logic855/helm-external-secrets @ 8d037d197c88eeb9c4fe489e906c9cb3ab9ee6af

Tree: 8d037d197c

IdanAdar-patch-1

Switch-UBI-to-go-toolset-as-base-image

aws-iam-anywhere

aws-metadata

beach-team

beach-team-fix/beach-team-pipeline

beach/fix-fake-provider

beach/keyvault-set-secret

bh.ss

broken-link

bump/0.8.13

bunp-helm-chart

chart/certcontroller-partial-cache

chore/bump-0.9.2-branch

chore/bump-controller-runtime

chore/refactor-aws-auth

chore/standardize-vault-auth-paths

chore/update-readme-with-vision

cleanup-keys-when-using-template

coderabbitai/docstrings/17d3e22

conversion-webhook-debug

copilot/fix-code-scanning-alerts

copilot/fix-license-header-typographical-errors

copilot/sub-pr-6021

dependabot/go_modules/github.com/onsi/ginkgo-1.15.1

dependabot/go_modules/sigs.k8s.io/controller-runtime-0.8.3

design/decoding-strategy

dev/jsauvain/plugin_ovh_provider

docs/demo-of-devops-toolkit

e2e-test-run

feat/add-log-values-to-helm-chart

feature/aws-getallsecrets

feature/aws-getallsecrets-trim-root-path

feature/configure-promethues-target-port

feature/custom-cert-secret

feature/gcp-referent-auth

feature/keyvault-deletion-policy

feature/new-provider-structure

fix-infisical-404

fix-test

fix/e2e

fix/gcp-issues

fix/kubernetes-access-review-strategy

fix/vault-lint

fix/vault-not-handling-json-values

gc-fix-update-readme

gc/design/gen-secretstore-v2

gc/fix/ibm

gc/fix/v015.1

gc/rollback-0.15.1

gh-pages

gh-pages-dev

gitlab-validation-refactors

gusfcarvalho-patch-1

main

mj-add-generator

mj-aws-v2-parameterstore-e2e

mj-bump-ubiimg

mj-bumps

mj-design-oopp

mj-e2e-managed-aws-tf

mj-expose-admission-warnings

mj-fix-aws-genereator-auth-cache

mj-fix-dashboard

mj-fix-reko

mj-fix-vault-ref-spec

mj-go-mod

mj-provider-mod

mj-pushsecret-generator-state

mj-test-gcp-m

mj-test-mgmt

mj-v2-poc

mj-v2-poc-rebased

poc-workflow

pr-5527

predicate-watch-fix

promote-chart-0.9.11

release-0.10.3-helm-charts

release-0.10.4-helm-charts

release-0.6

release-0.7

release-0.8

release-0.9

release-branch-test-1

release-chart-v0.10.5

release-chart-v0.15.0

release-chart-v0.15.0-2

release-chart-v0.15.0-3

release-helm-2.2.0

release-helm-chart-v0.10.5

release-helm-chart-v0.16.1

release-helm-chart-v0.16.2

release-helm-chart-v0.17.0

release-helm-chart-v0.18.1

release-helm-chart-v0.18.2

release-helm-chart-v0.19.0

release-helm-chart-v0.19.1

release-helm-chart-v0.20.1

release-helm-chart-v0.20.1-2

release-helm-chart-v0.20.1-3

release-helm-chart-v0.20.2

release-helm-chart-v0.20.3

release-helm-chart-v0.20.3-2

release-helm-chart-v0.20.4

release-helm-chart-v1.0.0

release-helm-chart-v1.1.0

release-notes-0.18.0

release-v0.10.6-helm-chart

release-v0.10.6-helm-chart-docs

release-v0.10.7

release-v0.11.0-charts

release-v0.12.1-charts

release-v0.13.0-charts

release-v0.13.0-charts-2

release-v0.14.0-charts

release-v0.14.2-charts

release-v0.14.3-charts

release-v0.14.3-charts-2

release-v0.14.4

revert-662-revert-613-getall-Secrets

sonar-dispatch

test-ca-cert-trouble

test-e2e-no-fork-2

test-e2e-run

test-infra

test-non-fork-e2e-test

update-deps-1679516143

update-deps-1679516914

update-deps-1679517123

update-deps-1679518009

update-deps-1679519068

update-deps-1679520715

update-deps-1679521323

update-deps-1679522475

update-deps-1679524823

update-deps-1679526149

update-deps-1679526150

update-deps-1684144987

update-deps-1684144991

update-deps-1684749783

update-deps-1684749784

update-deps-1685354595

update-deps-1685354598

update-deps-1685959386

update-deps-1685959389

update-deps-1686564186

update-deps-1686564187

update-deps-1687168984

update-deps-1688983412

update-deps-1689588212

update-deps-1689588216

update-deps-1689588218

update-deps-1690192998

update-deps-1690192999

update-deps-1690193006

update-deps-1690797787

update-deps-1690797790

update-deps-1690797793

update-deps-1691402717

update-deps-1692612193

update-deps-1692612200

update-deps-1698660199

update-deps-1699265013

update-deps-1699869789

update-deps-1702893806

update-deps-1703498593

update-deps-1704103390

update-deps-1705313002

update-deps-1705313003

update-deps-1707127435

update-deps-1708337007

update-deps-1708941785

update-deps-1709548582

update-deps-1711361006

update-deps-1728295726

update-deps-1728900214

update-deps-1729505043

update-deps-1730714625

update-deps-1731319410

update-deps-1731924224

update-deps-1733738623

update-deps-1734343423

update-deps-1734948213

update-deps-1735553019

update-deps-1735553021

update-deps-1736157834

update-deps-1736762637

update-deps-1737367411

update-deps-1737367413

update-deps-1737972215

update-deps-1738577008

update-deps-1739181819

update-deps-1739786702

update-deps-1740391424

update-deps-1740996509

update-deps-1741601012

update-deps-1742205840

update-deps-1742810656

update-deps-1744021399

update-deps-1745229858

update-deps-1745836636

update-deps-1746439470

update-deps-1747044270

update-deps-1747649082

update-deps-1748254077

update-deps-1748858663

update-deps-1749463460

update-deps-1750068277

update-deps-1750673073

update-deps-1751277848

update-deps-1751882658

update-deps-1752487463

update-deps-1753092271

update-deps-1753697066

update-deps-1754301928

update-deps-1754906674

update-deps-1755511479

update-deps-1755511483

update-deps-1756116259

update-deps-1762164298

update-deps-1770632590

update-deps-1774261326

update-helm-chart-v0.14.2

update-ibm-docs

update-vault-api

validate-secret-store-gitlab

validate-store-oracle

STSSessionToken uses the GetSessionToken API to retrieve a temporary session token.

Output Keys and Values

Key	Description
access_key_id	The access key ID that identifies the temporary security credentials.
secret_access_key	The secret access key that can be used to sign requests.
session_token	The token that users must pass to the service API to use the temporary credentials.
expiration	The date on which the current credentials expire.

Authentication

You can choose from three authentication mechanisms:

static credentials using spec.auth.secretRef
point to a IRSA Service Account with spec.auth.jwt
use credentials from the SDK default credentials chain from the controller environment

Request Parameters

Following request parameters can be provided:

duration seconds -> can specify the TTL of the generated token
serial number -> define the serial number of the MFA device used by the user
token code -> possible code generated by the above referenced MFA device

Example Manifest

{% include 'generator-sts.yaml' %}

Example ExternalSecret that references the STS Session Token generator:

{% include 'generator-sts-example.yaml' %}

sts.md 1.6 KB History Raw

Output Keys and Values

Authentication

Request Parameters

Example Manifest

sts.md 1.6 KB

History Raw