: string repository: string uploadURL: string url: "https://github.com/" gitlab: auth: SecretRef: accessToken: key: string name: string namespace: string environment: string groupIDs: [] # minItems 0 of type string inheritFromGroups: true projectID: string url: string ibm: auth: containerAuth: iamEndpoint: string profile: string tokenLocation: string secretRef: secretApiKeySecretRef: key: string name: string namespace: string serviceUrl: string infisical: auth: universalAuthCredentials: clientId: key: string name: string namespace: string clientSecret: key: string name: string namespace: string hostAPI: "https://app.infisical.com/api" secretsScope: environmentSlug: string expandSecretReferences: true projectSlug: string recursive: false secretsPath: "/" keepersecurity: authRef: key: string name: string namespace: string folderID: string kubernetes: auth: cert: clientCert: key: string name: string namespace: string clientKey: key: string name: string namespace: string serviceAccount: audiences: [] # minItems 0 of type string name: string namespace: string token: bearerToken: key: string name: string namespace: string authRef: key: string name: string namespace: string remoteNamespace: "default" server: caBundle: c3RyaW5n caProvider: key: string name: string namespace: string type: "Secret" # "Secret", "ConfigMap" url: "kubernetes.default" onboardbase: apiHost: "https://public.onboardbase.com/api/v1/" auth: apiKeyRef: key: string name: string namespace: string passcodeRef: key: string name: string namespace: string environment: "development" project: "development" onepassword: auth: secretRef: connectTokenSecretRef: key: string name: string namespace: string connectHost: string vaults: {} onepasswordSDK: auth: serviceAccountSecretRef: key: string name: string namespace: string integrationInfo: name: "1Password SDK" version: "v1.0.0" vault: string oracle: auth: secretRef: fingerprint: key: string name: string namespace: string privatekey: key: string name: string namespace: string tenancy: string user: string compartment: string encryptionKey: string principalType: "" # "", "UserPrincipal", "InstancePrincipal", "Workload" region: string serviceAccountRef: audiences: [] # minItems 0 of type string name: string namespace: string vault: string passbolt: auth: passwordSecretRef: key: string name: string namespace: string privateKeySecretRef: key: string name: string namespace: string host: string passworddepot: auth: secretRef: credentials: key: string name: string namespace: string database: string host: string previder: auth: secretRef: accessToken: key: string name: string namespace: string baseUri: string pulumi: accessToken: secretRef: key: string name: string namespace: string apiUrl: "https://api.pulumi.com/api/esc" environment: string organization: string project: string scaleway: accessKey: secretRef: key: string name: string namespace: string value: string apiUrl: string projectId: string region: string secretKey: secretRef: key: string name: string namespace: string value: string secretserver: password: secretRef: key: string name: string namespace: string value: string serverURL: string username: secretRef: key: string name: string namespace: string value: string senhasegura: auth: clientId: string clientSecretSecretRef: key: string name: string namespace: string ignoreSslCertificate: false module: string url: string vault: auth: appRole: path: "approle" roleId: string roleRef: key: string name: string namespace: string secretRef: key: string name: string namespace: string cert: clientCert: key: string name: string namespace: string secretRef: key: string name: string namespace: string iam: externalID: string jwt: serviceAccountRef: audiences: [] # minItems 0 of type string name: string namespace: string path: string region: string role: string secretRef: accessKeyIDSecretRef: key: string name: string namespace: string secretAccessKeySecretRef: key: string name: string namespace: string sessionTokenSecretRef: key: string name: string namespace: string vaultAwsIamServerID: string vaultRole: string jwt: kubernetesServiceAccountToken: audiences: [] # minItems 0 of type string expirationSeconds: 1 serviceAccountRef: audiences: [] # minItems 0 of type string name: string namespace: string path: "jwt" role: string secretRef: key: string name: string namespace: string kubernetes: mountPath: "kubernetes" role: string secretRef: key: string name: string namespace: string serviceAccountRef: audiences: [] # minItems 0 of type string name: string namespace: string ldap: path: "ldap" secretRef: key: string name: string namespace: string username: string namespace: string tokenSecretRef: key: string name: string namespace: string userPass: path: "userpass" secretRef: key: string name: string namespace: string username: string caBundle: c3RyaW5n caProvider: key: string name: string namespace: string type: "Secret" # "Secret", "ConfigMap" forwardInconsistent: true headers: {} namespace: string path: string readYourWrites: true server: string tls: certSecretRef: key: string name: string namespace: string keySecretRef: key: string name: string namespace: string version: "v2" webhook: auth: ntlm: passwordSecret: key: string name: string namespace: string usernameSecret: key: string name: string namespace: string body: string caBundle: c3RyaW5n caProvider: key: string name: string namespace: string type: "Secret" # "Secret", "ConfigMap" headers: {} method: string result: jsonPath: string secrets: - name: string secretRef: key: string name: string namespace: string timeout: string url: string yandexcertificatemanager: apiEndpoint: string auth: authorizedKeySecretRef: key: string name: string namespace: string caProvider: certSecretRef: key: string name: string namespace: string yandexlockbox: apiEndpoint: string auth: authorizedKeySecretRef: key: string name: string namespace: string caProvider: certSecretRef: key: string name: string namespace: string refreshInterval: 1 retrySettings: maxRetries: 1 retryInterval: string status: capabilities: string conditions: - lastTransitionTime: 2024-10-11T12:48:44Z message: string reason: string status: string type: string