index.html 102 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791279227932794279527962797279827992800280128022803280428052806280728082809281028112812281328142815281628172818281928202821282228232824282528262827282828292830283128322833283428352836283728382839284028412842284328442845284628472848284928502851285228532854285528562857285828592860286128622863286428652866286728682869287028712872287328742875287628772878287928802881288228832884288528862887288828892890289128922893289428952896289728982899290029012902290329042905290629072908290929102911291229132914291529162917291829192920292129222923292429252926292729282929293029312932293329342935293629372938293929402941294229432944294529462947294829492950295129522953295429552956295729582959296029612962296329642965296629672968296929702971297229732974297529762977297829792980298129822983298429852986298729882989299029912992299329942995299629972998299930003001300230033004300530063007300830093010301130123013301430153016301730183019302030213022302330243025302630273028302930303031303230333034303530363037303830393040304130423043304430453046304730483049305030513052305330543055305630573058305930603061306230633064306530663067306830693070307130723073307430753076307730783079308030813082308330843085308630873088308930903091309230933094309530963097309830993100310131023103310431053106310731083109311031113112311331143115311631173118311931203121312231233124312531263127312831293130313131323133313431353136313731383139314031413142314331443145314631473148314931503151315231533154315531563157315831593160316131623163316431653166316731683169317031713172317331743175317631773178317931803181318231833184318531863187318831893190319131923193319431953196319731983199320032013202320332043205320632073208320932103211321232133214321532163217321832193220322132223223322432253226322732283229323032313232323332343235323632373238323932403241324232433244324532463247324832493250325132523253325432553256325732583259326032613262326332643265326632673268326932703271327232733274327532763277327832793280328132823283328432853286328732883289329032913292329332943295329632973298329933003301330233033304330533063307330833093310331133123313331433153316331733183319332033213322332333243325332633273328332933303331333233333334333533363337333833393340334133423343334433453346334733483349335033513352335333543355335633573358335933603361336233633364336533663367336833693370337133723373337433753376337733783379338033813382338333843385338633873388338933903391339233933394339533963397339833993400340134023403340434053406340734083409341034113412341334143415341634173418341934203421342234233424342534263427342834293430343134323433343434353436343734383439344034413442344334443445344634473448344934503451345234533454345534563457345834593460346134623463346434653466346734683469347034713472347334743475347634773478347934803481348234833484348534863487348834893490349134923493349434953496349734983499350035013502350335043505350635073508350935103511351235133514351535163517351835193520352135223523352435253526352735283529353035313532353335343535353635373538353935403541354235433544354535463547354835493550355135523553355435553556355735583559356035613562356335643565356635673568356935703571357235733574357535763577357835793580358135823583358435853586358735883589359035913592359335943595
  1. <!doctype html>
  2. <html lang="en" class="no-js">
  3. <head>
  4. <meta charset="utf-8">
  5. <meta name="viewport" content="width=device-width,initial-scale=1">
  6. <link rel="prev" href="../datafrom-rewrite/">
  7. <link rel="next" href="../templating-v1/">
  8. <link rel="icon" href="../../assets/images/favicon.png">
  9. <meta name="generator" content="mkdocs-1.5.3, mkdocs-material-9.5.4">
  10. <title>v2 - External Secrets Operator</title>
  11. <link rel="stylesheet" href="../../assets/stylesheets/main.50c56a3b.min.css">
  12. <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
  13. <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
  14. <style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
  15. <script>__md_scope=new URL("../..",location),__md_hash=e=>[...e].reduce((e,_)=>(e<<5)-e+_.charCodeAt(0),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
  16. <script id="__analytics">function __md_analytics(){function n(){dataLayer.push(arguments)}window.dataLayer=window.dataLayer||[],n("js",new Date),n("config","G-QP38TD8K7V"),document.addEventListener("DOMContentLoaded",function(){document.forms.search&&document.forms.search.query.addEventListener("blur",function(){this.value&&n("event","search",{search_term:this.value})}),document$.subscribe(function(){var a=document.forms.feedback;if(void 0!==a)for(var e of a.querySelectorAll("[type=submit]"))e.addEventListener("click",function(e){e.preventDefault();var t=document.location.pathname,e=this.getAttribute("data-md-value");n("event","feedback",{page:t,data:e}),a.firstElementChild.disabled=!0;e=a.querySelector(".md-feedback__note [data-md-value='"+e+"']");e&&(e.hidden=!1)}),a.hidden=!1}),location$.subscribe(function(e){n("config","G-QP38TD8K7V",{page_path:e.pathname})})});var e=document.createElement("script");e.async=!0,e.src="https://www.googletagmanager.com/gtag/js?id=G-QP38TD8K7V",document.getElementById("__analytics").insertAdjacentElement("afterEnd",e)}</script>
  17. <script>"undefined"!=typeof __md_analytics&&__md_analytics()</script>
  18. </head>
  19. <body dir="ltr">
  20. <input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
  21. <input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
  22. <label class="md-overlay" for="__drawer"></label>
  23. <div data-md-component="skip">
  24. <a href="#advanced-templating-v2" class="md-skip">
  25. Skip to content
  26. </a>
  27. </div>
  28. <div data-md-component="announce">
  29. </div>
  30. <div data-md-color-scheme="default" data-md-component="outdated" hidden>
  31. <aside class="md-banner md-banner--warning">
  32. <div class="md-banner__inner md-grid md-typeset">
  33. You're not viewing the latest version.
  34. <a href="../../..">
  35. <strong>Click here to go to latest.</strong>
  36. </a>
  37. </div>
  38. <script>var el=document.querySelector("[data-md-component=outdated]"),outdated=__md_get("__outdated",sessionStorage);!0===outdated&&el&&(el.hidden=!1)</script>
  39. </aside>
  40. </div>
  41. <header class="md-header" data-md-component="header">
  42. <nav class="md-header__inner md-grid" aria-label="Header">
  43. <a href="../.." title="External Secrets Operator" class="md-header__button md-logo" aria-label="External Secrets Operator" data-md-component="logo">
  44. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54Z"/></svg>
  45. </a>
  46. <label class="md-header__button md-icon" for="__drawer">
  47. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2Z"/></svg>
  48. </label>
  49. <div class="md-header__title" data-md-component="header-title">
  50. <div class="md-header__ellipsis">
  51. <div class="md-header__topic">
  52. <span class="md-ellipsis">
  53. External Secrets Operator
  54. </span>
  55. </div>
  56. <div class="md-header__topic" data-md-component="header-topic">
  57. <span class="md-ellipsis">
  58. v2
  59. </span>
  60. </div>
  61. </div>
  62. </div>
  63. <script>var media,input,key,value,palette=__md_get("__palette");if(palette&&palette.color){"(prefers-color-scheme)"===palette.color.media&&(media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']"),palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent"));for([key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script>
  64. <label class="md-header__button md-icon" for="__search">
  65. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg>
  66. </label>
  67. <div class="md-search" data-md-component="search" role="dialog">
  68. <label class="md-search__overlay" for="__search"></label>
  69. <div class="md-search__inner" role="search">
  70. <form class="md-search__form" name="search">
  71. <input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
  72. <label class="md-search__icon md-icon" for="__search">
  73. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg>
  74. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12Z"/></svg>
  75. </label>
  76. <nav class="md-search__options" aria-label="Search">
  77. <button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
  78. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41Z"/></svg>
  79. </button>
  80. </nav>
  81. </form>
  82. <div class="md-search__output">
  83. <div class="md-search__scrollwrap" data-md-scrollfix>
  84. <div class="md-search-result" data-md-component="search-result">
  85. <div class="md-search-result__meta">
  86. Initializing search
  87. </div>
  88. <ol class="md-search-result__list" role="presentation"></ol>
  89. </div>
  90. </div>
  91. </div>
  92. </div>
  93. </div>
  94. <div class="md-header__source">
  95. <a href="https://github.com/external-secrets/external-secrets" title="Go to repository" class="md-source" data-md-component="source">
  96. <div class="md-source__icon md-icon">
  97. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.5.1 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2023 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z"/></svg>
  98. </div>
  99. <div class="md-source__repository">
  100. External Secrets Operator
  101. </div>
  102. </a>
  103. </div>
  104. </nav>
  105. </header>
  106. <div class="md-container" data-md-component="container">
  107. <nav class="md-tabs" aria-label="Tabs" data-md-component="tabs">
  108. <div class="md-grid">
  109. <ul class="md-tabs__list">
  110. <li class="md-tabs__item">
  111. <a href="../.." class="md-tabs__link">
  112. Introduction
  113. </a>
  114. </li>
  115. <li class="md-tabs__item">
  116. <a href="../../api/components/" class="md-tabs__link">
  117. API
  118. </a>
  119. </li>
  120. <li class="md-tabs__item md-tabs__item--active">
  121. <a href="../introduction/" class="md-tabs__link">
  122. Guides
  123. </a>
  124. </li>
  125. <li class="md-tabs__item">
  126. <a href="../../provider/aws-secrets-manager/" class="md-tabs__link">
  127. Provider
  128. </a>
  129. </li>
  130. <li class="md-tabs__item">
  131. <a href="../../examples/gitops-using-fluxcd/" class="md-tabs__link">
  132. Examples
  133. </a>
  134. </li>
  135. <li class="md-tabs__item">
  136. <a href="../../contributing/devguide/" class="md-tabs__link">
  137. Community
  138. </a>
  139. </li>
  140. </ul>
  141. </div>
  142. </nav>
  143. <main class="md-main" data-md-component="main">
  144. <div class="md-main__inner md-grid">
  145. <div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
  146. <div class="md-sidebar__scrollwrap">
  147. <div class="md-sidebar__inner">
  148. <nav class="md-nav md-nav--primary md-nav--lifted" aria-label="Navigation" data-md-level="0">
  149. <label class="md-nav__title" for="__drawer">
  150. <a href="../.." title="External Secrets Operator" class="md-nav__button md-logo" aria-label="External Secrets Operator" data-md-component="logo">
  151. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54Z"/></svg>
  152. </a>
  153. External Secrets Operator
  154. </label>
  155. <div class="md-nav__source">
  156. <a href="https://github.com/external-secrets/external-secrets" title="Go to repository" class="md-source" data-md-component="source">
  157. <div class="md-source__icon md-icon">
  158. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.5.1 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2023 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z"/></svg>
  159. </div>
  160. <div class="md-source__repository">
  161. External Secrets Operator
  162. </div>
  163. </a>
  164. </div>
  165. <ul class="md-nav__list" data-md-scrollfix>
  166. <li class="md-nav__item md-nav__item--section md-nav__item--nested">
  167. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_1" >
  168. <div class="md-nav__link md-nav__container">
  169. <a href="../.." class="md-nav__link ">
  170. <span class="md-ellipsis">
  171. Introduction
  172. </span>
  173. </a>
  174. <label class="md-nav__link " for="__nav_1" id="__nav_1_label" tabindex="">
  175. <span class="md-nav__icon md-icon"></span>
  176. </label>
  177. </div>
  178. <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_1_label" aria-expanded="false">
  179. <label class="md-nav__title" for="__nav_1">
  180. <span class="md-nav__icon md-icon"></span>
  181. Introduction
  182. </label>
  183. <ul class="md-nav__list" data-md-scrollfix>
  184. <li class="md-nav__item">
  185. <a href="../../introduction/overview/" class="md-nav__link">
  186. <span class="md-ellipsis">
  187. Overview
  188. </span>
  189. </a>
  190. </li>
  191. <li class="md-nav__item">
  192. <a href="../../introduction/getting-started/" class="md-nav__link">
  193. <span class="md-ellipsis">
  194. Getting started
  195. </span>
  196. </a>
  197. </li>
  198. <li class="md-nav__item">
  199. <a href="../../introduction/faq/" class="md-nav__link">
  200. <span class="md-ellipsis">
  201. FAQ
  202. </span>
  203. </a>
  204. </li>
  205. <li class="md-nav__item">
  206. <a href="../../introduction/stability-support/" class="md-nav__link">
  207. <span class="md-ellipsis">
  208. Stability and Support
  209. </span>
  210. </a>
  211. </li>
  212. <li class="md-nav__item">
  213. <a href="../../introduction/deprecation-policy/" class="md-nav__link">
  214. <span class="md-ellipsis">
  215. Deprecation Policy
  216. </span>
  217. </a>
  218. </li>
  219. </ul>
  220. </nav>
  221. </li>
  222. <li class="md-nav__item md-nav__item--section md-nav__item--nested">
  223. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_2" >
  224. <label class="md-nav__link" for="__nav_2" id="__nav_2_label" tabindex="">
  225. <span class="md-ellipsis">
  226. API
  227. </span>
  228. <span class="md-nav__icon md-icon"></span>
  229. </label>
  230. <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_2_label" aria-expanded="false">
  231. <label class="md-nav__title" for="__nav_2">
  232. <span class="md-nav__icon md-icon"></span>
  233. API
  234. </label>
  235. <ul class="md-nav__list" data-md-scrollfix>
  236. <li class="md-nav__item">
  237. <a href="../../api/components/" class="md-nav__link">
  238. <span class="md-ellipsis">
  239. Components
  240. </span>
  241. </a>
  242. </li>
  243. <li class="md-nav__item md-nav__item--nested">
  244. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_2_2" >
  245. <label class="md-nav__link" for="__nav_2_2" id="__nav_2_2_label" tabindex="0">
  246. <span class="md-ellipsis">
  247. Core Resources
  248. </span>
  249. <span class="md-nav__icon md-icon"></span>
  250. </label>
  251. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_2_2_label" aria-expanded="false">
  252. <label class="md-nav__title" for="__nav_2_2">
  253. <span class="md-nav__icon md-icon"></span>
  254. Core Resources
  255. </label>
  256. <ul class="md-nav__list" data-md-scrollfix>
  257. <li class="md-nav__item">
  258. <a href="../../api/externalsecret/" class="md-nav__link">
  259. <span class="md-ellipsis">
  260. ExternalSecret
  261. </span>
  262. </a>
  263. </li>
  264. <li class="md-nav__item">
  265. <a href="../../api/secretstore/" class="md-nav__link">
  266. <span class="md-ellipsis">
  267. SecretStore
  268. </span>
  269. </a>
  270. </li>
  271. <li class="md-nav__item">
  272. <a href="../../api/clustersecretstore/" class="md-nav__link">
  273. <span class="md-ellipsis">
  274. ClusterSecretStore
  275. </span>
  276. </a>
  277. </li>
  278. <li class="md-nav__item">
  279. <a href="../../api/clusterexternalsecret/" class="md-nav__link">
  280. <span class="md-ellipsis">
  281. ClusterExternalSecret
  282. </span>
  283. </a>
  284. </li>
  285. <li class="md-nav__item">
  286. <a href="../../api/pushsecret/" class="md-nav__link">
  287. <span class="md-ellipsis">
  288. PushSecret
  289. </span>
  290. </a>
  291. </li>
  292. </ul>
  293. </nav>
  294. </li>
  295. <li class="md-nav__item md-nav__item--nested">
  296. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_2_3" >
  297. <div class="md-nav__link md-nav__container">
  298. <a href="../../api/generator/" class="md-nav__link ">
  299. <span class="md-ellipsis">
  300. Generators
  301. </span>
  302. </a>
  303. <label class="md-nav__link " for="__nav_2_3" id="__nav_2_3_label" tabindex="0">
  304. <span class="md-nav__icon md-icon"></span>
  305. </label>
  306. </div>
  307. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_2_3_label" aria-expanded="false">
  308. <label class="md-nav__title" for="__nav_2_3">
  309. <span class="md-nav__icon md-icon"></span>
  310. Generators
  311. </label>
  312. <ul class="md-nav__list" data-md-scrollfix>
  313. <li class="md-nav__item">
  314. <a href="../../api/generator/acr/" class="md-nav__link">
  315. <span class="md-ellipsis">
  316. Azure Container Registry
  317. </span>
  318. </a>
  319. </li>
  320. <li class="md-nav__item">
  321. <a href="../../api/generator/ecr/" class="md-nav__link">
  322. <span class="md-ellipsis">
  323. AWS Elastic Container Registry
  324. </span>
  325. </a>
  326. </li>
  327. <li class="md-nav__item">
  328. <a href="../../api/generator/gcr/" class="md-nav__link">
  329. <span class="md-ellipsis">
  330. Google Container Registry
  331. </span>
  332. </a>
  333. </li>
  334. <li class="md-nav__item">
  335. <a href="../../api/generator/vault/" class="md-nav__link">
  336. <span class="md-ellipsis">
  337. Vault Dynamic Secret
  338. </span>
  339. </a>
  340. </li>
  341. <li class="md-nav__item">
  342. <a href="../../api/generator/password/" class="md-nav__link">
  343. <span class="md-ellipsis">
  344. Password
  345. </span>
  346. </a>
  347. </li>
  348. <li class="md-nav__item">
  349. <a href="../../api/generator/fake/" class="md-nav__link">
  350. <span class="md-ellipsis">
  351. Fake
  352. </span>
  353. </a>
  354. </li>
  355. </ul>
  356. </nav>
  357. </li>
  358. <li class="md-nav__item md-nav__item--nested">
  359. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_2_4" >
  360. <label class="md-nav__link" for="__nav_2_4" id="__nav_2_4_label" tabindex="0">
  361. <span class="md-ellipsis">
  362. Reference Docs
  363. </span>
  364. <span class="md-nav__icon md-icon"></span>
  365. </label>
  366. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_2_4_label" aria-expanded="false">
  367. <label class="md-nav__title" for="__nav_2_4">
  368. <span class="md-nav__icon md-icon"></span>
  369. Reference Docs
  370. </label>
  371. <ul class="md-nav__list" data-md-scrollfix>
  372. <li class="md-nav__item">
  373. <a href="../../api/spec/" class="md-nav__link">
  374. <span class="md-ellipsis">
  375. API specification
  376. </span>
  377. </a>
  378. </li>
  379. <li class="md-nav__item">
  380. <a href="../../api/controller-options/" class="md-nav__link">
  381. <span class="md-ellipsis">
  382. Controller Options
  383. </span>
  384. </a>
  385. </li>
  386. <li class="md-nav__item">
  387. <a href="../../api/metrics/" class="md-nav__link">
  388. <span class="md-ellipsis">
  389. Metrics
  390. </span>
  391. </a>
  392. </li>
  393. </ul>
  394. </nav>
  395. </li>
  396. </ul>
  397. </nav>
  398. </li>
  399. <li class="md-nav__item md-nav__item--active md-nav__item--section md-nav__item--nested">
  400. <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3" checked>
  401. <label class="md-nav__link" for="__nav_3" id="__nav_3_label" tabindex="">
  402. <span class="md-ellipsis">
  403. Guides
  404. </span>
  405. <span class="md-nav__icon md-icon"></span>
  406. </label>
  407. <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_3_label" aria-expanded="true">
  408. <label class="md-nav__title" for="__nav_3">
  409. <span class="md-nav__icon md-icon"></span>
  410. Guides
  411. </label>
  412. <ul class="md-nav__list" data-md-scrollfix>
  413. <li class="md-nav__item">
  414. <a href="../introduction/" class="md-nav__link">
  415. <span class="md-ellipsis">
  416. Introduction
  417. </span>
  418. </a>
  419. </li>
  420. <li class="md-nav__item md-nav__item--active md-nav__item--nested">
  421. <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_2" checked>
  422. <label class="md-nav__link" for="__nav_3_2" id="__nav_3_2_label" tabindex="0">
  423. <span class="md-ellipsis">
  424. External Secrets
  425. </span>
  426. <span class="md-nav__icon md-icon"></span>
  427. </label>
  428. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_2_label" aria-expanded="true">
  429. <label class="md-nav__title" for="__nav_3_2">
  430. <span class="md-nav__icon md-icon"></span>
  431. External Secrets
  432. </label>
  433. <ul class="md-nav__list" data-md-scrollfix>
  434. <li class="md-nav__item">
  435. <a href="../all-keys-one-secret/" class="md-nav__link">
  436. <span class="md-ellipsis">
  437. Extract structured data
  438. </span>
  439. </a>
  440. </li>
  441. <li class="md-nav__item">
  442. <a href="../getallsecrets/" class="md-nav__link">
  443. <span class="md-ellipsis">
  444. Find Secrets by Name or Metadata
  445. </span>
  446. </a>
  447. </li>
  448. <li class="md-nav__item">
  449. <a href="../datafrom-rewrite/" class="md-nav__link">
  450. <span class="md-ellipsis">
  451. Rewriting Keys
  452. </span>
  453. </a>
  454. </li>
  455. <li class="md-nav__item md-nav__item--active md-nav__item--nested">
  456. <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_2_4" checked>
  457. <label class="md-nav__link" for="__nav_3_2_4" id="__nav_3_2_4_label" tabindex="0">
  458. <span class="md-ellipsis">
  459. Advanced Templating
  460. </span>
  461. <span class="md-nav__icon md-icon"></span>
  462. </label>
  463. <nav class="md-nav" data-md-level="3" aria-labelledby="__nav_3_2_4_label" aria-expanded="true">
  464. <label class="md-nav__title" for="__nav_3_2_4">
  465. <span class="md-nav__icon md-icon"></span>
  466. Advanced Templating
  467. </label>
  468. <ul class="md-nav__list" data-md-scrollfix>
  469. <li class="md-nav__item md-nav__item--active">
  470. <input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
  471. <label class="md-nav__link md-nav__link--active" for="__toc">
  472. <span class="md-ellipsis">
  473. v2
  474. </span>
  475. <span class="md-nav__icon md-icon"></span>
  476. </label>
  477. <a href="./" class="md-nav__link md-nav__link--active">
  478. <span class="md-ellipsis">
  479. v2
  480. </span>
  481. </a>
  482. <nav class="md-nav md-nav--secondary" aria-label="Table of contents">
  483. <label class="md-nav__title" for="__toc">
  484. <span class="md-nav__icon md-icon"></span>
  485. Table of contents
  486. </label>
  487. <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
  488. <li class="md-nav__item">
  489. <a href="#helm" class="md-nav__link">
  490. <span class="md-ellipsis">
  491. Helm
  492. </span>
  493. </a>
  494. </li>
  495. <li class="md-nav__item">
  496. <a href="#examples" class="md-nav__link">
  497. <span class="md-ellipsis">
  498. Examples
  499. </span>
  500. </a>
  501. <nav class="md-nav" aria-label="Examples">
  502. <ul class="md-nav__list">
  503. <li class="md-nav__item">
  504. <a href="#mergepolicy" class="md-nav__link">
  505. <span class="md-ellipsis">
  506. MergePolicy
  507. </span>
  508. </a>
  509. </li>
  510. <li class="md-nav__item">
  511. <a href="#templatefrom" class="md-nav__link">
  512. <span class="md-ellipsis">
  513. TemplateFrom
  514. </span>
  515. </a>
  516. </li>
  517. <li class="md-nav__item">
  518. <a href="#extract-keys-and-certificates-from-pkcs12-archive" class="md-nav__link">
  519. <span class="md-ellipsis">
  520. Extract Keys and Certificates from PKCS#12 Archive
  521. </span>
  522. </a>
  523. </li>
  524. <li class="md-nav__item">
  525. <a href="#extract-from-jwk" class="md-nav__link">
  526. <span class="md-ellipsis">
  527. Extract from JWK
  528. </span>
  529. </a>
  530. </li>
  531. <li class="md-nav__item">
  532. <a href="#filter-pem-blocks" class="md-nav__link">
  533. <span class="md-ellipsis">
  534. Filter PEM blocks
  535. </span>
  536. </a>
  537. </li>
  538. </ul>
  539. </nav>
  540. </li>
  541. <li class="md-nav__item">
  542. <a href="#templating-with-pushsecret" class="md-nav__link">
  543. <span class="md-ellipsis">
  544. Templating with PushSecret
  545. </span>
  546. </a>
  547. </li>
  548. <li class="md-nav__item">
  549. <a href="#helper-functions" class="md-nav__link">
  550. <span class="md-ellipsis">
  551. Helper functions
  552. </span>
  553. </a>
  554. </li>
  555. <li class="md-nav__item">
  556. <a href="#migrating-from-v1" class="md-nav__link">
  557. <span class="md-ellipsis">
  558. Migrating from v1
  559. </span>
  560. </a>
  561. <nav class="md-nav" aria-label="Migrating from v1">
  562. <ul class="md-nav__list">
  563. <li class="md-nav__item">
  564. <a href="#functions-removedreplaced" class="md-nav__link">
  565. <span class="md-ellipsis">
  566. Functions removed/replaced
  567. </span>
  568. </a>
  569. </li>
  570. </ul>
  571. </nav>
  572. </li>
  573. </ul>
  574. </nav>
  575. </li>
  576. <li class="md-nav__item">
  577. <a href="../templating-v1/" class="md-nav__link">
  578. <span class="md-ellipsis">
  579. v1
  580. </span>
  581. </a>
  582. </li>
  583. </ul>
  584. </nav>
  585. </li>
  586. <li class="md-nav__item">
  587. <a href="../common-k8s-secret-types/" class="md-nav__link">
  588. <span class="md-ellipsis">
  589. Kubernetes Secret Types
  590. </span>
  591. </a>
  592. </li>
  593. <li class="md-nav__item">
  594. <a href="../ownership-deletion-policy/" class="md-nav__link">
  595. <span class="md-ellipsis">
  596. Lifecycle: ownership & deletion
  597. </span>
  598. </a>
  599. </li>
  600. <li class="md-nav__item">
  601. <a href="../decoding-strategy/" class="md-nav__link">
  602. <span class="md-ellipsis">
  603. Decoding Strategies
  604. </span>
  605. </a>
  606. </li>
  607. <li class="md-nav__item">
  608. <a href="../controller-class/" class="md-nav__link">
  609. <span class="md-ellipsis">
  610. Controller Classes
  611. </span>
  612. </a>
  613. </li>
  614. </ul>
  615. </nav>
  616. </li>
  617. <li class="md-nav__item">
  618. <a href="../generator/" class="md-nav__link">
  619. <span class="md-ellipsis">
  620. Generators
  621. </span>
  622. </a>
  623. </li>
  624. <li class="md-nav__item">
  625. <a href="../pushsecrets/" class="md-nav__link">
  626. <span class="md-ellipsis">
  627. Push Secrets
  628. </span>
  629. </a>
  630. </li>
  631. <li class="md-nav__item md-nav__item--nested">
  632. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_3_5" >
  633. <label class="md-nav__link" for="__nav_3_5" id="__nav_3_5_label" tabindex="0">
  634. <span class="md-ellipsis">
  635. Operations
  636. </span>
  637. <span class="md-nav__icon md-icon"></span>
  638. </label>
  639. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_5_label" aria-expanded="false">
  640. <label class="md-nav__title" for="__nav_3_5">
  641. <span class="md-nav__icon md-icon"></span>
  642. Operations
  643. </label>
  644. <ul class="md-nav__list" data-md-scrollfix>
  645. <li class="md-nav__item">
  646. <a href="../multi-tenancy/" class="md-nav__link">
  647. <span class="md-ellipsis">
  648. Multi Tenancy
  649. </span>
  650. </a>
  651. </li>
  652. <li class="md-nav__item">
  653. <a href="../security-best-practices/" class="md-nav__link">
  654. <span class="md-ellipsis">
  655. Security Best Practices
  656. </span>
  657. </a>
  658. </li>
  659. <li class="md-nav__item">
  660. <a href="../threat-model/" class="md-nav__link">
  661. <span class="md-ellipsis">
  662. Threat Model
  663. </span>
  664. </a>
  665. </li>
  666. <li class="md-nav__item">
  667. <a href="../v1beta1/" class="md-nav__link">
  668. <span class="md-ellipsis">
  669. Upgrading to v1beta1
  670. </span>
  671. </a>
  672. </li>
  673. <li class="md-nav__item">
  674. <a href="../using-latest-image/" class="md-nav__link">
  675. <span class="md-ellipsis">
  676. Using Latest Image
  677. </span>
  678. </a>
  679. </li>
  680. <li class="md-nav__item">
  681. <a href="../disable-cluster-features/" class="md-nav__link">
  682. <span class="md-ellipsis">
  683. Disable Cluster Features
  684. </span>
  685. </a>
  686. </li>
  687. </ul>
  688. </nav>
  689. </li>
  690. </ul>
  691. </nav>
  692. </li>
  693. <li class="md-nav__item md-nav__item--section md-nav__item--nested">
  694. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_4" >
  695. <label class="md-nav__link" for="__nav_4" id="__nav_4_label" tabindex="">
  696. <span class="md-ellipsis">
  697. Provider
  698. </span>
  699. <span class="md-nav__icon md-icon"></span>
  700. </label>
  701. <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_4_label" aria-expanded="false">
  702. <label class="md-nav__title" for="__nav_4">
  703. <span class="md-nav__icon md-icon"></span>
  704. Provider
  705. </label>
  706. <ul class="md-nav__list" data-md-scrollfix>
  707. <li class="md-nav__item">
  708. <a href="../../provider/aws-secrets-manager/" class="md-nav__link">
  709. <span class="md-ellipsis">
  710. AWS Secrets Manager
  711. </span>
  712. </a>
  713. </li>
  714. <li class="md-nav__item">
  715. <a href="../../provider/aws-parameter-store/" class="md-nav__link">
  716. <span class="md-ellipsis">
  717. AWS Parameter Store
  718. </span>
  719. </a>
  720. </li>
  721. <li class="md-nav__item">
  722. <a href="../../provider/azure-key-vault/" class="md-nav__link">
  723. <span class="md-ellipsis">
  724. Azure Key Vault
  725. </span>
  726. </a>
  727. </li>
  728. <li class="md-nav__item">
  729. <a href="../../provider/conjur/" class="md-nav__link">
  730. <span class="md-ellipsis">
  731. CyberArk Conjur
  732. </span>
  733. </a>
  734. </li>
  735. <li class="md-nav__item">
  736. <a href="../../provider/google-secrets-manager/" class="md-nav__link">
  737. <span class="md-ellipsis">
  738. Google Cloud Secret Manager
  739. </span>
  740. </a>
  741. </li>
  742. <li class="md-nav__item">
  743. <a href="../../provider/hashicorp-vault/" class="md-nav__link">
  744. <span class="md-ellipsis">
  745. HashiCorp Vault
  746. </span>
  747. </a>
  748. </li>
  749. <li class="md-nav__item">
  750. <a href="../../provider/kubernetes/" class="md-nav__link">
  751. <span class="md-ellipsis">
  752. Kubernetes
  753. </span>
  754. </a>
  755. </li>
  756. <li class="md-nav__item">
  757. <a href="../../provider/ibm-secrets-manager/" class="md-nav__link">
  758. <span class="md-ellipsis">
  759. IBM Secrets Manager
  760. </span>
  761. </a>
  762. </li>
  763. <li class="md-nav__item">
  764. <a href="../../provider/akeyless/" class="md-nav__link">
  765. <span class="md-ellipsis">
  766. Akeyless
  767. </span>
  768. </a>
  769. </li>
  770. <li class="md-nav__item">
  771. <a href="../../provider/yandex-certificate-manager/" class="md-nav__link">
  772. <span class="md-ellipsis">
  773. Yandex Certificate Manager
  774. </span>
  775. </a>
  776. </li>
  777. <li class="md-nav__item">
  778. <a href="../../provider/yandex-lockbox/" class="md-nav__link">
  779. <span class="md-ellipsis">
  780. Yandex Lockbox
  781. </span>
  782. </a>
  783. </li>
  784. <li class="md-nav__item">
  785. <a href="../../provider/alibaba/" class="md-nav__link">
  786. <span class="md-ellipsis">
  787. Alibaba Cloud
  788. </span>
  789. </a>
  790. </li>
  791. <li class="md-nav__item">
  792. <a href="../../provider/gitlab-variables/" class="md-nav__link">
  793. <span class="md-ellipsis">
  794. GitLab Variables
  795. </span>
  796. </a>
  797. </li>
  798. <li class="md-nav__item">
  799. <a href="../../provider/oracle-vault/" class="md-nav__link">
  800. <span class="md-ellipsis">
  801. Oracle Vault
  802. </span>
  803. </a>
  804. </li>
  805. <li class="md-nav__item">
  806. <a href="../../provider/1password-automation/" class="md-nav__link">
  807. <span class="md-ellipsis">
  808. 1Password Secrets Automation
  809. </span>
  810. </a>
  811. </li>
  812. <li class="md-nav__item">
  813. <a href="../../provider/webhook/" class="md-nav__link">
  814. <span class="md-ellipsis">
  815. Webhook
  816. </span>
  817. </a>
  818. </li>
  819. <li class="md-nav__item">
  820. <a href="../../provider/fake/" class="md-nav__link">
  821. <span class="md-ellipsis">
  822. Fake
  823. </span>
  824. </a>
  825. </li>
  826. <li class="md-nav__item">
  827. <a href="../../provider/senhasegura-dsm/" class="md-nav__link">
  828. <span class="md-ellipsis">
  829. senhasegura DevOps Secrets Management (DSM)
  830. </span>
  831. </a>
  832. </li>
  833. <li class="md-nav__item">
  834. <a href="../../provider/doppler/" class="md-nav__link">
  835. <span class="md-ellipsis">
  836. Doppler
  837. </span>
  838. </a>
  839. </li>
  840. <li class="md-nav__item">
  841. <a href="../../provider/keeper-security/" class="md-nav__link">
  842. <span class="md-ellipsis">
  843. Keeper Security
  844. </span>
  845. </a>
  846. </li>
  847. <li class="md-nav__item">
  848. <a href="../../provider/cloak/" class="md-nav__link">
  849. <span class="md-ellipsis">
  850. Cloak End 2 End Encrypted Secrets
  851. </span>
  852. </a>
  853. </li>
  854. <li class="md-nav__item">
  855. <a href="../../provider/scaleway/" class="md-nav__link">
  856. <span class="md-ellipsis">
  857. Scaleway
  858. </span>
  859. </a>
  860. </li>
  861. <li class="md-nav__item">
  862. <a href="../../provider/delinea/" class="md-nav__link">
  863. <span class="md-ellipsis">
  864. Delinea
  865. </span>
  866. </a>
  867. </li>
  868. </ul>
  869. </nav>
  870. </li>
  871. <li class="md-nav__item md-nav__item--section md-nav__item--nested">
  872. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_5" >
  873. <label class="md-nav__link" for="__nav_5" id="__nav_5_label" tabindex="">
  874. <span class="md-ellipsis">
  875. Examples
  876. </span>
  877. <span class="md-nav__icon md-icon"></span>
  878. </label>
  879. <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_5_label" aria-expanded="false">
  880. <label class="md-nav__title" for="__nav_5">
  881. <span class="md-nav__icon md-icon"></span>
  882. Examples
  883. </label>
  884. <ul class="md-nav__list" data-md-scrollfix>
  885. <li class="md-nav__item">
  886. <a href="../../examples/gitops-using-fluxcd/" class="md-nav__link">
  887. <span class="md-ellipsis">
  888. FluxCD
  889. </span>
  890. </a>
  891. </li>
  892. <li class="md-nav__item">
  893. <a href="../../examples/anchore-engine-credentials/" class="md-nav__link">
  894. <span class="md-ellipsis">
  895. Anchore Engine
  896. </span>
  897. </a>
  898. </li>
  899. <li class="md-nav__item">
  900. <a href="../../examples/jenkins-kubernetes-credentials/" class="md-nav__link">
  901. <span class="md-ellipsis">
  902. Jenkins
  903. </span>
  904. </a>
  905. </li>
  906. <li class="md-nav__item">
  907. <a href="../../examples/bitwarden/" class="md-nav__link">
  908. <span class="md-ellipsis">
  909. BitWarden
  910. </span>
  911. </a>
  912. </li>
  913. </ul>
  914. </nav>
  915. </li>
  916. <li class="md-nav__item md-nav__item--section md-nav__item--nested">
  917. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_6" >
  918. <label class="md-nav__link" for="__nav_6" id="__nav_6_label" tabindex="">
  919. <span class="md-ellipsis">
  920. Community
  921. </span>
  922. <span class="md-nav__icon md-icon"></span>
  923. </label>
  924. <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_6_label" aria-expanded="false">
  925. <label class="md-nav__title" for="__nav_6">
  926. <span class="md-nav__icon md-icon"></span>
  927. Community
  928. </label>
  929. <ul class="md-nav__list" data-md-scrollfix>
  930. <li class="md-nav__item md-nav__item--nested">
  931. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_6_1" >
  932. <label class="md-nav__link" for="__nav_6_1" id="__nav_6_1_label" tabindex="0">
  933. <span class="md-ellipsis">
  934. Contributing
  935. </span>
  936. <span class="md-nav__icon md-icon"></span>
  937. </label>
  938. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_6_1_label" aria-expanded="false">
  939. <label class="md-nav__title" for="__nav_6_1">
  940. <span class="md-nav__icon md-icon"></span>
  941. Contributing
  942. </label>
  943. <ul class="md-nav__list" data-md-scrollfix>
  944. <li class="md-nav__item">
  945. <a href="../../contributing/devguide/" class="md-nav__link">
  946. <span class="md-ellipsis">
  947. Developer guide
  948. </span>
  949. </a>
  950. </li>
  951. <li class="md-nav__item">
  952. <a href="../../contributing/process/" class="md-nav__link">
  953. <span class="md-ellipsis">
  954. Contributing Process
  955. </span>
  956. </a>
  957. </li>
  958. <li class="md-nav__item">
  959. <a href="../../contributing/release/" class="md-nav__link">
  960. <span class="md-ellipsis">
  961. Release Process
  962. </span>
  963. </a>
  964. </li>
  965. <li class="md-nav__item">
  966. <a href="../../contributing/coc/" class="md-nav__link">
  967. <span class="md-ellipsis">
  968. Code of Conduct
  969. </span>
  970. </a>
  971. </li>
  972. <li class="md-nav__item">
  973. <a href="../../contributing/roadmap/" class="md-nav__link">
  974. <span class="md-ellipsis">
  975. Roadmap
  976. </span>
  977. </a>
  978. </li>
  979. </ul>
  980. </nav>
  981. </li>
  982. <li class="md-nav__item md-nav__item--nested">
  983. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_6_2" >
  984. <label class="md-nav__link" for="__nav_6_2" id="__nav_6_2_label" tabindex="0">
  985. <span class="md-ellipsis">
  986. External Resources
  987. </span>
  988. <span class="md-nav__icon md-icon"></span>
  989. </label>
  990. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_6_2_label" aria-expanded="false">
  991. <label class="md-nav__title" for="__nav_6_2">
  992. <span class="md-nav__icon md-icon"></span>
  993. External Resources
  994. </label>
  995. <ul class="md-nav__list" data-md-scrollfix>
  996. <li class="md-nav__item">
  997. <a href="../../eso-talks/" class="md-nav__link">
  998. <span class="md-ellipsis">
  999. Talks
  1000. </span>
  1001. </a>
  1002. </li>
  1003. <li class="md-nav__item">
  1004. <a href="../../eso-demos/" class="md-nav__link">
  1005. <span class="md-ellipsis">
  1006. Demos
  1007. </span>
  1008. </a>
  1009. </li>
  1010. <li class="md-nav__item">
  1011. <a href="../../eso-blogs/" class="md-nav__link">
  1012. <span class="md-ellipsis">
  1013. Blogs
  1014. </span>
  1015. </a>
  1016. </li>
  1017. </ul>
  1018. </nav>
  1019. </li>
  1020. </ul>
  1021. </nav>
  1022. </li>
  1023. </ul>
  1024. </nav>
  1025. </div>
  1026. </div>
  1027. </div>
  1028. <div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
  1029. <div class="md-sidebar__scrollwrap">
  1030. <div class="md-sidebar__inner">
  1031. <nav class="md-nav md-nav--secondary" aria-label="Table of contents">
  1032. <label class="md-nav__title" for="__toc">
  1033. <span class="md-nav__icon md-icon"></span>
  1034. Table of contents
  1035. </label>
  1036. <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
  1037. <li class="md-nav__item">
  1038. <a href="#helm" class="md-nav__link">
  1039. <span class="md-ellipsis">
  1040. Helm
  1041. </span>
  1042. </a>
  1043. </li>
  1044. <li class="md-nav__item">
  1045. <a href="#examples" class="md-nav__link">
  1046. <span class="md-ellipsis">
  1047. Examples
  1048. </span>
  1049. </a>
  1050. <nav class="md-nav" aria-label="Examples">
  1051. <ul class="md-nav__list">
  1052. <li class="md-nav__item">
  1053. <a href="#mergepolicy" class="md-nav__link">
  1054. <span class="md-ellipsis">
  1055. MergePolicy
  1056. </span>
  1057. </a>
  1058. </li>
  1059. <li class="md-nav__item">
  1060. <a href="#templatefrom" class="md-nav__link">
  1061. <span class="md-ellipsis">
  1062. TemplateFrom
  1063. </span>
  1064. </a>
  1065. </li>
  1066. <li class="md-nav__item">
  1067. <a href="#extract-keys-and-certificates-from-pkcs12-archive" class="md-nav__link">
  1068. <span class="md-ellipsis">
  1069. Extract Keys and Certificates from PKCS#12 Archive
  1070. </span>
  1071. </a>
  1072. </li>
  1073. <li class="md-nav__item">
  1074. <a href="#extract-from-jwk" class="md-nav__link">
  1075. <span class="md-ellipsis">
  1076. Extract from JWK
  1077. </span>
  1078. </a>
  1079. </li>
  1080. <li class="md-nav__item">
  1081. <a href="#filter-pem-blocks" class="md-nav__link">
  1082. <span class="md-ellipsis">
  1083. Filter PEM blocks
  1084. </span>
  1085. </a>
  1086. </li>
  1087. </ul>
  1088. </nav>
  1089. </li>
  1090. <li class="md-nav__item">
  1091. <a href="#templating-with-pushsecret" class="md-nav__link">
  1092. <span class="md-ellipsis">
  1093. Templating with PushSecret
  1094. </span>
  1095. </a>
  1096. </li>
  1097. <li class="md-nav__item">
  1098. <a href="#helper-functions" class="md-nav__link">
  1099. <span class="md-ellipsis">
  1100. Helper functions
  1101. </span>
  1102. </a>
  1103. </li>
  1104. <li class="md-nav__item">
  1105. <a href="#migrating-from-v1" class="md-nav__link">
  1106. <span class="md-ellipsis">
  1107. Migrating from v1
  1108. </span>
  1109. </a>
  1110. <nav class="md-nav" aria-label="Migrating from v1">
  1111. <ul class="md-nav__list">
  1112. <li class="md-nav__item">
  1113. <a href="#functions-removedreplaced" class="md-nav__link">
  1114. <span class="md-ellipsis">
  1115. Functions removed/replaced
  1116. </span>
  1117. </a>
  1118. </li>
  1119. </ul>
  1120. </nav>
  1121. </li>
  1122. </ul>
  1123. </nav>
  1124. </div>
  1125. </div>
  1126. </div>
  1127. <div class="md-content" data-md-component="content">
  1128. <article class="md-content__inner md-typeset">
  1129. <h1 id="advanced-templating-v2">Advanced Templating v2</h1>
  1130. <p>With External Secrets Operator you can transform the data from the external secret provider before it is stored as <code>Kind=Secret</code>. You can do this with the <code>Spec.Target.Template</code>. Each data value is interpreted as a <a href="https://golang.org/pkg/text/template/">golang template</a>.</p>
  1131. <div class="admonition note">
  1132. <p class="admonition-title">Note</p>
  1133. <p>Consider using camelcase when defining <strong>.'spec.data.secretkey'</strong>, example: serviceAccountToken</p>
  1134. <p>If your secret keys contain <strong><code>-</code> (dashes)</strong>, you will need to reference them using <strong><code>index</code></strong> </br>
  1135. Example: <strong><code>\{\{ index .data "service-account-token" \}\}</code></strong></p>
  1136. </div>
  1137. <h2 id="helm">Helm</h2>
  1138. <p>When installing ExternalSecrets via <code>helm</code>, the template must be escaped so that <code>helm</code> will not try to render it. The most straightforward way to accomplish this would be to use backticks (<a href="https://pkg.go.dev/text/template#hdr-Examples">raw string constants</a>):</p>
  1139. <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span>
  1140. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
  1141. <span class="nt">metadata</span><span class="p">:</span>
  1142. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">template</span>
  1143. <span class="nt">spec</span><span class="p">:</span>
  1144. <span class="w"> </span><span class="c1"># ...</span>
  1145. <span class="w"> </span><span class="nt">target</span><span class="p">:</span>
  1146. <span class="w"> </span><span class="nt">template</span><span class="p">:</span>
  1147. <span class="w"> </span><span class="nt">engineVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v2</span>
  1148. <span class="w"> </span><span class="nt">data</span><span class="p">:</span>
  1149. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">admin</span>
  1150. <span class="w"> </span><span class="c1"># password: &quot;{{ .mysecret }}&quot; # If you are using plain manifests or gitops tools</span>
  1151. <span class="w"> </span><span class="nt">password</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">`{{</span><span class="nv"> </span><span class="s">.mysecret</span><span class="nv"> </span><span class="s">}}`</span><span class="nv"> </span><span class="s">}}&quot;</span><span class="w"> </span><span class="c1"># If you are using helm</span>
  1152. <span class="w"> </span><span class="nt">data</span><span class="p">:</span>
  1153. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">mysecret</span>
  1154. <span class="w"> </span><span class="nt">remoteRef</span><span class="p">:</span>
  1155. <span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/credentials</span>
  1156. </code></pre></div>
  1157. <h2 id="examples">Examples</h2>
  1158. <p>You can use templates to inject your secrets into a configuration file that you mount into your pod:</p>
  1159. <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span>
  1160. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
  1161. <span class="nt">metadata</span><span class="p">:</span>
  1162. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">template</span>
  1163. <span class="nt">spec</span><span class="p">:</span>
  1164. <span class="w"> </span><span class="c1"># ...</span>
  1165. <span class="w"> </span><span class="nt">target</span><span class="p">:</span>
  1166. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret-to-be-created</span>
  1167. <span class="w"> </span><span class="c1"># this is how the Kind=Secret will look like</span>
  1168. <span class="w"> </span><span class="nt">template</span><span class="p">:</span>
  1169. <span class="w"> </span><span class="nt">engineVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v2</span>
  1170. <span class="w"> </span><span class="nt">data</span><span class="p">:</span>
  1171. <span class="w"> </span><span class="c1"># multiline string</span>
  1172. <span class="w"> </span><span class="nt">config</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">|</span>
  1173. <span class="w"> </span><span class="no">datasources:</span>
  1174. <span class="w"> </span><span class="no">- name: Graphite</span>
  1175. <span class="w"> </span><span class="no">type: graphite</span>
  1176. <span class="w"> </span><span class="no">access: proxy</span>
  1177. <span class="w"> </span><span class="no">url: http://localhost:8080</span>
  1178. <span class="w"> </span><span class="no">password: &quot;{{ .password }}&quot;</span>
  1179. <span class="w"> </span><span class="no">user: &quot;{{ .user }}&quot;</span>
  1180. <span class="w"> </span><span class="c1"># using replace function to rewrite secret</span>
  1181. <span class="w"> </span><span class="nt">connection</span><span class="p">:</span><span class="w"> </span><span class="s">&#39;{{</span><span class="nv"> </span><span class="s">.dburl</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">replace</span><span class="nv"> </span><span class="s">&quot;postgres://&quot;</span><span class="nv"> </span><span class="s">&quot;postgresql://&quot;</span><span class="nv"> </span><span class="s">}}&#39;</span>
  1182. <span class="w"> </span><span class="nt">data</span><span class="p">:</span>
  1183. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">user</span>
  1184. <span class="w"> </span><span class="nt">remoteRef</span><span class="p">:</span>
  1185. <span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/grafana/user</span>
  1186. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">password</span>
  1187. <span class="w"> </span><span class="nt">remoteRef</span><span class="p">:</span>
  1188. <span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/grafana/password</span>
  1189. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">dburl</span>
  1190. <span class="w"> </span><span class="nt">remoteRef</span><span class="p">:</span>
  1191. <span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/database/url</span>
  1192. </code></pre></div>
  1193. <p>Another example with two keys in the same secret:</p>
  1194. <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span>
  1195. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
  1196. <span class="nt">metadata</span><span class="p">:</span>
  1197. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">template</span>
  1198. <span class="nt">spec</span><span class="p">:</span>
  1199. <span class="w"> </span><span class="c1"># ...</span>
  1200. <span class="w"> </span><span class="nt">target</span><span class="p">:</span>
  1201. <span class="w"> </span><span class="nt">template</span><span class="p">:</span>
  1202. <span class="w"> </span><span class="nt">engineVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v2</span>
  1203. <span class="w"> </span><span class="nt">data</span><span class="p">:</span>
  1204. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">admin</span>
  1205. <span class="w"> </span><span class="nt">password</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">.mysecret</span><span class="nv"> </span><span class="s">}}&quot;</span><span class="w"> </span><span class="c1"># If you are using plain manifests or gitops tools</span>
  1206. <span class="w"> </span><span class="c1"># password: &quot;{{ `{{ .mysecret }}` }}&quot; # If you are using templated tools like helm</span>
  1207. <span class="w"> </span><span class="nt">data</span><span class="p">:</span>
  1208. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">mysecret</span>
  1209. <span class="w"> </span><span class="nt">remoteRef</span><span class="p">:</span>
  1210. <span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/credentials</span>
  1211. </code></pre></div>
  1212. <h3 id="mergepolicy">MergePolicy</h3>
  1213. <p>By default, the templating mechanism will not use any information available from the original <code>data</code> and <code>dataFrom</code> queries to the provider, and only keep the templated information. It is possible to change this behavior through the use of the <code>mergePolicy</code> field. <code>mergePolicy</code> currently accepts two values: <code>Replace</code> (the default) and <code>Merge</code>. When using <code>Merge</code>, <code>data</code> and <code>dataFrom</code> keys will also be embedded into the templated secret, having lower priority than the template outcome. See the example for more information:</p>
  1214. <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span>
  1215. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
  1216. <span class="nt">metadata</span><span class="p">:</span>
  1217. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">template</span>
  1218. <span class="nt">spec</span><span class="p">:</span>
  1219. <span class="w"> </span><span class="c1"># ...</span>
  1220. <span class="w"> </span><span class="nt">target</span><span class="p">:</span>
  1221. <span class="w"> </span><span class="nt">template</span><span class="p">:</span>
  1222. <span class="w"> </span><span class="nt">mergePolicy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Merge</span>
  1223. <span class="w"> </span><span class="nt">engineVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v2</span>
  1224. <span class="w"> </span><span class="nt">data</span><span class="p">:</span>
  1225. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">admin</span>
  1226. <span class="w"> </span><span class="nt">password</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">.password</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">b64dec</span><span class="nv"> </span><span class="s">}}&quot;</span><span class="w"> </span><span class="c1"># Overwrites the password from the data call and use this output</span>
  1227. <span class="w"> </span><span class="nt">data</span><span class="p">:</span>
  1228. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">password</span>
  1229. <span class="w"> </span><span class="nt">remoteRef</span><span class="p">:</span>
  1230. <span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/credentials/password</span>
  1231. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">username</span><span class="w"> </span><span class="c1"># Preserves the username in the templated Secret</span>
  1232. <span class="w"> </span><span class="nt">remoteRef</span><span class="p">:</span>
  1233. <span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/credentials/username</span>
  1234. </code></pre></div>
  1235. <h3 id="templatefrom">TemplateFrom</h3>
  1236. <p>You do not have to define your templates inline in an ExternalSecret but you can pull <code>ConfigMaps</code> or other Secrets that contain a template. Consider the following example:</p>
  1237. <div class="highlight"><pre><span></span><code><span class="c1"># define your template in a config map</span>
  1238. <span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v1</span>
  1239. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ConfigMap</span>
  1240. <span class="nt">metadata</span><span class="p">:</span>
  1241. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">grafana-config-tpl</span>
  1242. <span class="nt">data</span><span class="p">:</span>
  1243. <span class="w"> </span><span class="nt">config.yaml</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">|</span>
  1244. <span class="w"> </span><span class="no">datasources:</span>
  1245. <span class="w"> </span><span class="no">- name: Graphite</span>
  1246. <span class="w"> </span><span class="no">type: graphite</span>
  1247. <span class="w"> </span><span class="no">access: proxy</span>
  1248. <span class="w"> </span><span class="no">url: &quot;{{ .uri }}&quot;</span>
  1249. <span class="w"> </span><span class="no">password: &quot;{{ .password }}&quot;</span>
  1250. <span class="w"> </span><span class="no">user: &quot;{{ .user }}&quot;</span>
  1251. <span class="w"> </span><span class="nt">templated</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">|</span>
  1252. <span class="w"> </span><span class="no"># key and value templated</span>
  1253. <span class="w"> </span><span class="no">my-application-{{ .user}}: {{ .password | b64enc }}</span>
  1254. <span class="w"> </span><span class="no"># conditional keys</span>
  1255. <span class="w"> </span><span class="no">{{- if hasPrefix &quot;oci://&quot; .uri }}</span>
  1256. <span class="w"> </span><span class="no">enableOCI: true</span>
  1257. <span class="w"> </span><span class="no">{{- else }}</span>
  1258. <span class="w"> </span><span class="no">enableOCI: false</span>
  1259. <span class="w"> </span><span class="no">{{- end }}</span>
  1260. <span class="w"> </span><span class="no"># Fixed values</span>
  1261. <span class="w"> </span><span class="no">application-type: grafana</span>
  1262. <span class="w"> </span><span class="nt">annotations</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">|</span>
  1263. <span class="w"> </span><span class="no">#dynamic timestamp generation</span>
  1264. <span class="w"> </span><span class="no">last-synced-for-user/{{ .user }}: {{ now }}</span>
  1265. <span class="nn">---</span>
  1266. <span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span>
  1267. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
  1268. <span class="nt">metadata</span><span class="p">:</span>
  1269. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-template-example</span>
  1270. <span class="nt">spec</span><span class="p">:</span>
  1271. <span class="w"> </span><span class="c1"># ...</span>
  1272. <span class="w"> </span><span class="nt">target</span><span class="p">:</span>
  1273. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret-to-be-created</span>
  1274. <span class="w"> </span><span class="nt">template</span><span class="p">:</span>
  1275. <span class="w"> </span><span class="nt">engineVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v2</span>
  1276. <span class="w"> </span><span class="nt">templateFrom</span><span class="p">:</span>
  1277. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">target</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Data</span>
  1278. <span class="w"> </span><span class="nt">configMap</span><span class="p">:</span>
  1279. <span class="w"> </span><span class="c1"># name of the configmap to pull in</span>
  1280. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">grafana-config-tpl</span>
  1281. <span class="w"> </span><span class="c1"># here you define the keys that should be used as template</span>
  1282. <span class="w"> </span><span class="nt">items</span><span class="p">:</span>
  1283. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">config.yaml</span>
  1284. <span class="w"> </span><span class="nt">templateAs</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Values</span>
  1285. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">templated</span>
  1286. <span class="w"> </span><span class="nt">templateAs</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">KeysAndValues</span>
  1287. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">target</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Annotations</span>
  1288. <span class="w"> </span><span class="nt">configMap</span><span class="p">:</span>
  1289. <span class="w"> </span><span class="c1"># name of the configmap to pull in</span>
  1290. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">grafana-config-tpl</span>
  1291. <span class="w"> </span><span class="c1"># here you define the keys that should be used as template</span>
  1292. <span class="w"> </span><span class="nt">items</span><span class="p">:</span>
  1293. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">annotations</span>
  1294. <span class="w"> </span><span class="nt">templateAs</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">KeysAndValues</span>
  1295. <span class="w"> </span><span class="nt">data</span><span class="p">:</span>
  1296. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">user</span>
  1297. <span class="w"> </span><span class="nt">remoteRef</span><span class="p">:</span>
  1298. <span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/grafana/user</span>
  1299. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">password</span>
  1300. <span class="w"> </span><span class="nt">remoteRef</span><span class="p">:</span>
  1301. <span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/grafana/password</span>
  1302. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">uri</span>
  1303. <span class="w"> </span><span class="nt">remoteRef</span><span class="p">:</span>
  1304. <span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/grafana/uri</span>
  1305. </code></pre></div>
  1306. <p><code>TemplateFrom</code> also gives you the ability to Target your template to the Secret's Annotations, Labels or the Data block. It also allows you to render the templated information as <code>Values</code> or as <code>KeysAndValues</code> through the <code>templateAs</code> configuration:</p>
  1307. <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span>
  1308. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
  1309. <span class="nt">metadata</span><span class="p">:</span>
  1310. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-template-example</span>
  1311. <span class="nt">spec</span><span class="p">:</span>
  1312. <span class="w"> </span><span class="c1"># ...</span>
  1313. <span class="w"> </span><span class="nt">target</span><span class="p">:</span>
  1314. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret-to-be-created</span>
  1315. <span class="w"> </span><span class="nt">template</span><span class="p">:</span>
  1316. <span class="w"> </span><span class="nt">engineVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v2</span>
  1317. <span class="w"> </span><span class="nt">templateFrom</span><span class="p">:</span>
  1318. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">target</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Annotations</span>
  1319. <span class="w"> </span><span class="nt">literal</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;last-sync-for-user/{{</span><span class="nv"> </span><span class="s">.user</span><span class="nv"> </span><span class="s">}}:</span><span class="nv"> </span><span class="s">{{</span><span class="nv"> </span><span class="s">.now</span><span class="nv"> </span><span class="s">}}&quot;</span>
  1320. <span class="w"> </span><span class="nt">data</span><span class="p">:</span>
  1321. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">user</span>
  1322. <span class="w"> </span><span class="nt">remoteRef</span><span class="p">:</span>
  1323. <span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/grafana/user</span>
  1324. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">password</span>
  1325. <span class="w"> </span><span class="nt">remoteRef</span><span class="p">:</span>
  1326. <span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/grafana/password</span>
  1327. </code></pre></div>
  1328. <p>Lastly, <code>TemplateFrom</code> also supports adding <code>Literal</code> blocks for quick templating. These <code>Literal</code> blocks differ from <code>Template.Data</code> as they are rendered as a a <code>key:value</code> pair (while the <code>Template.Data</code>, you can only template the value).</p>
  1329. <p>See an example, how to produce a <code>htpasswd</code> file that can be used by an ingress-controller (for example: https://kubernetes.github.io/ingress-nginx/examples/auth/basic/) where the contents of the <code>htpasswd</code> file needs to be presented via the <code>auth</code> key. We use the <code>htpasswd</code> function to create a <code>bcrytped</code> hash of the password.</p>
  1330. <p>Suppose you have multiple key-value pairs within your provider secret like</p>
  1331. <div class="highlight"><pre><span></span><code><span class="p">{</span>
  1332. <span class="w"> </span><span class="nt">&quot;user1&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;password1&quot;</span><span class="p">,</span>
  1333. <span class="w"> </span><span class="nt">&quot;user2&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;password2&quot;</span><span class="p">,</span>
  1334. <span class="w"> </span><span class="err">...</span>
  1335. <span class="p">}</span>
  1336. </code></pre></div>
  1337. <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span>
  1338. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
  1339. <span class="nt">metadata</span><span class="p">:</span>
  1340. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-template-example</span>
  1341. <span class="nt">spec</span><span class="p">:</span>
  1342. <span class="w"> </span><span class="c1"># ...</span>
  1343. <span class="w"> </span><span class="nt">target</span><span class="p">:</span>
  1344. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret-to-be-created</span>
  1345. <span class="w"> </span><span class="nt">template</span><span class="p">:</span>
  1346. <span class="w"> </span><span class="nt">engineVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v2</span>
  1347. <span class="w"> </span><span class="nt">templateFrom</span><span class="p">:</span>
  1348. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">target</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Data</span>
  1349. <span class="w"> </span><span class="nt">literal</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">|-</span>
  1350. <span class="w"> </span><span class="no">{{- $creds := list }}</span>
  1351. <span class="w"> </span><span class="no">{{- range $user, $pw := . }}</span>
  1352. <span class="w"> </span><span class="no">{{- $creds = append $creds (printf &quot;%s&quot; (htpasswd $user $pw)) }}</span>
  1353. <span class="w"> </span><span class="no">{{- end }}</span>
  1354. <span class="w"> </span><span class="no">auth: {{ $creds | join &quot;\n&quot; | quote }}</span>
  1355. <span class="w"> </span><span class="nt">dataFrom</span><span class="p">:</span>
  1356. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">extract</span><span class="p">:</span>
  1357. <span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/ingress-controller/valid-users</span>
  1358. </code></pre></div>
  1359. <h3 id="extract-keys-and-certificates-from-pkcs12-archive">Extract Keys and Certificates from PKCS#12 Archive</h3>
  1360. <p>You can use pre-defined functions to extract data from your secrets. Here: extract keys and certificates from a PKCS#12 archive and store it as PEM.</p>
  1361. <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span>
  1362. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
  1363. <span class="nt">metadata</span><span class="p">:</span>
  1364. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">template</span>
  1365. <span class="nt">spec</span><span class="p">:</span>
  1366. <span class="w"> </span><span class="c1"># ...</span>
  1367. <span class="w"> </span><span class="nt">target</span><span class="p">:</span>
  1368. <span class="w"> </span><span class="nt">template</span><span class="p">:</span>
  1369. <span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">kubernetes.io/tls</span>
  1370. <span class="w"> </span><span class="nt">engineVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v2</span>
  1371. <span class="w"> </span><span class="nt">data</span><span class="p">:</span>
  1372. <span class="w"> </span><span class="nt">tls.crt</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">.mysecret</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">pkcs12cert</span><span class="nv"> </span><span class="s">}}&quot;</span>
  1373. <span class="w"> </span><span class="nt">tls.key</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">.mysecret</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">pkcs12key</span><span class="nv"> </span><span class="s">}}&quot;</span>
  1374. <span class="w"> </span><span class="c1"># if needed unlock the pkcs12 with the password</span>
  1375. <span class="w"> </span><span class="nt">tls.crt</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">.mysecret</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">pkcs12certPass</span><span class="nv"> </span><span class="s">&quot;</span><span class="l l-Scalar l-Scalar-Plain">my-password&quot; }}&quot;</span>
  1376. </code></pre></div>
  1377. <h3 id="extract-from-jwk">Extract from JWK</h3>
  1378. <p>You can extract the public or private key parts of a JWK and use them as <a href="https://pkg.go.dev/crypto/x509#ParsePKCS8PrivateKey">PKCS#8</a> private key or PEM-encoded <a href="https://pkg.go.dev/crypto/x509#MarshalPKIXPublicKey">PKIX</a> public key.</p>
  1379. <p>A JWK looks similar to this:</p>
  1380. <div class="highlight"><pre><span></span><code><span class="p">{</span>
  1381. <span class="w"> </span><span class="nt">&quot;kty&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;RSA&quot;</span><span class="p">,</span>
  1382. <span class="w"> </span><span class="nt">&quot;kid&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;cc34c0a0-bd5a-4a3c-a50d-a2a7db7643df&quot;</span><span class="p">,</span>
  1383. <span class="w"> </span><span class="nt">&quot;use&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;sig&quot;</span><span class="p">,</span>
  1384. <span class="w"> </span><span class="nt">&quot;n&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;pjdss...&quot;</span><span class="p">,</span>
  1385. <span class="w"> </span><span class="nt">&quot;e&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;AQAB&quot;</span>
  1386. <span class="w"> </span><span class="c1">// ...</span>
  1387. <span class="p">}</span>
  1388. </code></pre></div>
  1389. <p>And what you want may be a PEM-encoded public or private key portion of it. Take a look at this example on how to transform it into the desired format:</p>
  1390. <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span>
  1391. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
  1392. <span class="nt">metadata</span><span class="p">:</span>
  1393. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">template</span>
  1394. <span class="nt">spec</span><span class="p">:</span>
  1395. <span class="w"> </span><span class="c1"># ...</span>
  1396. <span class="w"> </span><span class="nt">target</span><span class="p">:</span>
  1397. <span class="w"> </span><span class="nt">template</span><span class="p">:</span>
  1398. <span class="w"> </span><span class="nt">engineVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v2</span>
  1399. <span class="w"> </span><span class="nt">data</span><span class="p">:</span>
  1400. <span class="w"> </span><span class="c1"># .myjwk is a json-encoded JWK string.</span>
  1401. <span class="w"> </span><span class="c1">#</span>
  1402. <span class="w"> </span><span class="c1"># this template will produce for jwk_pub a PEM encoded public key:</span>
  1403. <span class="w"> </span><span class="c1"># -----BEGIN PUBLIC KEY-----</span>
  1404. <span class="w"> </span><span class="c1"># MIIBI...</span>
  1405. <span class="w"> </span><span class="c1"># ...</span>
  1406. <span class="w"> </span><span class="c1"># ...AQAB</span>
  1407. <span class="w"> </span><span class="c1"># -----END PUBLIC KEY-----</span>
  1408. <span class="w"> </span><span class="nt">jwk_pub</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">.myjwk</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">jwkPublicKeyPem</span><span class="nv"> </span><span class="s">}}&quot;</span>
  1409. <span class="w"> </span><span class="c1"># private key is a pem-encoded PKCS#8 private key</span>
  1410. <span class="w"> </span><span class="nt">jwk_priv</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">.myjwk</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">jwkPrivateKeyPem</span><span class="nv"> </span><span class="s">}}&quot;</span>
  1411. </code></pre></div>
  1412. <h3 id="filter-pem-blocks">Filter PEM blocks</h3>
  1413. <p>Consider you have a secret that contains both a certificate and a private key encoded in PEM format and it is your goal to use only the certificate from that secret.</p>
  1414. <div class="highlight"><pre><span></span><code>-----BEGIN PRIVATE KEY-----
  1415. MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCvxGZOW4IXvGlh
  1416. . . .
  1417. m8JCpbJXDfSSVxKHgK1Siw4K6pnTsIA2e/Z+Ha2fvtocERjq7VQMAJFaIZSTKo9Q
  1418. JwwY+vj0yxWjyzHUzZB33tg=
  1419. -----END PRIVATE KEY-----
  1420. -----BEGIN CERTIFICATE-----
  1421. MIIDMDCCAhigAwIBAgIQabPaXuZCQaCg+eQAVptGGDANBgkqhkiG9w0BAQsFADAV
  1422. . . .
  1423. NtFUGA95RGN9s+pl6XY0YARPHf5O76ErC1OZtDTR5RdyQfcM+94gYZsexsXl0aQO
  1424. 9YD3Wg==
  1425. -----END CERTIFICATE-----
  1426. </code></pre></div>
  1427. <p>You can achieve that by using the <code>filterPEM</code> function to extract a specific type of PEM block from that secret. If multiple blocks of that type (here: <code>CERTIFICATE</code>) exist, all of them are returned in the order specified. To extract a specific type of PEM block, pass the type as a string argument to the filterPEM function. Take a look at this example of how to transform a secret which contains a private key and a certificate into the desired format:</p>
  1428. <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span>
  1429. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
  1430. <span class="nt">metadata</span><span class="p">:</span>
  1431. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">template</span>
  1432. <span class="nt">spec</span><span class="p">:</span>
  1433. <span class="w"> </span><span class="c1"># ...</span>
  1434. <span class="w"> </span><span class="nt">target</span><span class="p">:</span>
  1435. <span class="w"> </span><span class="nt">template</span><span class="p">:</span>
  1436. <span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">kubernetes.io/tls</span>
  1437. <span class="w"> </span><span class="nt">engineVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v2</span>
  1438. <span class="w"> </span><span class="nt">data</span><span class="p">:</span>
  1439. <span class="w"> </span><span class="nt">tls.crt</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">.mysecret</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">filterPEM</span><span class="nv"> </span><span class="s">&quot;</span><span class="l l-Scalar l-Scalar-Plain">CERTIFICATE&quot; }}&quot;</span>
  1440. <span class="w"> </span><span class="nt">tls.key</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">.mysecret</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">filterPEM</span><span class="nv"> </span><span class="s">&quot;</span><span class="l l-Scalar l-Scalar-Plain">PRIVATE KEY&quot; }}&quot;</span>
  1441. </code></pre></div>
  1442. <h2 id="templating-with-pushsecret">Templating with PushSecret</h2>
  1443. <p><code>PushSecret</code> templating is much like <code>ExternalSecrets</code> templating. In-fact under the hood, it's using the same data structure.
  1444. Which means, anything described in the above should be possible with push secret as well resulting in a templated secret
  1445. created at the provider.</p>
  1446. <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span>
  1447. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">PushSecret</span>
  1448. <span class="nt">metadata</span><span class="p">:</span>
  1449. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">template</span>
  1450. <span class="nt">spec</span><span class="p">:</span>
  1451. <span class="w"> </span><span class="c1"># ...</span>
  1452. <span class="w"> </span><span class="nt">template</span><span class="p">:</span>
  1453. <span class="w"> </span><span class="nt">engineVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v2</span>
  1454. <span class="w"> </span><span class="nt">data</span><span class="p">:</span>
  1455. <span class="w"> </span><span class="nt">token</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">.token</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">toString</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">upper</span><span class="nv"> </span><span class="s">}}</span><span class="nv"> </span><span class="s">was</span><span class="nv"> </span><span class="s">templated&quot;</span>
  1456. <span class="w"> </span><span class="nt">data</span><span class="p">:</span>
  1457. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">match</span><span class="p">:</span>
  1458. <span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">token</span>
  1459. <span class="w"> </span><span class="nt">remoteRef</span><span class="p">:</span>
  1460. <span class="w"> </span><span class="nt">remoteKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">create-secret-name</span>
  1461. <span class="w"> </span><span class="nt">property</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">token</span>
  1462. </code></pre></div>
  1463. <h2 id="helper-functions">Helper functions</h2>
  1464. <div class="admonition info inline end">
  1465. <p class="admonition-title">Info</p>
  1466. <p>Note: we removed <code>env</code> and <code>expandenv</code> from sprig functions for security reasons.</p>
  1467. </div>
  1468. <p>We provide a couple of convenience functions that help you transform your secrets. This is useful when dealing with PKCS#12 archives or JSON Web Keys (JWK).</p>
  1469. <p>In addition to that you can use over 200+ <a href="http://masterminds.github.io/sprig/">sprig functions</a>. If you feel a function is missing or might be valuable feel free to open an issue and submit a <a href="../../contributing/process/#submitting-a-pull-request">pull request</a>.</p>
  1470. <p><br/></p>
  1471. <table>
  1472. <thead>
  1473. <tr>
  1474. <th>Function</th>
  1475. <th>Description</th>
  1476. </tr>
  1477. </thead>
  1478. <tbody>
  1479. <tr>
  1480. <td>pkcs12key</td>
  1481. <td>Extracts all private keys from a PKCS#12 archive and encodes them in <strong>PKCS#8 PEM</strong> format.</td>
  1482. </tr>
  1483. <tr>
  1484. <td>pkcs12keyPass</td>
  1485. <td>Same as <code>pkcs12key</code>. Uses the provided password to decrypt the PKCS#12 archive.</td>
  1486. </tr>
  1487. <tr>
  1488. <td>pkcs12cert</td>
  1489. <td>Extracts all certificates from a PKCS#12 archive and orders them if possible. If disjunct or multiple leaf certs are provided they are returned as-is. <br/> Sort order: <code>leaf / intermediate(s) / root</code>.</td>
  1490. </tr>
  1491. <tr>
  1492. <td>pkcs12certPass</td>
  1493. <td>Same as <code>pkcs12cert</code>. Uses the provided password to decrypt the PKCS#12 archive.</td>
  1494. </tr>
  1495. <tr>
  1496. <td>filterPEM</td>
  1497. <td>Filters PEM blocks with a specific type from a list of PEM blocks.</td>
  1498. </tr>
  1499. <tr>
  1500. <td>jwkPublicKeyPem</td>
  1501. <td>Takes an json-serialized JWK and returns an PEM block of type <code>PUBLIC KEY</code> that contains the public key. <a href="https://golang.org/pkg/crypto/x509/#MarshalPKIXPublicKey">See here</a> for details.</td>
  1502. </tr>
  1503. <tr>
  1504. <td>jwkPrivateKeyPem</td>
  1505. <td>Takes an json-serialized JWK as <code>string</code> and returns an PEM block of type <code>PRIVATE KEY</code> that contains the private key in PKCS #8 format. <a href="https://golang.org/pkg/crypto/x509/#MarshalPKCS8PrivateKey">See here</a> for details.</td>
  1506. </tr>
  1507. <tr>
  1508. <td>toYaml</td>
  1509. <td>Takes an interface, marshals it to yaml. It returns a string, even on marshal error (empty string).</td>
  1510. </tr>
  1511. <tr>
  1512. <td>fromYaml</td>
  1513. <td>Function converts a YAML document into a map[string]interface{}.</td>
  1514. </tr>
  1515. </tbody>
  1516. </table>
  1517. <h2 id="migrating-from-v1">Migrating from v1</h2>
  1518. <p>If you are still using <code>v1alpha1</code>, You have to opt-in to use the new engine version by specifying <code>template.engineVersion=v2</code>:</p>
  1519. <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
  1520. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
  1521. <span class="nt">metadata</span><span class="p">:</span>
  1522. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret</span>
  1523. <span class="nt">spec</span><span class="p">:</span>
  1524. <span class="w"> </span><span class="c1"># ...</span>
  1525. <span class="w"> </span><span class="nt">target</span><span class="p">:</span>
  1526. <span class="w"> </span><span class="nt">template</span><span class="p">:</span>
  1527. <span class="w"> </span><span class="nt">engineVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v2</span>
  1528. <span class="w"> </span><span class="c1"># ...</span>
  1529. </code></pre></div>
  1530. <p>The biggest change was that basically all function parameter types were changed from accepting/returning <code>[]byte</code> to <code>string</code>. This is relevant for you because now you don't need to specify <code>toString</code> all the time at the end of a template pipeline.</p>
  1531. <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
  1532. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
  1533. <span class="c1"># ...</span>
  1534. <span class="nt">spec</span><span class="p">:</span>
  1535. <span class="w"> </span><span class="nt">target</span><span class="p">:</span>
  1536. <span class="w"> </span><span class="nt">template</span><span class="p">:</span>
  1537. <span class="w"> </span><span class="nt">engineVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v2</span>
  1538. <span class="w"> </span><span class="nt">data</span><span class="p">:</span>
  1539. <span class="w"> </span><span class="c1"># this used to be {{ .foobar | toString }}</span>
  1540. <span class="w"> </span><span class="nt">egg</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;new:</span><span class="nv"> </span><span class="s">{{</span><span class="nv"> </span><span class="s">.foobar</span><span class="nv"> </span><span class="s">}}&quot;</span>
  1541. </code></pre></div>
  1542. <h5 id="functions-removedreplaced">Functions removed/replaced</h5>
  1543. <ul>
  1544. <li><code>base64encode</code> was renamed to <code>b64enc</code>.</li>
  1545. <li><code>base64decode</code> was renamed to <code>b64dec</code>. Any errors that occur during decoding are silenced.</li>
  1546. <li><code>fromJSON</code> was renamed to <code>fromJson</code>. Any errors that occur during unmarshalling are silenced.</li>
  1547. <li><code>toJSON</code> was renamed to <code>toJson</code>. Any errors that occur during marshalling are silenced.</li>
  1548. <li><code>pkcs12key</code> and <code>pkcs12keyPass</code> encode the PKCS#8 key directly into PEM format. There is no need to call <code>pemPrivateKey</code> anymore. Also, these functions do extract all private keys from the PKCS#12 archive not just the first one.</li>
  1549. <li><code>pkcs12cert</code> and <code>pkcs12certPass</code> encode the certs directly into PEM format. There is no need to call <code>pemCertificate</code> anymore. These functions now <strong>extract all certificates</strong> from the PKCS#12 archive not just the first one.</li>
  1550. <li><code>toString</code> implementation was replaced by the <code>sprig</code> implementation and should be api-compatible.</li>
  1551. <li><code>toBytes</code> was removed.</li>
  1552. <li><code>pemPrivateKey</code> was removed. It's now implemented within the <code>pkcs12*</code> functions.</li>
  1553. <li><code>pemCertificate</code> was removed. It's now implemented within the <code>pkcs12*</code> functions.</li>
  1554. </ul>
  1555. </article>
  1556. </div>
  1557. <script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
  1558. </div>
  1559. </main>
  1560. <footer class="md-footer">
  1561. <div class="md-footer-meta md-typeset">
  1562. <div class="md-footer-meta__inner md-grid">
  1563. <div class="md-copyright">
  1564. <div class="md-copyright__highlight">
  1565. &copy; 2023 The external-secrets Authors.<br/>
  1566. &copy; 2023 The Linux Foundation. All rights reserved.<br/><br/>
  1567. The Linux Foundation has registered trademarks and uses trademarks.<br/>
  1568. For a list of trademarks of The Linux Foundation, please see our <a href="https://www.linuxfoundation.org/trademark-usage/">Trademark Usage page</a>.
  1569. </div>
  1570. Made with
  1571. <a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
  1572. Material for MkDocs
  1573. </a>
  1574. </div>
  1575. </div>
  1576. </div>
  1577. </footer>
  1578. </div>
  1579. <div class="md-dialog" data-md-component="dialog">
  1580. <div class="md-dialog__inner md-typeset"></div>
  1581. </div>
  1582. <script id="__config" type="application/json">{"base": "../..", "features": ["navigation.tabs", "navigation.indexes", "navigation.expand"], "search": "../../assets/javascripts/workers/search.c011b7c0.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}, "version": {"provider": "mike"}}</script>
  1583. <script src="../../assets/javascripts/bundle.7389ff0e.min.js"></script>
  1584. </body>
  1585. </html>