Tree:
37ea19b831
IdanAdar-patch-1
Switch-UBI-to-go-toolset-as-base-image
aws-iam-anywhere
aws-metadata
beach-team
beach-team-fix/beach-team-pipeline
beach/fix-fake-provider
beach/keyvault-set-secret
bh.ss
broken-link
bump/0.8.13
bunp-helm-chart
chart/certcontroller-partial-cache
chore/bump-0.9.2-branch
chore/bump-controller-runtime
chore/refactor-aws-auth
chore/standardize-vault-auth-paths
chore/update-readme-with-vision
cleanup-keys-when-using-template
coderabbitai/docstrings/17d3e22
conversion-webhook-debug
copilot/fix-code-scanning-alerts
copilot/fix-license-header-typographical-errors
copilot/sub-pr-6021
dependabot/go_modules/github.com/onsi/ginkgo-1.15.1
dependabot/go_modules/sigs.k8s.io/controller-runtime-0.8.3
design/decoding-strategy
dev/jsauvain/plugin_ovh_provider
docs/demo-of-devops-toolkit
e2e-test-run
feat/add-log-values-to-helm-chart
feature/aws-getallsecrets
feature/aws-getallsecrets-trim-root-path
feature/configure-promethues-target-port
feature/custom-cert-secret
feature/gcp-referent-auth
feature/keyvault-deletion-policy
feature/new-provider-structure
fix-infisical-404
fix-test
fix/e2e
fix/gcp-issues
fix/kubernetes-access-review-strategy
fix/vault-lint
fix/vault-not-handling-json-values
gc-fix-update-readme
gc/design/gen-secretstore-v2
gc/fix/ibm
gc/fix/v015.1
gc/rollback-0.15.1
gh-pages
gh-pages-dev
gitlab-validation-refactors
gusfcarvalho-patch-1
main
mj-add-generator
mj-aws-v2-parameterstore-e2e
mj-bump-ubiimg
mj-bumps
mj-design-oopp
mj-e2e-managed-aws-tf
mj-expose-admission-warnings
mj-fix-aws-genereator-auth-cache
mj-fix-dashboard
mj-fix-reko
mj-fix-vault-ref-spec
mj-go-mod
mj-provider-mod
mj-pushsecret-generator-state
mj-test-gcp-m
mj-test-mgmt
mj-v2-poc
mj-v2-poc-rebased
poc-workflow
pr-5527
predicate-watch-fix
promote-chart-0.9.11
release-0.10.3-helm-charts
release-0.10.4-helm-charts
release-0.6
release-0.7
release-0.8
release-0.9
release-branch-test-1
release-chart-v0.10.5
release-chart-v0.15.0
release-chart-v0.15.0-2
release-chart-v0.15.0-3
release-helm-2.2.0
release-helm-chart-v0.10.5
release-helm-chart-v0.16.1
release-helm-chart-v0.16.2
release-helm-chart-v0.17.0
release-helm-chart-v0.18.1
release-helm-chart-v0.18.2
release-helm-chart-v0.19.0
release-helm-chart-v0.19.1
release-helm-chart-v0.20.1
release-helm-chart-v0.20.1-2
release-helm-chart-v0.20.1-3
release-helm-chart-v0.20.2
release-helm-chart-v0.20.3
release-helm-chart-v0.20.3-2
release-helm-chart-v0.20.4
release-helm-chart-v1.0.0
release-helm-chart-v1.1.0
release-notes-0.18.0
release-v0.10.6-helm-chart
release-v0.10.6-helm-chart-docs
release-v0.10.7
release-v0.11.0-charts
release-v0.12.1-charts
release-v0.13.0-charts
release-v0.13.0-charts-2
release-v0.14.0-charts
release-v0.14.2-charts
release-v0.14.3-charts
release-v0.14.3-charts-2
release-v0.14.4
revert-662-revert-613-getall-Secrets
sonar-dispatch
test-ca-cert-trouble
test-e2e-no-fork-2
test-e2e-run
test-infra
test-non-fork-e2e-test
update-deps-1679516143
update-deps-1679516914
update-deps-1679517123
update-deps-1679518009
update-deps-1679519068
update-deps-1679520715
update-deps-1679521323
update-deps-1679522475
update-deps-1679524823
update-deps-1679526149
update-deps-1679526150
update-deps-1684144987
update-deps-1684144991
update-deps-1684749783
update-deps-1684749784
update-deps-1685354595
update-deps-1685354598
update-deps-1685959386
update-deps-1685959389
update-deps-1686564186
update-deps-1686564187
update-deps-1687168984
update-deps-1688983412
update-deps-1689588212
update-deps-1689588216
update-deps-1689588218
update-deps-1690192998
update-deps-1690192999
update-deps-1690193006
update-deps-1690797787
update-deps-1690797790
update-deps-1690797793
update-deps-1691402717
update-deps-1692612193
update-deps-1692612200
update-deps-1698660199
update-deps-1699265013
update-deps-1699869789
update-deps-1702893806
update-deps-1703498593
update-deps-1704103390
update-deps-1705313002
update-deps-1705313003
update-deps-1707127435
update-deps-1708337007
update-deps-1708941785
update-deps-1709548582
update-deps-1711361006
update-deps-1728295726
update-deps-1728900214
update-deps-1729505043
update-deps-1730714625
update-deps-1731319410
update-deps-1731924224
update-deps-1733738623
update-deps-1734343423
update-deps-1734948213
update-deps-1735553019
update-deps-1735553021
update-deps-1736157834
update-deps-1736762637
update-deps-1737367411
update-deps-1737367413
update-deps-1737972215
update-deps-1738577008
update-deps-1739181819
update-deps-1739786702
update-deps-1740391424
update-deps-1740996509
update-deps-1741601012
update-deps-1742205840
update-deps-1742810656
update-deps-1744021399
update-deps-1745229858
update-deps-1745836636
update-deps-1746439470
update-deps-1747044270
update-deps-1747649082
update-deps-1748254077
update-deps-1748858663
update-deps-1749463460
update-deps-1750068277
update-deps-1750673073
update-deps-1751277848
update-deps-1751882658
update-deps-1752487463
update-deps-1753092271
update-deps-1753697066
update-deps-1754301928
update-deps-1754906674
update-deps-1755511479
update-deps-1755511483
update-deps-1756116259
update-deps-1762164298
update-deps-1770632590
update-deps-1774261326
update-helm-chart-v0.14.2
update-ibm-docs
update-vault-api
validate-secret-store-gitlab
validate-store-oracle
helm-chart-2.3.0
v2.3.0
helm-chart-2.2.0
v2.2.0
helm-chart-2.1.0
v2.1.0
helm-chart-2.0.1
v2.0.1
helm-chart-2.0.0
v2.0.0
helm-chart-1.3.2
v1.3.2
helm-chart-1.3.1
v1.3.1
v1.3.0
helm-chart-1.2.1
v1.2.1
helm-chart-1.2.0
v1.2.0
helm-chart-1.1.1
v1.1.1
helm-chart-1.1.0
v1.1.0
helm-chart-1.0.0
v1.0.0
v0.2.1-esoctl
v0.2.0-esoctl
helm-chart-0.20.4
v0.20.4
helm-chart-0.20.3
v0.20.3
helm-chart-0.20.2
v0.20.2
helm-chart-0.20.1
v0.20.1
v0.20.0
helm-chart-0.19.2
v0.19.2
helm-chart-0.19.1
v0.19.1
helm-chart-0.19.0
v0.19.0
helm-chart-0.18.2
v0.18.2
helm-chart-0.18.1
v0.18.1
helm-chart-0.18.0
v0.18.0
helm-chart-0.18.0-rc1
v0.18.0-rc1
helm-chart-0.17.1-rc1
v0.17.1-rc1
helm-chart-0.17.0
v0.17.0
helm-chart-0.16.2
v0.16.2
helm-chart-0.16.1
v0.16.1
helm-chart-0.16.0
v0.16.0
helm-chart-0.15.1
v0.15.1
helm-chart-0.15.0
v0.15.0
helm-chart-0.14.4
v0.14.4
helm-chart-0.14.3
v0.14.3
helm-chart-0.14.2
v0.14.2
helm-chart-0.14.1
v0.14.1
helm-chart-0.14.0
v0.14.0
helm-chart-0.13.0
v0.13.0
v0.1.0-esoctl
v0.1.0-render
helm-chart-0.12.1
v0.12.1
v0.12.0
helm-chart-0.11.0
v0.11.0
helm-chart-0.10.7
v0.10.7
helm-chart-0.10.6
v0.10.6
helm-chart-0.10.5
v0.10.5
helm-chart-0.10.4
v0.10.4
helm-chart-0.10.3
v0.10.3
helm-chart-0.10.2
v0.10.2
helm-chart-0.10.1
v0.10.1
helm-chart-0.10.0
v0.10.0
helm-chart-0.9.20
v0.9.20
helm-chart-0.9.19
v0.9.19
helm-chart-0.9.18
v0.9.18
helm-chart-0.9.17
v0.9.17
helm-chart-0.9.16
v0.8.17
v0.8.16
v0.9.16
helm-chart-0.9.15-2
v0.9.15-2
v0.9.15
v0.8.15
helm-chart-0.9.14
v0.9.14
v0.8.14
helm-chart-0.9.13
v0.9.13
v0.8.13
helm-chart-0.9.12
v0.9.12
v0.8.12
helm-chart-0.9.11
v0.9.11
helm-chart-0.9.10
v0.9.10
v0.8.11
v0.8.10
helm-chart-0.9.9
v0.9.9
helm-chart-0.9.8
v0.9.8
helm-chart-0.9.7
v0.9.7
v0.8.9
v0.8.8
helm-chart-0.9.6
v0.9.6
helm-chart-0.9.5
v0.9.5
helm-chart-0.9.4
v0.9.4
helm-chart-0.9.3
helm-chart-0.8.7
v0.9.3
v0.8.7
helm-chart-0.9.2
helm-chart-0.8.6
v0.9.2
v0.8.6
helm-chart-0.8.5
helm-chart-0.9.1
v0.9.1
v0.8.5
helm-chart-0.9.0
helm-chart-0.8.4
v0.9.0
v0.8.4
helm-chart-0.8.3
v0.8.3
helm-chart-0.8.2
v0.8.2
v0.7.3
helm-chart-0.8.1
v0.8.1
helm-chart-0.8.0
v0.8.0
helm-chart-0.7.2
v0.7.2
helm-chart-0.7.1
v0.7.1
helm-chart-0.7.0
v0.7.0
helm-chart-0.7.0-rc1
v0.7.0-rc1
helm-chart-0.6.1
v0.6.1
helm-chart-0.6.0
v0.6.0
helm-chart-0.6.0-rc1
v0.6.0-rc1
helm-chart-0.5.9
v0.5.9
helm-chart-0.5.8
v0.5.8
helm-chart-0.5.7
v0.5.7
helm-chart-0.5.6
v0.5.6
helm-chart-0.5.5
v0.5.5
helm-chart-0.5.4
v0.5.4
helm-chart-0.5.3
v0.5.3
helm-chart-0.5.2
v0.5.2
helm-chart-0.5.1
v0.5.1
helm-chart-0.5.0
v0.5.0
helm-chart-0.4.4
v0.4.4
helm-chart-0.4.3
v0.4.3
helm-chart-0.4.2
v0.4.2
helm-chart-0.4.1
v0.4.1
helm-chart-0.4.0
v0.4.0
helm-chart-0.3.11
v0.3.11
helm-chart-0.3.10
v0.3.10
helm-chart-0.3.9
v0.3.9
helm-chart-0.3.8
v0.3.8
helm-chart-0.3.7
v0.3.7
helm-chart-0.3.6
v0.3.6
v.0.3.6
helm-chart-0.3.5
v0.3.5
helm-chart-0.3.4
v0.3.4
helm-chart-0.3.3
v0.3.3
helm-chart-0.3.2
v0.3.2
helm-chart-0.3.1
v0.3.1
helm-chart-0.3.0
v0.3.0
helm-chart-0.2.3
v0.2.3
helm-chart-0.2.2
v0.2.2
helm-chart-0.2.1
v0.2.1
helm-chart-0.2.0
v0.2.0
v0.1.4
helm-chart-0.1.4
v0.1.3
helm-chart-0.1.3
helm-chart-0.1.2
v0.1.2
helm-chart-0.1.1
v0.1.0
acr.md 2.0 KB
The Azure Container Registry (ACR) generator creates a short-lived refresh or access token for accessing ACR.
The token is generated for a particular ACR registry defined in spec.registry.
Output Keys and Values
| Key | Description |
|---|---|
| username | username for the docker login command |
| password | password for the docker login command |
Authentication
You must choose one out of three authentication mechanisms:
- service principal
- managed identity
- workload identity
The generated token will inherit the permissions from the assigned policy. I.e. when you assign a read-only policy all generated tokens will be read-only.
You must assign a Azure RBAC role, such as AcrPush or AcrPull to the service principal in order to be able to authenticate with the Azure container registry API.
You can scope tokens to a particular repository using spec.scope.
Scope
First, an Azure Active Directory access token is obtained with the desired authentication method.
This AAD access token will be used to authenticate against ACR to issue a refresh token or access token.
If spec.scope if it is defined it obtains an ACR access token. If spec.scope is missing it obtains an ACR refresh token:
- access tokens are scoped to a specific repository or action (pull,push)
- refresh tokens can are scoped to whatever policy is attached to the identity that creates the acr refresh token
The Scope grammar is defined in the Docker Registry spec.
Note: You can not use a wildcards in the scope parameter, you can match exactly one repository and defined multiple actions like pull or push.
Example scopes:
repository:my-repository:pull,push
repository:my-repository:pull
Example Manifest
{% include 'generator-acr.yaml' %}
Example ExternalSecret that references the ACR generator:
{% include 'generator-acr-example.yaml' %}