index.html 105 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168216921702171217221732174217521762177217821792180218121822183218421852186218721882189219021912192219321942195219621972198219922002201220222032204220522062207220822092210221122122213221422152216221722182219222022212222222322242225222622272228222922302231223222332234223522362237223822392240224122422243224422452246224722482249225022512252225322542255225622572258225922602261226222632264226522662267226822692270227122722273227422752276227722782279228022812282228322842285228622872288228922902291229222932294229522962297229822992300230123022303230423052306230723082309231023112312231323142315231623172318231923202321232223232324232523262327232823292330233123322333233423352336233723382339234023412342234323442345234623472348234923502351235223532354235523562357235823592360236123622363236423652366236723682369237023712372237323742375237623772378237923802381238223832384238523862387238823892390239123922393239423952396239723982399240024012402240324042405240624072408240924102411241224132414241524162417241824192420242124222423242424252426242724282429243024312432243324342435243624372438243924402441244224432444244524462447244824492450245124522453245424552456245724582459246024612462246324642465246624672468246924702471247224732474247524762477247824792480248124822483248424852486248724882489249024912492249324942495249624972498249925002501250225032504250525062507250825092510251125122513251425152516251725182519252025212522252325242525252625272528252925302531253225332534253525362537253825392540254125422543254425452546254725482549255025512552255325542555255625572558255925602561256225632564256525662567256825692570257125722573257425752576257725782579258025812582258325842585258625872588258925902591259225932594259525962597259825992600260126022603260426052606260726082609261026112612261326142615261626172618261926202621262226232624262526262627262826292630263126322633263426352636263726382639264026412642264326442645264626472648264926502651265226532654265526562657265826592660266126622663266426652666266726682669267026712672267326742675267626772678267926802681268226832684268526862687268826892690269126922693269426952696269726982699270027012702270327042705270627072708270927102711271227132714271527162717271827192720272127222723272427252726272727282729273027312732273327342735273627372738273927402741274227432744274527462747274827492750275127522753275427552756275727582759276027612762276327642765276627672768276927702771277227732774277527762777277827792780278127822783278427852786278727882789279027912792279327942795279627972798279928002801280228032804280528062807280828092810281128122813281428152816281728182819282028212822282328242825282628272828282928302831283228332834283528362837283828392840284128422843284428452846284728482849285028512852285328542855285628572858285928602861286228632864286528662867286828692870287128722873287428752876287728782879288028812882288328842885288628872888288928902891289228932894289528962897289828992900290129022903290429052906290729082909291029112912291329142915291629172918291929202921292229232924292529262927292829292930293129322933293429352936293729382939294029412942294329442945294629472948294929502951295229532954295529562957295829592960296129622963296429652966296729682969297029712972297329742975297629772978297929802981298229832984298529862987298829892990299129922993299429952996299729982999300030013002300330043005300630073008300930103011301230133014301530163017301830193020302130223023302430253026302730283029303030313032303330343035303630373038303930403041304230433044304530463047304830493050305130523053305430553056305730583059306030613062306330643065306630673068306930703071307230733074307530763077307830793080308130823083308430853086308730883089309030913092309330943095309630973098309931003101310231033104310531063107310831093110311131123113311431153116311731183119312031213122312331243125312631273128312931303131313231333134313531363137313831393140314131423143314431453146314731483149315031513152315331543155315631573158315931603161316231633164316531663167316831693170317131723173317431753176317731783179318031813182318331843185318631873188318931903191319231933194319531963197319831993200320132023203320432053206320732083209321032113212321332143215321632173218321932203221322232233224322532263227322832293230323132323233323432353236323732383239324032413242324332443245324632473248324932503251325232533254325532563257325832593260326132623263326432653266326732683269327032713272327332743275327632773278327932803281328232833284328532863287328832893290329132923293329432953296329732983299330033013302330333043305330633073308330933103311331233133314331533163317331833193320332133223323332433253326332733283329333033313332333333343335333633373338333933403341334233433344334533463347334833493350335133523353335433553356335733583359336033613362336333643365336633673368336933703371337233733374337533763377337833793380338133823383338433853386338733883389339033913392339333943395339633973398339934003401340234033404340534063407340834093410341134123413341434153416341734183419342034213422342334243425342634273428342934303431343234333434343534363437343834393440344134423443344434453446344734483449345034513452345334543455345634573458345934603461346234633464346534663467346834693470347134723473347434753476347734783479348034813482348334843485348634873488348934903491349234933494349534963497349834993500350135023503350435053506350735083509351035113512351335143515351635173518351935203521352235233524352535263527352835293530353135323533353435353536353735383539354035413542354335443545354635473548354935503551355235533554355535563557355835593560356135623563356435653566356735683569357035713572357335743575357635773578357935803581358235833584358535863587358835893590359135923593359435953596359735983599360036013602360336043605360636073608360936103611361236133614361536163617361836193620362136223623362436253626362736283629363036313632363336343635363636373638363936403641364236433644364536463647364836493650365136523653365436553656365736583659366036613662366336643665366636673668366936703671367236733674367536763677367836793680368136823683368436853686368736883689369036913692369336943695369636973698369937003701370237033704370537063707370837093710371137123713371437153716371737183719372037213722372337243725372637273728372937303731373237333734373537363737373837393740374137423743374437453746374737483749375037513752375337543755375637573758375937603761376237633764376537663767376837693770377137723773377437753776377737783779378037813782378337843785378637873788378937903791379237933794379537963797379837993800380138023803380438053806380738083809381038113812381338143815381638173818381938203821382238233824382538263827382838293830383138323833383438353836383738383839384038413842384338443845384638473848384938503851385238533854385538563857385838593860386138623863386438653866386738683869387038713872387338743875387638773878387938803881388238833884388538863887388838893890389138923893389438953896389738983899390039013902390339043905390639073908390939103911391239133914391539163917391839193920392139223923392439253926392739283929393039313932393339343935393639373938393939403941394239433944394539463947394839493950395139523953395439553956395739583959396039613962396339643965396639673968396939703971397239733974397539763977397839793980398139823983398439853986398739883989399039913992399339943995399639973998399940004001400240034004400540064007400840094010401140124013401440154016401740184019402040214022402340244025402640274028402940304031403240334034403540364037403840394040404140424043404440454046404740484049405040514052405340544055405640574058405940604061406240634064406540664067406840694070407140724073407440754076407740784079408040814082408340844085408640874088408940904091409240934094409540964097409840994100410141024103410441054106410741084109411041114112411341144115411641174118411941204121412241234124412541264127412841294130413141324133413441354136413741384139414041414142414341444145414641474148414941504151415241534154415541564157415841594160416141624163416441654166416741684169417041714172417341744175417641774178417941804181418241834184418541864187418841894190419141924193419441954196419741984199420042014202420342044205420642074208420942104211421242134214421542164217421842194220422142224223422442254226422742284229423042314232423342344235423642374238423942404241424242434244424542464247424842494250425142524253425442554256425742584259426042614262426342644265426642674268426942704271427242734274427542764277427842794280428142824283428442854286428742884289429042914292429342944295429642974298429943004301430243034304430543064307430843094310431143124313431443154316431743184319432043214322432343244325432643274328432943304331433243334334433543364337433843394340434143424343434443454346434743484349435043514352435343544355435643574358435943604361436243634364436543664367436843694370437143724373437443754376437743784379438043814382438343844385438643874388438943904391439243934394439543964397439843994400440144024403440444054406440744084409441044114412441344144415441644174418441944204421442244234424442544264427442844294430443144324433443444354436443744384439444044414442444344444445444644474448444944504451445244534454445544564457445844594460446144624463446444654466446744684469447044714472447344744475447644774478447944804481448244834484448544864487448844894490449144924493449444954496449744984499450045014502450345044505450645074508450945104511451245134514451545164517451845194520452145224523452445254526452745284529453045314532453345344535453645374538453945404541454245434544454545464547454845494550455145524553455445554556455745584559456045614562456345644565456645674568456945704571457245734574457545764577457845794580458145824583458445854586458745884589459045914592459345944595459645974598459946004601460246034604460546064607460846094610461146124613461446154616461746184619462046214622462346244625462646274628462946304631463246334634463546364637463846394640464146424643464446454646464746484649465046514652465346544655465646574658465946604661466246634664466546664667466846694670467146724673467446754676467746784679468046814682468346844685468646874688468946904691469246934694469546964697469846994700470147024703470447054706470747084709471047114712471347144715471647174718471947204721472247234724472547264727472847294730473147324733473447354736473747384739474047414742474347444745474647474748474947504751475247534754475547564757475847594760476147624763476447654766476747684769477047714772477347744775477647774778477947804781478247834784478547864787478847894790479147924793479447954796479747984799480048014802480348044805480648074808480948104811481248134814481548164817481848194820482148224823482448254826482748284829483048314832483348344835483648374838483948404841484248434844484548464847484848494850485148524853485448554856485748584859486048614862486348644865486648674868486948704871487248734874487548764877487848794880488148824883488448854886488748884889489048914892489348944895489648974898489949004901490249034904490549064907490849094910491149124913491449154916491749184919492049214922492349244925492649274928492949304931493249334934493549364937493849394940494149424943494449454946494749484949495049514952495349544955495649574958495949604961496249634964496549664967496849694970497149724973497449754976497749784979498049814982498349844985498649874988498949904991499249934994499549964997499849995000500150025003500450055006500750085009501050115012501350145015501650175018501950205021502250235024502550265027502850295030503150325033503450355036503750385039504050415042504350445045504650475048504950505051505250535054505550565057505850595060506150625063506450655066506750685069507050715072507350745075507650775078507950805081508250835084508550865087508850895090509150925093509450955096509750985099510051015102510351045105510651075108510951105111511251135114511551165117511851195120512151225123512451255126512751285129513051315132513351345135513651375138513951405141514251435144514551465147514851495150515151525153515451555156515751585159516051615162516351645165516651675168516951705171517251735174517551765177517851795180518151825183518451855186518751885189519051915192519351945195519651975198519952005201520252035204520552065207520852095210521152125213521452155216521752185219522052215222522352245225522652275228522952305231523252335234523552365237523852395240524152425243524452455246524752485249525052515252525352545255525652575258525952605261526252635264526552665267526852695270527152725273527452755276527752785279528052815282528352845285528652875288528952905291529252935294529552965297529852995300530153025303530453055306530753085309531053115312531353145315531653175318531953205321532253235324532553265327532853295330533153325333533453355336533753385339534053415342534353445345534653475348534953505351535253535354535553565357535853595360536153625363536453655366536753685369537053715372537353745375537653775378537953805381538253835384538553865387538853895390539153925393539453955396539753985399540054015402540354045405540654075408540954105411541254135414541554165417541854195420542154225423542454255426542754285429543054315432543354345435543654375438543954405441544254435444544554465447544854495450545154525453545454555456545754585459546054615462546354645465546654675468546954705471547254735474547554765477547854795480548154825483548454855486548754885489549054915492549354945495549654975498549955005501550255035504550555065507550855095510551155125513551455155516551755185519552055215522552355245525552655275528552955305531553255335534553555365537553855395540554155425543554455455546554755485549555055515552555355545555555655575558555955605561556255635564556555665567556855695570557155725573557455755576557755785579558055815582558355845585558655875588558955905591559255935594559555965597559855995600560156025603560456055606560756085609561056115612561356145615561656175618561956205621562256235624562556265627562856295630563156325633563456355636563756385639564056415642564356445645564656475648564956505651565256535654565556565657565856595660566156625663566456655666566756685669567056715672567356745675567656775678567956805681568256835684568556865687568856895690569156925693569456955696569756985699570057015702570357045705570657075708570957105711571257135714571557165717571857195720572157225723572457255726572757285729573057315732573357345735573657375738573957405741574257435744574557465747574857495750575157525753575457555756575757585759576057615762576357645765576657675768576957705771
  1. <!doctype html>
  2. <html lang="en" class="no-js">
  3. <head>
  4. <meta charset="utf-8">
  5. <meta name="viewport" content="width=device-width,initial-scale=1">
  6. <link rel="prev" href="../vault/">
  7. <link rel="next" href="../password/">
  8. <link rel="icon" href="../../../pictures/eso-round-logo.svg">
  9. <meta name="generator" content="mkdocs-1.6.1, mkdocs-material-9.7.6">
  10. <title>BeyondTrust Workload Credentials - External Secrets Operator</title>
  11. <link rel="stylesheet" href="../../../assets/stylesheets/main.484c7ddc.min.css">
  12. <link rel="stylesheet" href="../../../assets/stylesheets/palette.ab4e12ef.min.css">
  13. <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
  14. <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
  15. <style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
  16. <script>__md_scope=new URL("../../..",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
  17. <script id="__analytics">function __md_analytics(){function e(){dataLayer.push(arguments)}window.dataLayer=window.dataLayer||[],e("js",new Date),e("config","G-QP38TD8K7V"),document.addEventListener("DOMContentLoaded",(function(){document.forms.search&&document.forms.search.query.addEventListener("blur",(function(){this.value&&e("event","search",{search_term:this.value})}));document$.subscribe((function(){var t=document.forms.feedback;if(void 0!==t)for(var a of t.querySelectorAll("[type=submit]"))a.addEventListener("click",(function(a){a.preventDefault();var n=document.location.pathname,d=this.getAttribute("data-md-value");e("event","feedback",{page:n,data:d}),t.firstElementChild.disabled=!0;var r=t.querySelector(".md-feedback__note [data-md-value='"+d+"']");r&&(r.hidden=!1)})),t.hidden=!1})),location$.subscribe((function(t){e("config","G-QP38TD8K7V",{page_path:t.pathname})}))}));var t=document.createElement("script");t.async=!0,t.src="https://www.googletagmanager.com/gtag/js?id=G-QP38TD8K7V",document.getElementById("__analytics").insertAdjacentElement("afterEnd",t)}</script>
  18. <script>"undefined"!=typeof __md_analytics&&__md_analytics()</script>
  19. </head>
  20. <body dir="ltr" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo">
  21. <input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
  22. <input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
  23. <label class="md-overlay" for="__drawer"></label>
  24. <div data-md-component="skip">
  25. <a href="#example-manifest" class="md-skip">
  26. Skip to content
  27. </a>
  28. </div>
  29. <div data-md-component="announce">
  30. </div>
  31. <div data-md-color-scheme="default" data-md-component="outdated" hidden>
  32. <aside class="md-banner md-banner--warning">
  33. <div class="md-banner__inner md-grid md-typeset">
  34. You're not viewing the latest version.
  35. <a href="../../../..">
  36. <strong>Click here to go to latest.</strong>
  37. </a>
  38. </div>
  39. <script>var el=document.querySelector("[data-md-component=outdated]"),base=new URL("../../.."),outdated=__md_get("__outdated",sessionStorage,base);!0===outdated&&el&&(el.hidden=!1)</script>
  40. </aside>
  41. </div>
  42. <header class="md-header" data-md-component="header">
  43. <nav class="md-header__inner md-grid" aria-label="Header">
  44. <a href="../../.." title="External Secrets Operator" class="md-header__button md-logo" aria-label="External Secrets Operator" data-md-component="logo">
  45. <img src="../../../pictures/eso-round-logo.svg" alt="logo">
  46. </a>
  47. <label class="md-header__button md-icon" for="__drawer">
  48. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg>
  49. </label>
  50. <div class="md-header__title" data-md-component="header-title">
  51. <div class="md-header__ellipsis">
  52. <div class="md-header__topic">
  53. <span class="md-ellipsis">
  54. External Secrets Operator
  55. </span>
  56. </div>
  57. <div class="md-header__topic" data-md-component="header-topic">
  58. <span class="md-ellipsis">
  59. BeyondTrust Workload Credentials
  60. </span>
  61. </div>
  62. </div>
  63. </div>
  64. <form class="md-header__option" data-md-component="palette">
  65. <input class="md-option" data-md-color-media="(prefers-color-scheme: light)" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo" aria-label="Switch to dark mode" type="radio" name="__palette" id="__palette_0">
  66. <label class="md-header__button md-icon" title="Switch to dark mode" for="__palette_1" hidden>
  67. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a4 4 0 0 0-4 4 4 4 0 0 0 4 4 4 4 0 0 0 4-4 4 4 0 0 0-4-4m0 10a6 6 0 0 1-6-6 6 6 0 0 1 6-6 6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12z"/></svg>
  68. </label>
  69. <input class="md-option" data-md-color-media="(prefers-color-scheme: dark)" data-md-color-scheme="slate" data-md-color-primary="indigo" data-md-color-accent="indigo" aria-label="Switch to light mode" type="radio" name="__palette" id="__palette_1">
  70. <label class="md-header__button md-icon" title="Switch to light mode" for="__palette_0" hidden>
  71. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 18c-.89 0-1.74-.2-2.5-.55C11.56 16.5 13 14.42 13 12s-1.44-4.5-3.5-5.45C10.26 6.2 11.11 6 12 6a6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12z"/></svg>
  72. </label>
  73. </form>
  74. <script>var palette=__md_get("__palette");if(palette&&palette.color){if("(prefers-color-scheme)"===palette.color.media){var media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']");palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent")}for(var[key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script>
  75. <label class="md-header__button md-icon" for="__search">
  76. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
  77. </label>
  78. <div class="md-search" data-md-component="search" role="dialog">
  79. <label class="md-search__overlay" for="__search"></label>
  80. <div class="md-search__inner" role="search">
  81. <form class="md-search__form" name="search">
  82. <input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
  83. <label class="md-search__icon md-icon" for="__search">
  84. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
  85. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg>
  86. </label>
  87. <nav class="md-search__options" aria-label="Search">
  88. <button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
  89. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/></svg>
  90. </button>
  91. </nav>
  92. </form>
  93. <div class="md-search__output">
  94. <div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix>
  95. <div class="md-search-result" data-md-component="search-result">
  96. <div class="md-search-result__meta">
  97. Initializing search
  98. </div>
  99. <ol class="md-search-result__list" role="presentation"></ol>
  100. </div>
  101. </div>
  102. </div>
  103. </div>
  104. </div>
  105. <div class="md-header__source">
  106. <a href="https://github.com/external-secrets/external-secrets" title="Go to repository" class="md-source" data-md-component="source">
  107. <div class="md-source__icon md-icon">
  108. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M439.6 236.1 244 40.5c-5.4-5.5-12.8-8.5-20.4-8.5s-15 3-20.4 8.4L162.5 81l51.5 51.5c27.1-9.1 52.7 16.8 43.4 43.7l49.7 49.7c34.2-11.8 61.2 31 35.5 56.7-26.5 26.5-70.2-2.9-56-37.3L240.3 199v121.9c25.3 12.5 22.3 41.8 9.1 55-6.4 6.4-15.2 10.1-24.3 10.1s-17.8-3.6-24.3-10.1c-17.6-17.6-11.1-46.9 11.2-56v-123c-20.8-8.5-24.6-30.7-18.6-45L142.6 101 8.5 235.1C3 240.6 0 247.9 0 255.5s3 15 8.5 20.4l195.6 195.7c5.4 5.4 12.7 8.4 20.4 8.4s15-3 20.4-8.4l194.7-194.7c5.4-5.4 8.4-12.8 8.4-20.4s-3-15-8.4-20.4"/></svg>
  109. </div>
  110. <div class="md-source__repository">
  111. External Secrets Operator
  112. </div>
  113. </a>
  114. </div>
  115. </nav>
  116. </header>
  117. <div class="md-container" data-md-component="container">
  118. <nav class="md-tabs" aria-label="Tabs" data-md-component="tabs">
  119. <div class="md-grid">
  120. <ul class="md-tabs__list">
  121. <li class="md-tabs__item">
  122. <a href="../../.." class="md-tabs__link">
  123. Introduction
  124. </a>
  125. </li>
  126. <li class="md-tabs__item md-tabs__item--active">
  127. <a href="../../components/" class="md-tabs__link">
  128. API
  129. </a>
  130. </li>
  131. <li class="md-tabs__item">
  132. <a href="../../../guides/introduction/" class="md-tabs__link">
  133. Guides
  134. </a>
  135. </li>
  136. <li class="md-tabs__item">
  137. <a href="../../../provider/aws-secrets-manager/" class="md-tabs__link">
  138. Provider
  139. </a>
  140. </li>
  141. <li class="md-tabs__item">
  142. <a href="../../../examples/gitops-using-fluxcd/" class="md-tabs__link">
  143. Examples
  144. </a>
  145. </li>
  146. <li class="md-tabs__item">
  147. <a href="../../../contributing/devguide/" class="md-tabs__link">
  148. Community
  149. </a>
  150. </li>
  151. </ul>
  152. </div>
  153. </nav>
  154. <main class="md-main" data-md-component="main">
  155. <div class="md-main__inner md-grid">
  156. <div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
  157. <div class="md-sidebar__scrollwrap">
  158. <div class="md-sidebar__inner">
  159. <nav class="md-nav md-nav--primary md-nav--lifted" aria-label="Navigation" data-md-level="0">
  160. <label class="md-nav__title" for="__drawer">
  161. <a href="../../.." title="External Secrets Operator" class="md-nav__button md-logo" aria-label="External Secrets Operator" data-md-component="logo">
  162. <img src="../../../pictures/eso-round-logo.svg" alt="logo">
  163. </a>
  164. External Secrets Operator
  165. </label>
  166. <div class="md-nav__source">
  167. <a href="https://github.com/external-secrets/external-secrets" title="Go to repository" class="md-source" data-md-component="source">
  168. <div class="md-source__icon md-icon">
  169. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M439.6 236.1 244 40.5c-5.4-5.5-12.8-8.5-20.4-8.5s-15 3-20.4 8.4L162.5 81l51.5 51.5c27.1-9.1 52.7 16.8 43.4 43.7l49.7 49.7c34.2-11.8 61.2 31 35.5 56.7-26.5 26.5-70.2-2.9-56-37.3L240.3 199v121.9c25.3 12.5 22.3 41.8 9.1 55-6.4 6.4-15.2 10.1-24.3 10.1s-17.8-3.6-24.3-10.1c-17.6-17.6-11.1-46.9 11.2-56v-123c-20.8-8.5-24.6-30.7-18.6-45L142.6 101 8.5 235.1C3 240.6 0 247.9 0 255.5s3 15 8.5 20.4l195.6 195.7c5.4 5.4 12.7 8.4 20.4 8.4s15-3 20.4-8.4l194.7-194.7c5.4-5.4 8.4-12.8 8.4-20.4s-3-15-8.4-20.4"/></svg>
  170. </div>
  171. <div class="md-source__repository">
  172. External Secrets Operator
  173. </div>
  174. </a>
  175. </div>
  176. <ul class="md-nav__list" data-md-scrollfix>
  177. <li class="md-nav__item md-nav__item--nested">
  178. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_1" >
  179. <div class="md-nav__link md-nav__container">
  180. <a href="../../.." class="md-nav__link ">
  181. <span class="md-ellipsis">
  182. Introduction
  183. </span>
  184. </a>
  185. <label class="md-nav__link " for="__nav_1" id="__nav_1_label" tabindex="0">
  186. <span class="md-nav__icon md-icon"></span>
  187. </label>
  188. </div>
  189. <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_1_label" aria-expanded="false">
  190. <label class="md-nav__title" for="__nav_1">
  191. <span class="md-nav__icon md-icon"></span>
  192. Introduction
  193. </label>
  194. <ul class="md-nav__list" data-md-scrollfix>
  195. <li class="md-nav__item">
  196. <a href="../../../introduction/overview/" class="md-nav__link">
  197. <span class="md-ellipsis">
  198. Overview
  199. </span>
  200. </a>
  201. </li>
  202. <li class="md-nav__item">
  203. <a href="../../../introduction/glossary/" class="md-nav__link">
  204. <span class="md-ellipsis">
  205. Glossary
  206. </span>
  207. </a>
  208. </li>
  209. <li class="md-nav__item">
  210. <a href="../../../introduction/prerequisites/" class="md-nav__link">
  211. <span class="md-ellipsis">
  212. Prerequisites
  213. </span>
  214. </a>
  215. </li>
  216. <li class="md-nav__item">
  217. <a href="../../../introduction/getting-started/" class="md-nav__link">
  218. <span class="md-ellipsis">
  219. Getting started
  220. </span>
  221. </a>
  222. </li>
  223. <li class="md-nav__item">
  224. <a href="../../../introduction/faq/" class="md-nav__link">
  225. <span class="md-ellipsis">
  226. FAQ
  227. </span>
  228. </a>
  229. </li>
  230. <li class="md-nav__item">
  231. <a href="../../../introduction/stability-support/" class="md-nav__link">
  232. <span class="md-ellipsis">
  233. Stability and Support
  234. </span>
  235. </a>
  236. </li>
  237. <li class="md-nav__item">
  238. <a href="../../../introduction/deprecation-policy/" class="md-nav__link">
  239. <span class="md-ellipsis">
  240. Deprecation Policy
  241. </span>
  242. </a>
  243. </li>
  244. </ul>
  245. </nav>
  246. </li>
  247. <li class="md-nav__item md-nav__item--active md-nav__item--section md-nav__item--nested">
  248. <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2" checked>
  249. <label class="md-nav__link" for="__nav_2" id="__nav_2_label" tabindex="">
  250. <span class="md-ellipsis">
  251. API
  252. </span>
  253. <span class="md-nav__icon md-icon"></span>
  254. </label>
  255. <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_2_label" aria-expanded="true">
  256. <label class="md-nav__title" for="__nav_2">
  257. <span class="md-nav__icon md-icon"></span>
  258. API
  259. </label>
  260. <ul class="md-nav__list" data-md-scrollfix>
  261. <li class="md-nav__item">
  262. <a href="../../components/" class="md-nav__link">
  263. <span class="md-ellipsis">
  264. Components
  265. </span>
  266. </a>
  267. </li>
  268. <li class="md-nav__item md-nav__item--nested">
  269. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_2_2" >
  270. <label class="md-nav__link" for="__nav_2_2" id="__nav_2_2_label" tabindex="0">
  271. <span class="md-ellipsis">
  272. Core Resources
  273. </span>
  274. <span class="md-nav__icon md-icon"></span>
  275. </label>
  276. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_2_2_label" aria-expanded="false">
  277. <label class="md-nav__title" for="__nav_2_2">
  278. <span class="md-nav__icon md-icon"></span>
  279. Core Resources
  280. </label>
  281. <ul class="md-nav__list" data-md-scrollfix>
  282. <li class="md-nav__item">
  283. <a href="../../externalsecret/" class="md-nav__link">
  284. <span class="md-ellipsis">
  285. ExternalSecret
  286. </span>
  287. </a>
  288. </li>
  289. <li class="md-nav__item">
  290. <a href="../../secretstore/" class="md-nav__link">
  291. <span class="md-ellipsis">
  292. SecretStore
  293. </span>
  294. </a>
  295. </li>
  296. <li class="md-nav__item">
  297. <a href="../../clustersecretstore/" class="md-nav__link">
  298. <span class="md-ellipsis">
  299. ClusterSecretStore
  300. </span>
  301. </a>
  302. </li>
  303. <li class="md-nav__item">
  304. <a href="../../clusterexternalsecret/" class="md-nav__link">
  305. <span class="md-ellipsis">
  306. ClusterExternalSecret
  307. </span>
  308. </a>
  309. </li>
  310. <li class="md-nav__item">
  311. <a href="../../clusterpushsecret/" class="md-nav__link">
  312. <span class="md-ellipsis">
  313. ClusterPushSecret
  314. </span>
  315. </a>
  316. </li>
  317. <li class="md-nav__item">
  318. <a href="../../pushsecret/" class="md-nav__link">
  319. <span class="md-ellipsis">
  320. PushSecret
  321. </span>
  322. </a>
  323. </li>
  324. </ul>
  325. </nav>
  326. </li>
  327. <li class="md-nav__item md-nav__item--active md-nav__item--nested">
  328. <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2_3" checked>
  329. <div class="md-nav__link md-nav__container">
  330. <a href="../" class="md-nav__link ">
  331. <span class="md-ellipsis">
  332. Generators
  333. </span>
  334. </a>
  335. <label class="md-nav__link " for="__nav_2_3" id="__nav_2_3_label" tabindex="0">
  336. <span class="md-nav__icon md-icon"></span>
  337. </label>
  338. </div>
  339. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_2_3_label" aria-expanded="true">
  340. <label class="md-nav__title" for="__nav_2_3">
  341. <span class="md-nav__icon md-icon"></span>
  342. Generators
  343. </label>
  344. <ul class="md-nav__list" data-md-scrollfix>
  345. <li class="md-nav__item">
  346. <a href="../acr/" class="md-nav__link">
  347. <span class="md-ellipsis">
  348. Azure Container Registry
  349. </span>
  350. </a>
  351. </li>
  352. <li class="md-nav__item">
  353. <a href="../ecr/" class="md-nav__link">
  354. <span class="md-ellipsis">
  355. AWS Elastic Container Registry
  356. </span>
  357. </a>
  358. </li>
  359. <li class="md-nav__item">
  360. <a href="../sts/" class="md-nav__link">
  361. <span class="md-ellipsis">
  362. AWS STS Session Token
  363. </span>
  364. </a>
  365. </li>
  366. <li class="md-nav__item">
  367. <a href="../cloudsmith/" class="md-nav__link">
  368. <span class="md-ellipsis">
  369. Cloudsmith
  370. </span>
  371. </a>
  372. </li>
  373. <li class="md-nav__item">
  374. <a href="../cluster/" class="md-nav__link">
  375. <span class="md-ellipsis">
  376. Cluster Generator
  377. </span>
  378. </a>
  379. </li>
  380. <li class="md-nav__item">
  381. <a href="../gcr/" class="md-nav__link">
  382. <span class="md-ellipsis">
  383. Google Container Registry
  384. </span>
  385. </a>
  386. </li>
  387. <li class="md-nav__item">
  388. <a href="../grafana/" class="md-nav__link">
  389. <span class="md-ellipsis">
  390. Grafana
  391. </span>
  392. </a>
  393. </li>
  394. <li class="md-nav__item">
  395. <a href="../quay/" class="md-nav__link">
  396. <span class="md-ellipsis">
  397. Quay
  398. </span>
  399. </a>
  400. </li>
  401. <li class="md-nav__item">
  402. <a href="../vault/" class="md-nav__link">
  403. <span class="md-ellipsis">
  404. Vault Dynamic Secret
  405. </span>
  406. </a>
  407. </li>
  408. <li class="md-nav__item md-nav__item--active">
  409. <input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
  410. <label class="md-nav__link md-nav__link--active" for="__toc">
  411. <span class="md-ellipsis">
  412. BeyondTrust Workload Credentials
  413. </span>
  414. <span class="md-nav__icon md-icon"></span>
  415. </label>
  416. <a href="./" class="md-nav__link md-nav__link--active">
  417. <span class="md-ellipsis">
  418. BeyondTrust Workload Credentials
  419. </span>
  420. </a>
  421. <nav class="md-nav md-nav--secondary" aria-label="Table of contents">
  422. <label class="md-nav__title" for="__toc">
  423. <span class="md-nav__icon md-icon"></span>
  424. Table of contents
  425. </label>
  426. <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
  427. <li class="md-nav__item">
  428. <a href="#example-manifest" class="md-nav__link">
  429. <span class="md-ellipsis">
  430. Example manifest
  431. </span>
  432. </a>
  433. </li>
  434. <li class="md-nav__item">
  435. <a href="#configuration" class="md-nav__link">
  436. <span class="md-ellipsis">
  437. Configuration
  438. </span>
  439. </a>
  440. <nav class="md-nav" aria-label="Configuration">
  441. <ul class="md-nav__list">
  442. <li class="md-nav__item">
  443. <a href="#folder-path" class="md-nav__link">
  444. <span class="md-ellipsis">
  445. Folder Path
  446. </span>
  447. </a>
  448. </li>
  449. <li class="md-nav__item">
  450. <a href="#generated-secret-fields" class="md-nav__link">
  451. <span class="md-ellipsis">
  452. Generated Secret Fields
  453. </span>
  454. </a>
  455. </li>
  456. <li class="md-nav__item">
  457. <a href="#credential-refresh-and-expiration" class="md-nav__link">
  458. <span class="md-ellipsis">
  459. Credential Refresh and Expiration
  460. </span>
  461. </a>
  462. <nav class="md-nav" aria-label="Credential Refresh and Expiration">
  463. <ul class="md-nav__list">
  464. <li class="md-nav__item">
  465. <a href="#setting-refresh-interval" class="md-nav__link">
  466. <span class="md-ellipsis">
  467. Setting Refresh Interval
  468. </span>
  469. </a>
  470. </li>
  471. <li class="md-nav__item">
  472. <a href="#what-happens-if-refreshinterval-credential-expiration" class="md-nav__link">
  473. <span class="md-ellipsis">
  474. What happens if refreshInterval &gt; credential expiration?
  475. </span>
  476. </a>
  477. </li>
  478. <li class="md-nav__item">
  479. <a href="#what-happens-if-refreshinterval-credential-expiration_1" class="md-nav__link">
  480. <span class="md-ellipsis">
  481. What happens if refreshInterval &lt;&lt; credential expiration?
  482. </span>
  483. </a>
  484. </li>
  485. </ul>
  486. </nav>
  487. </li>
  488. <li class="md-nav__item">
  489. <a href="#generator-reusability" class="md-nav__link">
  490. <span class="md-ellipsis">
  491. Generator Reusability
  492. </span>
  493. </a>
  494. </li>
  495. <li class="md-nav__item">
  496. <a href="#authentication" class="md-nav__link">
  497. <span class="md-ellipsis">
  498. Authentication
  499. </span>
  500. </a>
  501. </li>
  502. <li class="md-nav__item">
  503. <a href="#certificate-trust" class="md-nav__link">
  504. <span class="md-ellipsis">
  505. Certificate Trust
  506. </span>
  507. </a>
  508. </li>
  509. <li class="md-nav__item">
  510. <a href="#server-configuration" class="md-nav__link">
  511. <span class="md-ellipsis">
  512. Server Configuration
  513. </span>
  514. </a>
  515. </li>
  516. <li class="md-nav__item">
  517. <a href="#complete-example" class="md-nav__link">
  518. <span class="md-ellipsis">
  519. Complete Example
  520. </span>
  521. </a>
  522. </li>
  523. <li class="md-nav__item">
  524. <a href="#troubleshooting" class="md-nav__link">
  525. <span class="md-ellipsis">
  526. Troubleshooting
  527. </span>
  528. </a>
  529. <nav class="md-nav" aria-label="Troubleshooting">
  530. <ul class="md-nav__list">
  531. <li class="md-nav__item">
  532. <a href="#empty-credential-fields" class="md-nav__link">
  533. <span class="md-ellipsis">
  534. Empty Credential Fields
  535. </span>
  536. </a>
  537. </li>
  538. <li class="md-nav__item">
  539. <a href="#authentication-errors" class="md-nav__link">
  540. <span class="md-ellipsis">
  541. Authentication Errors
  542. </span>
  543. </a>
  544. </li>
  545. <li class="md-nav__item">
  546. <a href="#timeout-errors" class="md-nav__link">
  547. <span class="md-ellipsis">
  548. Timeout Errors
  549. </span>
  550. </a>
  551. </li>
  552. <li class="md-nav__item">
  553. <a href="#credential-expiration-issues" class="md-nav__link">
  554. <span class="md-ellipsis">
  555. Credential Expiration Issues
  556. </span>
  557. </a>
  558. </li>
  559. </ul>
  560. </nav>
  561. </li>
  562. </ul>
  563. </nav>
  564. </li>
  565. </ul>
  566. </nav>
  567. </li>
  568. <li class="md-nav__item">
  569. <a href="../password/" class="md-nav__link">
  570. <span class="md-ellipsis">
  571. Password
  572. </span>
  573. </a>
  574. </li>
  575. <li class="md-nav__item">
  576. <a href="../fake/" class="md-nav__link">
  577. <span class="md-ellipsis">
  578. Fake
  579. </span>
  580. </a>
  581. </li>
  582. <li class="md-nav__item">
  583. <a href="../webhook/" class="md-nav__link">
  584. <span class="md-ellipsis">
  585. Webhook
  586. </span>
  587. </a>
  588. </li>
  589. <li class="md-nav__item">
  590. <a href="../github/" class="md-nav__link">
  591. <span class="md-ellipsis">
  592. Github
  593. </span>
  594. </a>
  595. </li>
  596. <li class="md-nav__item">
  597. <a href="../gitlab/" class="md-nav__link">
  598. <span class="md-ellipsis">
  599. Gitlab
  600. </span>
  601. </a>
  602. </li>
  603. <li class="md-nav__item">
  604. <a href="../uuid/" class="md-nav__link">
  605. <span class="md-ellipsis">
  606. UUID
  607. </span>
  608. </a>
  609. </li>
  610. <li class="md-nav__item">
  611. <a href="../mfa/" class="md-nav__link">
  612. <span class="md-ellipsis">
  613. MFA
  614. </span>
  615. </a>
  616. </li>
  617. <li class="md-nav__item">
  618. <a href="../sshkey/" class="md-nav__link">
  619. <span class="md-ellipsis">
  620. SSHKey
  621. </span>
  622. </a>
  623. </li>
  624. </ul>
  625. </nav>
  626. </li>
  627. <li class="md-nav__item md-nav__item--nested">
  628. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_2_4" >
  629. <label class="md-nav__link" for="__nav_2_4" id="__nav_2_4_label" tabindex="0">
  630. <span class="md-ellipsis">
  631. Reference Docs
  632. </span>
  633. <span class="md-nav__icon md-icon"></span>
  634. </label>
  635. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_2_4_label" aria-expanded="false">
  636. <label class="md-nav__title" for="__nav_2_4">
  637. <span class="md-nav__icon md-icon"></span>
  638. Reference Docs
  639. </label>
  640. <ul class="md-nav__list" data-md-scrollfix>
  641. <li class="md-nav__item">
  642. <a href="../../spec/" class="md-nav__link">
  643. <span class="md-ellipsis">
  644. API specification
  645. </span>
  646. </a>
  647. </li>
  648. <li class="md-nav__item">
  649. <a href="../../controller-options/" class="md-nav__link">
  650. <span class="md-ellipsis">
  651. Controller Options
  652. </span>
  653. </a>
  654. </li>
  655. <li class="md-nav__item">
  656. <a href="../../metrics/" class="md-nav__link">
  657. <span class="md-ellipsis">
  658. Metrics
  659. </span>
  660. </a>
  661. </li>
  662. <li class="md-nav__item">
  663. <a href="../../selectable-fields/" class="md-nav__link">
  664. <span class="md-ellipsis">
  665. Selectable Fields
  666. </span>
  667. </a>
  668. </li>
  669. </ul>
  670. </nav>
  671. </li>
  672. </ul>
  673. </nav>
  674. </li>
  675. <li class="md-nav__item md-nav__item--nested">
  676. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_3" >
  677. <label class="md-nav__link" for="__nav_3" id="__nav_3_label" tabindex="0">
  678. <span class="md-ellipsis">
  679. Guides
  680. </span>
  681. <span class="md-nav__icon md-icon"></span>
  682. </label>
  683. <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_3_label" aria-expanded="false">
  684. <label class="md-nav__title" for="__nav_3">
  685. <span class="md-nav__icon md-icon"></span>
  686. Guides
  687. </label>
  688. <ul class="md-nav__list" data-md-scrollfix>
  689. <li class="md-nav__item">
  690. <a href="../../../guides/introduction/" class="md-nav__link">
  691. <span class="md-ellipsis">
  692. Introduction
  693. </span>
  694. </a>
  695. </li>
  696. <li class="md-nav__item md-nav__item--nested">
  697. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_3_2" >
  698. <label class="md-nav__link" for="__nav_3_2" id="__nav_3_2_label" tabindex="0">
  699. <span class="md-ellipsis">
  700. External Secrets
  701. </span>
  702. <span class="md-nav__icon md-icon"></span>
  703. </label>
  704. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_2_label" aria-expanded="false">
  705. <label class="md-nav__title" for="__nav_3_2">
  706. <span class="md-nav__icon md-icon"></span>
  707. External Secrets
  708. </label>
  709. <ul class="md-nav__list" data-md-scrollfix>
  710. <li class="md-nav__item">
  711. <a href="../../../guides/all-keys-one-secret/" class="md-nav__link">
  712. <span class="md-ellipsis">
  713. Extract structured data
  714. </span>
  715. </a>
  716. </li>
  717. <li class="md-nav__item">
  718. <a href="../../../guides/getallsecrets/" class="md-nav__link">
  719. <span class="md-ellipsis">
  720. Find Secrets by Name or Metadata
  721. </span>
  722. </a>
  723. </li>
  724. <li class="md-nav__item">
  725. <a href="../../../guides/datafrom-rewrite/" class="md-nav__link">
  726. <span class="md-ellipsis">
  727. Rewriting Keys
  728. </span>
  729. </a>
  730. </li>
  731. <li class="md-nav__item md-nav__item--nested">
  732. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_3_2_4" >
  733. <label class="md-nav__link" for="__nav_3_2_4" id="__nav_3_2_4_label" tabindex="0">
  734. <span class="md-ellipsis">
  735. Advanced Templating
  736. </span>
  737. <span class="md-nav__icon md-icon"></span>
  738. </label>
  739. <nav class="md-nav" data-md-level="3" aria-labelledby="__nav_3_2_4_label" aria-expanded="false">
  740. <label class="md-nav__title" for="__nav_3_2_4">
  741. <span class="md-nav__icon md-icon"></span>
  742. Advanced Templating
  743. </label>
  744. <ul class="md-nav__list" data-md-scrollfix>
  745. <li class="md-nav__item">
  746. <a href="../../../guides/templating/" class="md-nav__link">
  747. <span class="md-ellipsis">
  748. v2
  749. </span>
  750. </a>
  751. </li>
  752. <li class="md-nav__item">
  753. <a href="../../../guides/templating-v1/" class="md-nav__link">
  754. <span class="md-ellipsis">
  755. v1
  756. </span>
  757. </a>
  758. </li>
  759. </ul>
  760. </nav>
  761. </li>
  762. <li class="md-nav__item">
  763. <a href="../../../guides/common-k8s-secret-types/" class="md-nav__link">
  764. <span class="md-ellipsis">
  765. Kubernetes Secret Types
  766. </span>
  767. </a>
  768. </li>
  769. <li class="md-nav__item">
  770. <a href="../../../guides/ownership-deletion-policy/" class="md-nav__link">
  771. <span class="md-ellipsis">
  772. Lifecycle: ownership & deletion
  773. </span>
  774. </a>
  775. </li>
  776. <li class="md-nav__item">
  777. <a href="../../../guides/decoding-strategy/" class="md-nav__link">
  778. <span class="md-ellipsis">
  779. Decoding Strategies
  780. </span>
  781. </a>
  782. </li>
  783. <li class="md-nav__item">
  784. <a href="../../../guides/controller-class/" class="md-nav__link">
  785. <span class="md-ellipsis">
  786. Controller Classes
  787. </span>
  788. </a>
  789. </li>
  790. </ul>
  791. </nav>
  792. </li>
  793. <li class="md-nav__item">
  794. <a href="../../../guides/targeting-custom-resources/" class="md-nav__link">
  795. <span class="md-ellipsis">
  796. Targeting Custom Resources
  797. </span>
  798. </a>
  799. </li>
  800. <li class="md-nav__item">
  801. <a href="../../../guides/generator/" class="md-nav__link">
  802. <span class="md-ellipsis">
  803. Generators
  804. </span>
  805. </a>
  806. </li>
  807. <li class="md-nav__item">
  808. <a href="../../../guides/pushsecrets/" class="md-nav__link">
  809. <span class="md-ellipsis">
  810. Push Secrets
  811. </span>
  812. </a>
  813. </li>
  814. <li class="md-nav__item md-nav__item--nested">
  815. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_3_6" >
  816. <label class="md-nav__link" for="__nav_3_6" id="__nav_3_6_label" tabindex="0">
  817. <span class="md-ellipsis">
  818. Operations
  819. </span>
  820. <span class="md-nav__icon md-icon"></span>
  821. </label>
  822. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_6_label" aria-expanded="false">
  823. <label class="md-nav__title" for="__nav_3_6">
  824. <span class="md-nav__icon md-icon"></span>
  825. Operations
  826. </label>
  827. <ul class="md-nav__list" data-md-scrollfix>
  828. <li class="md-nav__item">
  829. <a href="../../../guides/multi-tenancy/" class="md-nav__link">
  830. <span class="md-ellipsis">
  831. Multi Tenancy
  832. </span>
  833. </a>
  834. </li>
  835. <li class="md-nav__item">
  836. <a href="../../../guides/security-best-practices/" class="md-nav__link">
  837. <span class="md-ellipsis">
  838. Security Best Practices
  839. </span>
  840. </a>
  841. </li>
  842. <li class="md-nav__item">
  843. <a href="../../../guides/threat-model/" class="md-nav__link">
  844. <span class="md-ellipsis">
  845. Threat Model
  846. </span>
  847. </a>
  848. </li>
  849. <li class="md-nav__item">
  850. <a href="../../../guides/v1beta1/" class="md-nav__link">
  851. <span class="md-ellipsis">
  852. Upgrading to v1beta1
  853. </span>
  854. </a>
  855. </li>
  856. <li class="md-nav__item">
  857. <a href="../../../guides/using-latest-image/" class="md-nav__link">
  858. <span class="md-ellipsis">
  859. Using Latest Image
  860. </span>
  861. </a>
  862. </li>
  863. <li class="md-nav__item">
  864. <a href="../../../guides/disable-cluster-features/" class="md-nav__link">
  865. <span class="md-ellipsis">
  866. Disable Cluster Features
  867. </span>
  868. </a>
  869. </li>
  870. </ul>
  871. </nav>
  872. </li>
  873. <li class="md-nav__item md-nav__item--nested">
  874. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_3_7" >
  875. <label class="md-nav__link" for="__nav_3_7" id="__nav_3_7_label" tabindex="0">
  876. <span class="md-ellipsis">
  877. Tooling
  878. </span>
  879. <span class="md-nav__icon md-icon"></span>
  880. </label>
  881. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_7_label" aria-expanded="false">
  882. <label class="md-nav__title" for="__nav_3_7">
  883. <span class="md-nav__icon md-icon"></span>
  884. Tooling
  885. </label>
  886. <ul class="md-nav__list" data-md-scrollfix>
  887. <li class="md-nav__item">
  888. <a href="../../../guides/using-esoctl-tool/" class="md-nav__link">
  889. <span class="md-ellipsis">
  890. Using the esoctl tool
  891. </span>
  892. </a>
  893. </li>
  894. </ul>
  895. </nav>
  896. </li>
  897. </ul>
  898. </nav>
  899. </li>
  900. <li class="md-nav__item md-nav__item--nested">
  901. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_4" >
  902. <label class="md-nav__link" for="__nav_4" id="__nav_4_label" tabindex="0">
  903. <span class="md-ellipsis">
  904. Provider
  905. </span>
  906. <span class="md-nav__icon md-icon"></span>
  907. </label>
  908. <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_4_label" aria-expanded="false">
  909. <label class="md-nav__title" for="__nav_4">
  910. <span class="md-nav__icon md-icon"></span>
  911. Provider
  912. </label>
  913. <ul class="md-nav__list" data-md-scrollfix>
  914. <li class="md-nav__item">
  915. <a href="../../../provider/aws-secrets-manager/" class="md-nav__link">
  916. <span class="md-ellipsis">
  917. AWS Secrets Manager
  918. </span>
  919. </a>
  920. </li>
  921. <li class="md-nav__item">
  922. <a href="../../../provider/aws-parameter-store/" class="md-nav__link">
  923. <span class="md-ellipsis">
  924. AWS Parameter Store
  925. </span>
  926. </a>
  927. </li>
  928. <li class="md-nav__item">
  929. <a href="../../../provider/aws-access/" class="md-nav__link">
  930. <span class="md-ellipsis">
  931. AWS Access
  932. </span>
  933. </a>
  934. </li>
  935. <li class="md-nav__item">
  936. <a href="../../../provider/azure-key-vault/" class="md-nav__link">
  937. <span class="md-ellipsis">
  938. Azure Key Vault
  939. </span>
  940. </a>
  941. </li>
  942. <li class="md-nav__item">
  943. <a href="../../../provider/barbican/" class="md-nav__link">
  944. <span class="md-ellipsis">
  945. Barbican
  946. </span>
  947. </a>
  948. </li>
  949. <li class="md-nav__item">
  950. <a href="../../../provider/beyondtrust/" class="md-nav__link">
  951. <span class="md-ellipsis">
  952. BeyondTrust
  953. </span>
  954. </a>
  955. </li>
  956. <li class="md-nav__item">
  957. <a href="../../../provider/beyondtrustworkloadcredentials/" class="md-nav__link">
  958. <span class="md-ellipsis">
  959. BeyondTrust Workload Credentials
  960. </span>
  961. </a>
  962. </li>
  963. <li class="md-nav__item">
  964. <a href="../../../provider/bitwarden-secrets-manager/" class="md-nav__link">
  965. <span class="md-ellipsis">
  966. Bitwarden Secrets Manager
  967. </span>
  968. </a>
  969. </li>
  970. <li class="md-nav__item">
  971. <a href="../../../provider/chef/" class="md-nav__link">
  972. <span class="md-ellipsis">
  973. Chef
  974. </span>
  975. </a>
  976. </li>
  977. <li class="md-nav__item">
  978. <a href="../../../provider/cloudru/" class="md-nav__link">
  979. <span class="md-ellipsis">
  980. Cloud.ru Secret Manager
  981. </span>
  982. </a>
  983. </li>
  984. <li class="md-nav__item">
  985. <a href="../../../provider/conjur/" class="md-nav__link">
  986. <span class="md-ellipsis">
  987. CyberArk Conjur
  988. </span>
  989. </a>
  990. </li>
  991. <li class="md-nav__item">
  992. <a href="../../../provider/google-secrets-manager/" class="md-nav__link">
  993. <span class="md-ellipsis">
  994. Google Cloud Secret Manager
  995. </span>
  996. </a>
  997. </li>
  998. <li class="md-nav__item">
  999. <a href="../../../provider/hashicorp-vault/" class="md-nav__link">
  1000. <span class="md-ellipsis">
  1001. HashiCorp Vault
  1002. </span>
  1003. </a>
  1004. </li>
  1005. <li class="md-nav__item">
  1006. <a href="../../../provider/kubernetes/" class="md-nav__link">
  1007. <span class="md-ellipsis">
  1008. Kubernetes
  1009. </span>
  1010. </a>
  1011. </li>
  1012. <li class="md-nav__item">
  1013. <a href="../../../provider/ibm-secrets-manager/" class="md-nav__link">
  1014. <span class="md-ellipsis">
  1015. IBM Secrets Manager
  1016. </span>
  1017. </a>
  1018. </li>
  1019. <li class="md-nav__item">
  1020. <a href="../../../provider/akeyless/" class="md-nav__link">
  1021. <span class="md-ellipsis">
  1022. Akeyless
  1023. </span>
  1024. </a>
  1025. </li>
  1026. <li class="md-nav__item">
  1027. <a href="../../../provider/yandex-certificate-manager/" class="md-nav__link">
  1028. <span class="md-ellipsis">
  1029. Yandex Certificate Manager
  1030. </span>
  1031. </a>
  1032. </li>
  1033. <li class="md-nav__item">
  1034. <a href="../../../provider/yandex-lockbox/" class="md-nav__link">
  1035. <span class="md-ellipsis">
  1036. Yandex Lockbox
  1037. </span>
  1038. </a>
  1039. </li>
  1040. <li class="md-nav__item">
  1041. <a href="../../../provider/gitlab-variables/" class="md-nav__link">
  1042. <span class="md-ellipsis">
  1043. GitLab Variables
  1044. </span>
  1045. </a>
  1046. </li>
  1047. <li class="md-nav__item">
  1048. <a href="../../../provider/github/" class="md-nav__link">
  1049. <span class="md-ellipsis">
  1050. Github Actions Secrets
  1051. </span>
  1052. </a>
  1053. </li>
  1054. <li class="md-nav__item">
  1055. <a href="../../../provider/oracle-vault/" class="md-nav__link">
  1056. <span class="md-ellipsis">
  1057. Oracle Vault
  1058. </span>
  1059. </a>
  1060. </li>
  1061. <li class="md-nav__item">
  1062. <a href="../../../provider/ovhcloud/" class="md-nav__link">
  1063. <span class="md-ellipsis">
  1064. OVHcloud
  1065. </span>
  1066. </a>
  1067. </li>
  1068. <li class="md-nav__item">
  1069. <a href="../../../provider/1password-automation/" class="md-nav__link">
  1070. <span class="md-ellipsis">
  1071. 1Password Connect Server
  1072. </span>
  1073. </a>
  1074. </li>
  1075. <li class="md-nav__item">
  1076. <a href="../../../provider/1password-sdk/" class="md-nav__link">
  1077. <span class="md-ellipsis">
  1078. 1Password SDK
  1079. </span>
  1080. </a>
  1081. </li>
  1082. <li class="md-nav__item">
  1083. <a href="../../../provider/webhook/" class="md-nav__link">
  1084. <span class="md-ellipsis">
  1085. Webhook
  1086. </span>
  1087. </a>
  1088. </li>
  1089. <li class="md-nav__item">
  1090. <a href="../../../provider/fake/" class="md-nav__link">
  1091. <span class="md-ellipsis">
  1092. Fake
  1093. </span>
  1094. </a>
  1095. </li>
  1096. <li class="md-nav__item">
  1097. <a href="../../../provider/senhasegura-dsm/" class="md-nav__link">
  1098. <span class="md-ellipsis">
  1099. senhasegura DevOps Secrets Management (DSM)
  1100. </span>
  1101. </a>
  1102. </li>
  1103. <li class="md-nav__item">
  1104. <a href="../../../provider/doppler/" class="md-nav__link">
  1105. <span class="md-ellipsis">
  1106. Doppler
  1107. </span>
  1108. </a>
  1109. </li>
  1110. <li class="md-nav__item">
  1111. <a href="../../../provider/keeper-security/" class="md-nav__link">
  1112. <span class="md-ellipsis">
  1113. Keeper Security
  1114. </span>
  1115. </a>
  1116. </li>
  1117. <li class="md-nav__item">
  1118. <a href="../../../provider/cloak/" class="md-nav__link">
  1119. <span class="md-ellipsis">
  1120. Cloak End 2 End Encrypted Secrets
  1121. </span>
  1122. </a>
  1123. </li>
  1124. <li class="md-nav__item">
  1125. <a href="../../../provider/scaleway/" class="md-nav__link">
  1126. <span class="md-ellipsis">
  1127. Scaleway
  1128. </span>
  1129. </a>
  1130. </li>
  1131. <li class="md-nav__item">
  1132. <a href="../../../provider/delinea/" class="md-nav__link">
  1133. <span class="md-ellipsis">
  1134. Delinea
  1135. </span>
  1136. </a>
  1137. </li>
  1138. <li class="md-nav__item">
  1139. <a href="../../../provider/secretserver/" class="md-nav__link">
  1140. <span class="md-ellipsis">
  1141. Secret Server
  1142. </span>
  1143. </a>
  1144. </li>
  1145. <li class="md-nav__item">
  1146. <a href="../../../provider/passbolt/" class="md-nav__link">
  1147. <span class="md-ellipsis">
  1148. Passbolt
  1149. </span>
  1150. </a>
  1151. </li>
  1152. <li class="md-nav__item">
  1153. <a href="../../../provider/pulumi/" class="md-nav__link">
  1154. <span class="md-ellipsis">
  1155. Pulumi ESC
  1156. </span>
  1157. </a>
  1158. </li>
  1159. <li class="md-nav__item">
  1160. <a href="../../../provider/onboardbase/" class="md-nav__link">
  1161. <span class="md-ellipsis">
  1162. Onboardbase
  1163. </span>
  1164. </a>
  1165. </li>
  1166. <li class="md-nav__item">
  1167. <a href="../../../provider-passworddepot/" class="md-nav__link">
  1168. <span class="md-ellipsis">
  1169. Password Depot
  1170. </span>
  1171. </a>
  1172. </li>
  1173. <li class="md-nav__item">
  1174. <a href="../../../provider/fortanix/" class="md-nav__link">
  1175. <span class="md-ellipsis">
  1176. Fortanix
  1177. </span>
  1178. </a>
  1179. </li>
  1180. <li class="md-nav__item">
  1181. <a href="../../../provider/infisical/" class="md-nav__link">
  1182. <span class="md-ellipsis">
  1183. Infisical
  1184. </span>
  1185. </a>
  1186. </li>
  1187. <li class="md-nav__item">
  1188. <a href="../../../provider/previder/" class="md-nav__link">
  1189. <span class="md-ellipsis">
  1190. Previder
  1191. </span>
  1192. </a>
  1193. </li>
  1194. <li class="md-nav__item">
  1195. <a href="../../../provider/openbao/" class="md-nav__link">
  1196. <span class="md-ellipsis">
  1197. OpenBao
  1198. </span>
  1199. </a>
  1200. </li>
  1201. <li class="md-nav__item">
  1202. <a href="../../../provider/volcengine/" class="md-nav__link">
  1203. <span class="md-ellipsis">
  1204. Volcengine
  1205. </span>
  1206. </a>
  1207. </li>
  1208. <li class="md-nav__item">
  1209. <a href="../../../provider/ngrok/" class="md-nav__link">
  1210. <span class="md-ellipsis">
  1211. ngrok
  1212. </span>
  1213. </a>
  1214. </li>
  1215. <li class="md-nav__item">
  1216. <a href="../../../provider/devolutions-server/" class="md-nav__link">
  1217. <span class="md-ellipsis">
  1218. Devolutions Server
  1219. </span>
  1220. </a>
  1221. </li>
  1222. <li class="md-nav__item">
  1223. <a href="../../../provider/nebius-mysterybox/" class="md-nav__link">
  1224. <span class="md-ellipsis">
  1225. Nebius MysteryBox
  1226. </span>
  1227. </a>
  1228. </li>
  1229. </ul>
  1230. </nav>
  1231. </li>
  1232. <li class="md-nav__item md-nav__item--nested">
  1233. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_5" >
  1234. <label class="md-nav__link" for="__nav_5" id="__nav_5_label" tabindex="0">
  1235. <span class="md-ellipsis">
  1236. Examples
  1237. </span>
  1238. <span class="md-nav__icon md-icon"></span>
  1239. </label>
  1240. <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_5_label" aria-expanded="false">
  1241. <label class="md-nav__title" for="__nav_5">
  1242. <span class="md-nav__icon md-icon"></span>
  1243. Examples
  1244. </label>
  1245. <ul class="md-nav__list" data-md-scrollfix>
  1246. <li class="md-nav__item">
  1247. <a href="../../../examples/gitops-using-fluxcd/" class="md-nav__link">
  1248. <span class="md-ellipsis">
  1249. FluxCD
  1250. </span>
  1251. </a>
  1252. </li>
  1253. <li class="md-nav__item">
  1254. <a href="../../../examples/anchore-engine-credentials/" class="md-nav__link">
  1255. <span class="md-ellipsis">
  1256. Anchore Engine
  1257. </span>
  1258. </a>
  1259. </li>
  1260. <li class="md-nav__item">
  1261. <a href="../../../examples/jenkins-kubernetes-credentials/" class="md-nav__link">
  1262. <span class="md-ellipsis">
  1263. Jenkins
  1264. </span>
  1265. </a>
  1266. </li>
  1267. <li class="md-nav__item">
  1268. <a href="../../../examples/bitwarden/" class="md-nav__link">
  1269. <span class="md-ellipsis">
  1270. Bitwarden
  1271. </span>
  1272. </a>
  1273. </li>
  1274. </ul>
  1275. </nav>
  1276. </li>
  1277. <li class="md-nav__item md-nav__item--nested">
  1278. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_6" >
  1279. <label class="md-nav__link" for="__nav_6" id="__nav_6_label" tabindex="0">
  1280. <span class="md-ellipsis">
  1281. Community
  1282. </span>
  1283. <span class="md-nav__icon md-icon"></span>
  1284. </label>
  1285. <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_6_label" aria-expanded="false">
  1286. <label class="md-nav__title" for="__nav_6">
  1287. <span class="md-nav__icon md-icon"></span>
  1288. Community
  1289. </label>
  1290. <ul class="md-nav__list" data-md-scrollfix>
  1291. <li class="md-nav__item md-nav__item--nested">
  1292. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_6_1" >
  1293. <label class="md-nav__link" for="__nav_6_1" id="__nav_6_1_label" tabindex="0">
  1294. <span class="md-ellipsis">
  1295. Contributing
  1296. </span>
  1297. <span class="md-nav__icon md-icon"></span>
  1298. </label>
  1299. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_6_1_label" aria-expanded="false">
  1300. <label class="md-nav__title" for="__nav_6_1">
  1301. <span class="md-nav__icon md-icon"></span>
  1302. Contributing
  1303. </label>
  1304. <ul class="md-nav__list" data-md-scrollfix>
  1305. <li class="md-nav__item">
  1306. <a href="../../../contributing/devguide/" class="md-nav__link">
  1307. <span class="md-ellipsis">
  1308. Developer guide
  1309. </span>
  1310. </a>
  1311. </li>
  1312. <li class="md-nav__item">
  1313. <a href="../../../contributing/process/" class="md-nav__link">
  1314. <span class="md-ellipsis">
  1315. Contributing Process
  1316. </span>
  1317. </a>
  1318. </li>
  1319. <li class="md-nav__item">
  1320. <a href="../../../contributing/release/" class="md-nav__link">
  1321. <span class="md-ellipsis">
  1322. Release Process
  1323. </span>
  1324. </a>
  1325. </li>
  1326. <li class="md-nav__item">
  1327. <a href="../../../contributing/coc/" class="md-nav__link">
  1328. <span class="md-ellipsis">
  1329. Code of Conduct
  1330. </span>
  1331. </a>
  1332. </li>
  1333. <li class="md-nav__item">
  1334. <a href="../../../contributing/calendar/" class="md-nav__link">
  1335. <span class="md-ellipsis">
  1336. Community meetings calendar
  1337. </span>
  1338. </a>
  1339. </li>
  1340. <li class="md-nav__item">
  1341. <a href="../../../contributing/roadmap/" class="md-nav__link">
  1342. <span class="md-ellipsis">
  1343. Roadmap
  1344. </span>
  1345. </a>
  1346. </li>
  1347. <li class="md-nav__item">
  1348. <a href="../../../contributing/burnout-mitigation/" class="md-nav__link">
  1349. <span class="md-ellipsis">
  1350. Burnout Prevention
  1351. </span>
  1352. </a>
  1353. </li>
  1354. <li class="md-nav__item">
  1355. <a href="../../../contributing/llm-policy/" class="md-nav__link">
  1356. <span class="md-ellipsis">
  1357. LLM Policy
  1358. </span>
  1359. </a>
  1360. </li>
  1361. </ul>
  1362. </nav>
  1363. </li>
  1364. <li class="md-nav__item md-nav__item--nested">
  1365. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_6_2" >
  1366. <label class="md-nav__link" for="__nav_6_2" id="__nav_6_2_label" tabindex="0">
  1367. <span class="md-ellipsis">
  1368. External Resources
  1369. </span>
  1370. <span class="md-nav__icon md-icon"></span>
  1371. </label>
  1372. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_6_2_label" aria-expanded="false">
  1373. <label class="md-nav__title" for="__nav_6_2">
  1374. <span class="md-nav__icon md-icon"></span>
  1375. External Resources
  1376. </label>
  1377. <ul class="md-nav__list" data-md-scrollfix>
  1378. <li class="md-nav__item">
  1379. <a href="../../../eso-talks/" class="md-nav__link">
  1380. <span class="md-ellipsis">
  1381. Talks
  1382. </span>
  1383. </a>
  1384. </li>
  1385. <li class="md-nav__item">
  1386. <a href="../../../eso-demos/" class="md-nav__link">
  1387. <span class="md-ellipsis">
  1388. Demos
  1389. </span>
  1390. </a>
  1391. </li>
  1392. <li class="md-nav__item">
  1393. <a href="../../../eso-blogs/" class="md-nav__link">
  1394. <span class="md-ellipsis">
  1395. Blogs
  1396. </span>
  1397. </a>
  1398. </li>
  1399. <li class="md-nav__item">
  1400. <a href="../../../eso-tools/" class="md-nav__link">
  1401. <span class="md-ellipsis">
  1402. Tools
  1403. </span>
  1404. </a>
  1405. </li>
  1406. </ul>
  1407. </nav>
  1408. </li>
  1409. </ul>
  1410. </nav>
  1411. </li>
  1412. </ul>
  1413. </nav>
  1414. </div>
  1415. </div>
  1416. </div>
  1417. <div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
  1418. <div class="md-sidebar__scrollwrap">
  1419. <div class="md-sidebar__inner">
  1420. <nav class="md-nav md-nav--secondary" aria-label="Table of contents">
  1421. <label class="md-nav__title" for="__toc">
  1422. <span class="md-nav__icon md-icon"></span>
  1423. Table of contents
  1424. </label>
  1425. <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
  1426. <li class="md-nav__item">
  1427. <a href="#example-manifest" class="md-nav__link">
  1428. <span class="md-ellipsis">
  1429. Example manifest
  1430. </span>
  1431. </a>
  1432. </li>
  1433. <li class="md-nav__item">
  1434. <a href="#configuration" class="md-nav__link">
  1435. <span class="md-ellipsis">
  1436. Configuration
  1437. </span>
  1438. </a>
  1439. <nav class="md-nav" aria-label="Configuration">
  1440. <ul class="md-nav__list">
  1441. <li class="md-nav__item">
  1442. <a href="#folder-path" class="md-nav__link">
  1443. <span class="md-ellipsis">
  1444. Folder Path
  1445. </span>
  1446. </a>
  1447. </li>
  1448. <li class="md-nav__item">
  1449. <a href="#generated-secret-fields" class="md-nav__link">
  1450. <span class="md-ellipsis">
  1451. Generated Secret Fields
  1452. </span>
  1453. </a>
  1454. </li>
  1455. <li class="md-nav__item">
  1456. <a href="#credential-refresh-and-expiration" class="md-nav__link">
  1457. <span class="md-ellipsis">
  1458. Credential Refresh and Expiration
  1459. </span>
  1460. </a>
  1461. <nav class="md-nav" aria-label="Credential Refresh and Expiration">
  1462. <ul class="md-nav__list">
  1463. <li class="md-nav__item">
  1464. <a href="#setting-refresh-interval" class="md-nav__link">
  1465. <span class="md-ellipsis">
  1466. Setting Refresh Interval
  1467. </span>
  1468. </a>
  1469. </li>
  1470. <li class="md-nav__item">
  1471. <a href="#what-happens-if-refreshinterval-credential-expiration" class="md-nav__link">
  1472. <span class="md-ellipsis">
  1473. What happens if refreshInterval &gt; credential expiration?
  1474. </span>
  1475. </a>
  1476. </li>
  1477. <li class="md-nav__item">
  1478. <a href="#what-happens-if-refreshinterval-credential-expiration_1" class="md-nav__link">
  1479. <span class="md-ellipsis">
  1480. What happens if refreshInterval &lt;&lt; credential expiration?
  1481. </span>
  1482. </a>
  1483. </li>
  1484. </ul>
  1485. </nav>
  1486. </li>
  1487. <li class="md-nav__item">
  1488. <a href="#generator-reusability" class="md-nav__link">
  1489. <span class="md-ellipsis">
  1490. Generator Reusability
  1491. </span>
  1492. </a>
  1493. </li>
  1494. <li class="md-nav__item">
  1495. <a href="#authentication" class="md-nav__link">
  1496. <span class="md-ellipsis">
  1497. Authentication
  1498. </span>
  1499. </a>
  1500. </li>
  1501. <li class="md-nav__item">
  1502. <a href="#certificate-trust" class="md-nav__link">
  1503. <span class="md-ellipsis">
  1504. Certificate Trust
  1505. </span>
  1506. </a>
  1507. </li>
  1508. <li class="md-nav__item">
  1509. <a href="#server-configuration" class="md-nav__link">
  1510. <span class="md-ellipsis">
  1511. Server Configuration
  1512. </span>
  1513. </a>
  1514. </li>
  1515. <li class="md-nav__item">
  1516. <a href="#complete-example" class="md-nav__link">
  1517. <span class="md-ellipsis">
  1518. Complete Example
  1519. </span>
  1520. </a>
  1521. </li>
  1522. <li class="md-nav__item">
  1523. <a href="#troubleshooting" class="md-nav__link">
  1524. <span class="md-ellipsis">
  1525. Troubleshooting
  1526. </span>
  1527. </a>
  1528. <nav class="md-nav" aria-label="Troubleshooting">
  1529. <ul class="md-nav__list">
  1530. <li class="md-nav__item">
  1531. <a href="#empty-credential-fields" class="md-nav__link">
  1532. <span class="md-ellipsis">
  1533. Empty Credential Fields
  1534. </span>
  1535. </a>
  1536. </li>
  1537. <li class="md-nav__item">
  1538. <a href="#authentication-errors" class="md-nav__link">
  1539. <span class="md-ellipsis">
  1540. Authentication Errors
  1541. </span>
  1542. </a>
  1543. </li>
  1544. <li class="md-nav__item">
  1545. <a href="#timeout-errors" class="md-nav__link">
  1546. <span class="md-ellipsis">
  1547. Timeout Errors
  1548. </span>
  1549. </a>
  1550. </li>
  1551. <li class="md-nav__item">
  1552. <a href="#credential-expiration-issues" class="md-nav__link">
  1553. <span class="md-ellipsis">
  1554. Credential Expiration Issues
  1555. </span>
  1556. </a>
  1557. </li>
  1558. </ul>
  1559. </nav>
  1560. </li>
  1561. </ul>
  1562. </nav>
  1563. </li>
  1564. </ul>
  1565. </nav>
  1566. </div>
  1567. </div>
  1568. </div>
  1569. <div class="md-content" data-md-component="content">
  1570. <article class="md-content__inner md-typeset">
  1571. <h1>BeyondTrust Workload Credentials</h1>
  1572. <p>The <code>BeyondtrustWorkloadCredentialsDynamicSecret</code> Generator provides an interface to BeyondTrust Workload Credentials's
  1573. dynamic secret generation capabilities. This enables obtaining temporary, short-lived credentials.</p>
  1574. <p>Dynamic secret definitions must be created in BeyondTrust Workload Credentials before they can be
  1575. referenced by the generator. The generator calls the generation endpoint to produce fresh credentials
  1576. each time it is invoked.</p>
  1577. <p>For complete BeyondTrust Workload Credentials API documentation, see: <a href="https://docs.beyondtrust.com/bt-docs/docs/secrets-api">https://docs.beyondtrust.com/bt-docs/docs/secrets-api</a></p>
  1578. <p>Any authentication method supported by the BeyondTrust Workload Credentials provider can be used here
  1579. (<code>provider</code> block of the spec).</p>
  1580. <h2 id="example-manifest">Example manifest</h2>
  1581. <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">generators.external-secrets.io/v1alpha1</span>
  1582. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">BeyondtrustWorkloadCredentialsDynamicSecret</span>
  1583. <span class="nt">metadata</span><span class="p">:</span>
  1584. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">aws-dynamic-generator</span>
  1585. <span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets</span>
  1586. <span class="nt">spec</span><span class="p">:</span>
  1587. <span class="w"> </span><span class="nt">provider</span><span class="p">:</span>
  1588. <span class="w"> </span><span class="nt">auth</span><span class="p">:</span>
  1589. <span class="w"> </span><span class="nt">apikey</span><span class="p">:</span>
  1590. <span class="w"> </span><span class="nt">token</span><span class="p">:</span>
  1591. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">bts-api-token</span>
  1592. <span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">token</span>
  1593. <span class="w"> </span><span class="nt">server</span><span class="p">:</span>
  1594. <span class="w"> </span><span class="nt">apiUrl</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;https://api.beyondtrust.io/site&quot;</span>
  1595. <span class="w"> </span><span class="nt">siteId</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">&lt;SITE_ID&gt;</span>
  1596. <span class="w"> </span><span class="nt">folderPath</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">&lt;FOLDER_PATH&gt;</span>
  1597. </code></pre></div>
  1598. <p>Example <code>ExternalSecret</code> that references the BeyondTrust Workload Credentials generator:
  1599. <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1</span>
  1600. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
  1601. <span class="nt">metadata</span><span class="p">:</span>
  1602. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">app-aws-credentials</span>
  1603. <span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets</span>
  1604. <span class="nt">spec</span><span class="p">:</span>
  1605. <span class="w"> </span><span class="nt">refreshInterval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">5m</span>
  1606. <span class="w"> </span><span class="nt">refreshPolicy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Periodic</span>
  1607. <span class="w"> </span><span class="nt">target</span><span class="p">:</span>
  1608. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">app-aws-credentials</span>
  1609. <span class="w"> </span><span class="nt">dataFrom</span><span class="p">:</span>
  1610. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">sourceRef</span><span class="p">:</span>
  1611. <span class="w"> </span><span class="nt">generatorRef</span><span class="p">:</span>
  1612. <span class="w"> </span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">generators.external-secrets.io/v1alpha1</span>
  1613. <span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">BeyondtrustWorkloadCredentialsDynamicSecret</span>
  1614. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">aws-dynamic-generator</span>
  1615. </code></pre></div></p>
  1616. <h2 id="configuration">Configuration</h2>
  1617. <h3 id="folder-path">Folder Path</h3>
  1618. <p>The <code>folderPath</code> in the generator spec uses the format <code>{folder}/{secretName}</code>:
  1619. - <code>folder</code>: The folder containing the dynamic secret definition (e.g., <code>eso</code>)
  1620. - <code>secretName</code>: The name of the dynamic secret definition (e.g., <code>dynamic</code>)</p>
  1621. <p>For example, if your dynamic secret is stored at path <code>my/dynamic</code> in BeyondTrust Workload Credentials:</p>
  1622. <div class="highlight"><pre><span></span><code><span class="nt">spec</span><span class="p">:</span>
  1623. <span class="w"> </span><span class="nt">provider</span><span class="p">:</span>
  1624. <span class="w"> </span><span class="nt">folderPath</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;my/dynamic&quot;</span>
  1625. </code></pre></div>
  1626. <h3 id="generated-secret-fields">Generated Secret Fields</h3>
  1627. <p>The generator maps the AWS-style fields returned by the BeyondTrust Workload Credentials dynamic-secret endpoint. The target Kubernetes secret always receives <code>accessKeyId</code>, <code>secretAccessKey</code>, <code>leaseId</code>, and <code>expiration</code>, plus <code>sessionToken</code> when the response includes one:</p>
  1628. <div class="highlight"><pre><span></span><code><span class="nt">stringData</span><span class="p">:</span>
  1629. <span class="w"> </span><span class="nt">accessKeyId</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ASIAIOSFODNN7EXAMPLE</span>
  1630. <span class="w"> </span><span class="nt">secretAccessKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">wJal...YEKY</span>
  1631. <span class="w"> </span><span class="nt">sessionToken</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">IQoJ...Ek8=</span>
  1632. <span class="w"> </span><span class="nt">leaseId</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">84038398-ec0f-417d-9a0f-02494fd7d22c</span>
  1633. <span class="w"> </span><span class="nt">expiration</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2025-12-29T22:35:29Z</span>
  1634. </code></pre></div>
  1635. <p>Only these fields are populated. Dynamic-secret definitions that return a different shape are not yet mapped to additional keys.</p>
  1636. <h3 id="credential-refresh-and-expiration">Credential Refresh and Expiration</h3>
  1637. <p><strong>Important:</strong> External Secrets Operator does NOT automatically handle credential expiration/TTL from BeyondTrust Workload Credentials. The refresh is controlled solely by the <code>refreshInterval</code> specified in the ExternalSecret spec.</p>
  1638. <h4 id="setting-refresh-interval">Setting Refresh Interval</h4>
  1639. <p>You should set <code>refreshInterval</code> to <strong>less than</strong> the credential lifetime to ensure credentials are refreshed before expiration:</p>
  1640. <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1</span>
  1641. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
  1642. <span class="nt">metadata</span><span class="p">:</span>
  1643. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">aws-credentials</span>
  1644. <span class="nt">spec</span><span class="p">:</span>
  1645. <span class="w"> </span><span class="nt">refreshInterval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">45m</span><span class="w"> </span><span class="c1"># If credentials expire in 1 hour</span>
  1646. <span class="w"> </span><span class="nt">target</span><span class="p">:</span>
  1647. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">aws-temp-creds</span>
  1648. <span class="w"> </span><span class="nt">dataFrom</span><span class="p">:</span>
  1649. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">sourceRef</span><span class="p">:</span>
  1650. <span class="w"> </span><span class="nt">generatorRef</span><span class="p">:</span>
  1651. <span class="w"> </span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">generators.external-secrets.io/v1alpha1</span>
  1652. <span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">BeyondtrustWorkloadCredentialsDynamicSecret</span>
  1653. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">beyondtrustworkloadcredentials-ds</span>
  1654. </code></pre></div>
  1655. <h4 id="what-happens-if-refreshinterval-credential-expiration">What happens if refreshInterval &gt; credential expiration?</h4>
  1656. <p>Credentials will expire before being refreshed. Users will see:
  1657. - ExternalSecret status: <code>SecretSyncError</code>
  1658. - Logs/events: Authorization errors when the application tries to use expired credentials
  1659. - The application will fail to authenticate with the target service</p>
  1660. <h4 id="what-happens-if-refreshinterval-credential-expiration_1">What happens if refreshInterval &lt;&lt; credential expiration?</h4>
  1661. <p>For example, if credentials expire in 1 hour but <code>refreshInterval: 1m</code>:
  1662. - New credentials are generated every minute
  1663. - Old credentials remain valid until their expiration time
  1664. - Multiple valid credential sets may exist simultaneously
  1665. - <strong>These credentials expire automatically at their TTL in AWS</strong> (for AssumeRole credentials).</p>
  1666. <p><strong>Recommendation:</strong> Set <code>refreshInterval</code> to 75-80% of the credential lifetime. For example:
  1667. - 1-hour credentials → <code>refreshInterval: 45m</code>
  1668. - 12-hour credentials → <code>refreshInterval: 9h</code>
  1669. - 24-hour credentials → <code>refreshInterval: 18h</code></p>
  1670. <h3 id="generator-reusability">Generator Reusability</h3>
  1671. <p>Generators are reusable Custom Resources. You can reference the same generator from multiple ExternalSecrets:</p>
  1672. <div class="highlight"><pre><span></span><code><span class="nn">---</span>
  1673. <span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1</span>
  1674. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
  1675. <span class="nt">metadata</span><span class="p">:</span>
  1676. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">app-1-aws-creds</span>
  1677. <span class="nt">spec</span><span class="p">:</span>
  1678. <span class="w"> </span><span class="nt">refreshInterval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">45m</span>
  1679. <span class="w"> </span><span class="nt">target</span><span class="p">:</span>
  1680. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">app-1-aws-credentials</span>
  1681. <span class="w"> </span><span class="nt">dataFrom</span><span class="p">:</span>
  1682. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">sourceRef</span><span class="p">:</span>
  1683. <span class="w"> </span><span class="nt">generatorRef</span><span class="p">:</span>
  1684. <span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">BeyondtrustWorkloadCredentialsDynamicSecret</span>
  1685. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">beyondtrustworkloadcredentials-ds</span>
  1686. <span class="nn">---</span>
  1687. <span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1</span>
  1688. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
  1689. <span class="nt">metadata</span><span class="p">:</span>
  1690. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">app-2-aws-creds</span>
  1691. <span class="nt">spec</span><span class="p">:</span>
  1692. <span class="w"> </span><span class="nt">refreshInterval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">45m</span>
  1693. <span class="w"> </span><span class="nt">target</span><span class="p">:</span>
  1694. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">app-2-aws-credentials</span>
  1695. <span class="w"> </span><span class="nt">dataFrom</span><span class="p">:</span>
  1696. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">sourceRef</span><span class="p">:</span>
  1697. <span class="w"> </span><span class="nt">generatorRef</span><span class="p">:</span>
  1698. <span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">BeyondtrustWorkloadCredentialsDynamicSecret</span>
  1699. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">beyondtrustworkloadcredentials-ds</span>
  1700. </code></pre></div>
  1701. <p><strong>Important:</strong> Each reference triggers a <strong>new credential generation</strong>. In the example above, <code>app-1</code> and <code>app-2</code> will receive different, independent sets of credentials.</p>
  1702. <h3 id="authentication">Authentication</h3>
  1703. <p>The generator uses the same authentication mechanism as the BeyondTrust Workload Credentials provider (API key authentication):</p>
  1704. <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">generators.external-secrets.io/v1alpha1</span>
  1705. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">BeyondtrustWorkloadCredentialsDynamicSecret</span>
  1706. <span class="nt">metadata</span><span class="p">:</span>
  1707. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">beyondtrustworkloadcredentials-ds</span>
  1708. <span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets</span>
  1709. <span class="nt">spec</span><span class="p">:</span>
  1710. <span class="w"> </span><span class="nt">provider</span><span class="p">:</span>
  1711. <span class="w"> </span><span class="nt">auth</span><span class="p">:</span>
  1712. <span class="w"> </span><span class="nt">apikey</span><span class="p">:</span>
  1713. <span class="w"> </span><span class="nt">token</span><span class="p">:</span>
  1714. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">api-token</span>
  1715. <span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">token</span>
  1716. </code></pre></div>
  1717. <p>Create the API token secret:
  1718. <div class="highlight"><pre><span></span><code>kubectl<span class="w"> </span>create<span class="w"> </span>secret<span class="w"> </span>generic<span class="w"> </span>api-token<span class="w"> </span><span class="se">\</span>
  1719. <span class="w"> </span>--from-literal<span class="o">=</span><span class="nv">token</span><span class="o">=</span>&lt;YOUR_API_TOKEN&gt;<span class="w"> </span><span class="se">\</span>
  1720. <span class="w"> </span>-n<span class="w"> </span>external-secrets
  1721. </code></pre></div></p>
  1722. <h3 id="certificate-trust">Certificate Trust</h3>
  1723. <p>If using self-signed certificates, configure trust using <code>caProvider</code>:</p>
  1724. <div class="highlight"><pre><span></span><code><span class="nt">spec</span><span class="p">:</span>
  1725. <span class="w"> </span><span class="nt">provider</span><span class="p">:</span>
  1726. <span class="w"> </span><span class="c1"># ... other config ...</span>
  1727. <span class="w"> </span><span class="nt">caProvider</span><span class="p">:</span>
  1728. <span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Secret</span>
  1729. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-ca-bundle</span>
  1730. <span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ca.crt</span>
  1731. </code></pre></div>
  1732. <p>Create the CA bundle secret:
  1733. <div class="highlight"><pre><span></span><code>kubectl<span class="w"> </span>create<span class="w"> </span>secret<span class="w"> </span>generic<span class="w"> </span>my-ca-bundle<span class="w"> </span><span class="se">\</span>
  1734. <span class="w"> </span>--from-file<span class="o">=</span>ca.crt<span class="o">=</span><span class="s2">&quot;/path/to/ca.crt&quot;</span><span class="w"> </span><span class="se">\</span>
  1735. <span class="w"> </span>-n<span class="w"> </span>external-secrets
  1736. </code></pre></div></p>
  1737. <h3 id="server-configuration">Server Configuration</h3>
  1738. <p>Configure the BeyondTrust Workload Credentials API endpoint:</p>
  1739. <div class="highlight"><pre><span></span><code><span class="nt">spec</span><span class="p">:</span>
  1740. <span class="w"> </span><span class="nt">provider</span><span class="p">:</span>
  1741. <span class="w"> </span><span class="nt">server</span><span class="p">:</span>
  1742. <span class="w"> </span><span class="nt">apiUrl</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;https://api.beyondtrust.io/site&quot;</span>
  1743. <span class="w"> </span><span class="nt">siteId</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;a1b2c3d4-e5f6-7890-abcd-ef1234567890&quot;</span>
  1744. </code></pre></div>
  1745. <ul>
  1746. <li><code>apiUrl</code>: The base URL of your BeyondTrust Workload Credentials API</li>
  1747. <li><code>siteId</code>: Your BeyondTrust site identifier (UUID format)</li>
  1748. </ul>
  1749. <h3 id="complete-example">Complete Example</h3>
  1750. <p>Here's a complete example for AWS dynamic credentials:</p>
  1751. <ol>
  1752. <li>
  1753. <p>Create the API token and CA bundle secrets:
  1754. <div class="highlight"><pre><span></span><code>kubectl<span class="w"> </span>create<span class="w"> </span>secret<span class="w"> </span>generic<span class="w"> </span>api-token<span class="w"> </span><span class="se">\</span>
  1755. <span class="w"> </span>--from-literal<span class="o">=</span><span class="nv">token</span><span class="o">=</span>&lt;YOUR_API_TOKEN&gt;<span class="w"> </span><span class="se">\</span>
  1756. <span class="w"> </span>-n<span class="w"> </span>external-secrets
  1757. kubectl<span class="w"> </span>create<span class="w"> </span>secret<span class="w"> </span>generic<span class="w"> </span>my-ca-bundle<span class="w"> </span><span class="se">\</span>
  1758. <span class="w"> </span>--from-file<span class="o">=</span>ca.crt<span class="o">=</span><span class="s2">&quot;/path/to/ca.crt&quot;</span><span class="w"> </span><span class="se">\</span>
  1759. <span class="w"> </span>-n<span class="w"> </span>external-secrets
  1760. </code></pre></div></p>
  1761. </li>
  1762. <li>
  1763. <p>Create the generator:
  1764. <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">generators.external-secrets.io/v1alpha1</span>
  1765. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">BeyondtrustWorkloadCredentialsDynamicSecret</span>
  1766. <span class="nt">metadata</span><span class="p">:</span>
  1767. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">aws-dynamic-generator</span>
  1768. <span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets</span>
  1769. <span class="nt">spec</span><span class="p">:</span>
  1770. <span class="w"> </span><span class="nt">provider</span><span class="p">:</span>
  1771. <span class="w"> </span><span class="nt">auth</span><span class="p">:</span>
  1772. <span class="w"> </span><span class="nt">apikey</span><span class="p">:</span>
  1773. <span class="w"> </span><span class="nt">token</span><span class="p">:</span>
  1774. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">api-token</span>
  1775. <span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">token</span>
  1776. <span class="w"> </span><span class="nt">server</span><span class="p">:</span>
  1777. <span class="w"> </span><span class="nt">apiUrl</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;https://api.beyondtrust.io/site&quot;</span>
  1778. <span class="w"> </span><span class="nt">siteId</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;a1b2c3d4-e5f6-7890-abcd-ef1234567890&quot;</span>
  1779. <span class="w"> </span><span class="nt">folderPath</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;production/aws-temp&quot;</span>
  1780. </code></pre></div></p>
  1781. </li>
  1782. <li>
  1783. <p>Create an ExternalSecret that uses the generator:
  1784. <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1</span>
  1785. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
  1786. <span class="nt">metadata</span><span class="p">:</span>
  1787. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">app-aws-credentials</span>
  1788. <span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets</span>
  1789. <span class="nt">spec</span><span class="p">:</span>
  1790. <span class="w"> </span><span class="nt">refreshInterval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">45m</span><span class="w"> </span><span class="c1"># Refresh before 1-hour expiration</span>
  1791. <span class="w"> </span><span class="nt">target</span><span class="p">:</span>
  1792. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">aws-temp-credentials</span>
  1793. <span class="w"> </span><span class="nt">creationPolicy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Owner</span>
  1794. <span class="w"> </span><span class="nt">dataFrom</span><span class="p">:</span>
  1795. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">sourceRef</span><span class="p">:</span>
  1796. <span class="w"> </span><span class="nt">generatorRef</span><span class="p">:</span>
  1797. <span class="w"> </span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">generators.external-secrets.io/v1alpha1</span>
  1798. <span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">BeyondtrustWorkloadCredentialsDynamicSecret</span>
  1799. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">aws-dynamic-generator</span>
  1800. </code></pre></div></p>
  1801. </li>
  1802. <li>
  1803. <p>The resulting Kubernetes secret will contain:
  1804. <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v1</span>
  1805. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Secret</span>
  1806. <span class="nt">metadata</span><span class="p">:</span>
  1807. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">aws-temp-credentials</span>
  1808. <span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets</span>
  1809. <span class="nt">data</span><span class="p">:</span>
  1810. <span class="w"> </span><span class="nt">accessKeyId</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">QVNJ...R04=</span>
  1811. <span class="w"> </span><span class="nt">secretAccessKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Z3dk...WFk=</span>
  1812. <span class="w"> </span><span class="nt">sessionToken</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SVFv...Ek8=</span>
  1813. <span class="w"> </span><span class="nt">leaseId</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">NTdk...Nm1j</span>
  1814. <span class="w"> </span><span class="nt">expiration</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">MjAy...OVo=</span>
  1815. </code></pre></div></p>
  1816. </li>
  1817. </ol>
  1818. <h3 id="troubleshooting">Troubleshooting</h3>
  1819. <h4 id="empty-credential-fields">Empty Credential Fields</h4>
  1820. <p>If the generated secret has empty values:
  1821. 1. Verify the dynamic secret exists in BeyondTrust Workload Credentials at the specified path
  1822. 2. Check the API token has permissions to generate credentials
  1823. 3. Verify the <code>folderPath</code> format is correct (<code>folder/secretName</code>)
  1824. 4. Check controller logs: <code>kubectl logs -l app.kubernetes.io/name=external-secrets -n external-secrets</code></p>
  1825. <h4 id="authentication-errors">Authentication Errors</h4>
  1826. <p>If you see 403/401 errors:
  1827. 1. Verify the API token is valid and not expired
  1828. 2. Check the token has <code>generate</code> permissions for the dynamic secret
  1829. 3. Ensure the <code>caProvider</code> or <code>caBundle</code> is configured correctly if using self-signed certificates</p>
  1830. <h4 id="timeout-errors">Timeout Errors</h4>
  1831. <p>If credential generation times out:
  1832. 1. Check network connectivity from the cluster to BeyondTrust Workload Credentials API
  1833. 2. Verify the API endpoint is responsive
  1834. 3. Check if there are firewall rules blocking the connection</p>
  1835. <h4 id="credential-expiration-issues">Credential Expiration Issues</h4>
  1836. <p>If applications report authentication failures:
  1837. 1. Check if <code>refreshInterval</code> is greater than credential lifetime
  1838. 2. Review the <code>expiration</code> field in the secret to see when credentials expire
  1839. 3. Adjust <code>refreshInterval</code> to be 75-80% of the credential lifetime
  1840. 4. Check ExternalSecret status: <code>kubectl describe externalsecret &lt;name&gt; -n &lt;namespace&gt;</code></p>
  1841. </article>
  1842. </div>
  1843. <script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
  1844. </div>
  1845. </main>
  1846. <img referrerpolicy="no-referrer-when-downgrade"
  1847. src="https://static.scarf.sh/a.png?x-pxid=6658a9eb-067d-49f1-94f2-b8b00f21451e" alt=""
  1848. hidden />
  1849. <footer class="md-footer">
  1850. <div class="md-footer-meta md-typeset">
  1851. <div class="md-footer-meta__inner md-grid">
  1852. <div class="md-copyright">
  1853. <div class="md-copyright__highlight">
  1854. &copy; 2025 The external-secrets Authors.<br/>
  1855. &copy; 2025 The Linux Foundation. All rights reserved.<br/><br/>
  1856. The Linux Foundation has registered trademarks and uses trademarks.<br/>
  1857. For a list of trademarks of The Linux Foundation, please see our <a href="https://www.linuxfoundation.org/trademark-usage/">Trademark Usage page</a>.
  1858. </div>
  1859. Made with
  1860. <a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
  1861. Material for MkDocs
  1862. </a>
  1863. </div>
  1864. </div>
  1865. </div>
  1866. </footer>
  1867. </div>
  1868. <div class="md-dialog" data-md-component="dialog">
  1869. <div class="md-dialog__inner md-typeset"></div>
  1870. </div>
  1871. <script id="__config" type="application/json">{"annotate": null, "base": "../../..", "features": ["navigation.tabs", "navigation.indexes", "navigation.expand"], "search": "../../../assets/javascripts/workers/search.2c215733.min.js", "tags": null, "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}, "version": {"provider": "mike"}}</script>
  1872. <script src="../../../assets/javascripts/bundle.79ae519e.min.js"></script>
  1873. </body>
  1874. </html>