helm-external-secrets/site/provider-ibm-secrets-manager/index.html

<!doctype html>
<html lang="en" class="no-js">
  <head>
    
      <meta charset="utf-8">
      <meta name="viewport" content="width=device-width,initial-scale=1">
      
      
      
      
      <link rel="icon" href="../assets/images/favicon.png">
      <meta name="generator" content="mkdocs-1.1, mkdocs-material-7.1.8">
    
    
      
        <title>Secrets Manager - External Secrets Operator</title>
      
    
    
      <link rel="stylesheet" href="../assets/stylesheets/main.ca7ac06f.min.css">
      
        
        <link rel="stylesheet" href="../assets/stylesheets/palette.f1a3b89f.min.css">
        
      
    
    
    
      
        
        <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
        <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback">
        <style>:root{--md-text-font-family:"Roboto";--md-code-font-family:"Roboto Mono"}</style>
      
    
    
    
    
      

  


  

  


  <script>function gtag(){dataLayer.push(arguments)}window.dataLayer=window.dataLayer||[],gtag("js",new Date),gtag("config","G-QP38TD8K7V"),document.addEventListener("DOMContentLoaded",function(){"undefined"!=typeof location$&&location$.subscribe(function(t){gtag("config","G-QP38TD8K7V",{page_path:t.pathname})})})</script>
  <script async src="https://www.googletagmanager.com/gtag/js?id=G-QP38TD8K7V"></script>


    
    
  </head>
  
  
    
    
    
    
    
    <body dir="ltr" data-md-color-scheme="" data-md-color-primary="none" data-md-color-accent="none">
  
    
    <script>function __prefix(e){return new URL("..",location).pathname+"."+e}function __get(e,t=localStorage){return JSON.parse(t.getItem(__prefix(e)))}</script>
    
    <input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
    <input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
    <label class="md-overlay" for="__drawer"></label>
    <div data-md-component="skip">
      
        
        <a href="#ibm-cloud-secret-manager" class="md-skip">
          Skip to content
        </a>
      
    </div>
    <div data-md-component="announce">
      
    </div>
    
      <header class="md-header" data-md-component="header">
  <nav class="md-header__inner md-grid" aria-label="Header">
    <a href=".." title="External Secrets Operator" class="md-header__button md-logo" aria-label="External Secrets Operator" data-md-component="logo">
      
  
  <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54z"/></svg>

    </a>
    <label class="md-header__button md-icon" for="__drawer">
      <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2z"/></svg>
    </label>
    <div class="md-header__title" data-md-component="header-title">
      <div class="md-header__ellipsis">
        <div class="md-header__topic">
          <span class="md-ellipsis">
            External Secrets Operator
          </span>
        </div>
        <div class="md-header__topic" data-md-component="header-topic">
          <span class="md-ellipsis">
            
              Secrets Manager
            
          </span>
        </div>
      </div>
    </div>
    
    
    
      <label class="md-header__button md-icon" for="__search">
        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z"/></svg>
      </label>
      
<div class="md-search" data-md-component="search" role="dialog">
  <label class="md-search__overlay" for="__search"></label>
  <div class="md-search__inner" role="search">
    <form class="md-search__form" name="search">
      <input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" data-md-state="active" required>
      <label class="md-search__icon md-icon" for="__search">
        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z"/></svg>
        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg>
      </label>
      <button type="reset" class="md-search__icon md-icon" aria-label="Clear" tabindex="-1">
        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41z"/></svg>
      </button>
    </form>
    <div class="md-search__output">
      <div class="md-search__scrollwrap" data-md-scrollfix>
        <div class="md-search-result" data-md-component="search-result">
          <div class="md-search-result__meta">
            Initializing search
          </div>
          <ol class="md-search-result__list"></ol>
        </div>
      </div>
    </div>
  </div>
</div>
    
    
      <div class="md-header__source">
        
<a href="https://github.com/external-secrets/external-secrets/" title="Go to repository" class="md-source" data-md-component="source">
  <div class="md-source__icon md-icon">
    
    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z"/></svg>
  </div>
  <div class="md-source__repository">
    External Secrets Operator
  </div>
</a>
      </div>
    
  </nav>
</header>
    
    <div class="md-container" data-md-component="container">
      
      
        
      
      <main class="md-main" data-md-component="main">
        <div class="md-main__inner md-grid">
          
            
              
              <div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
                <div class="md-sidebar__scrollwrap">
                  <div class="md-sidebar__inner">
                    


<nav class="md-nav md-nav--primary" aria-label="Navigation" data-md-level="0">
  <label class="md-nav__title" for="__drawer">
    <a href=".." title="External Secrets Operator" class="md-nav__button md-logo" aria-label="External Secrets Operator" data-md-component="logo">
      
  
  <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54z"/></svg>

    </a>
    External Secrets Operator
  </label>
  
    <div class="md-nav__source">
      
<a href="https://github.com/external-secrets/external-secrets/" title="Go to repository" class="md-source" data-md-component="source">
  <div class="md-source__icon md-icon">
    
    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z"/></svg>
  </div>
  <div class="md-source__repository">
    External Secrets Operator
  </div>
</a>
    </div>
  
  <ul class="md-nav__list" data-md-scrollfix>
    
      
      
      

  
  
  
    <li class="md-nav__item">
      <a href=".." class="md-nav__link">
        Introduction
      </a>
    </li>
  

    
      
      
      

  
  
  
    <li class="md-nav__item">
      <a href="../api-overview/" class="md-nav__link">
        Overview
      </a>
    </li>
  

    
      
      
      

  
  
  
    
    <li class="md-nav__item md-nav__item--nested">
      
      
        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3" type="checkbox" id="__nav_3" >
      
      <label class="md-nav__link" for="__nav_3">
        API Types
        <span class="md-nav__icon md-icon"></span>
      </label>
      <nav class="md-nav" aria-label="API Types" data-md-level="1">
        <label class="md-nav__title" for="__nav_3">
          <span class="md-nav__icon md-icon"></span>
          API Types
        </label>
        <ul class="md-nav__list" data-md-scrollfix>
          
            
  
  
  
    <li class="md-nav__item">
      <a href="../api-externalsecret/" class="md-nav__link">
        ExternalSecret
      </a>
    </li>
  

          
            
  
  
  
    <li class="md-nav__item">
      <a href="../api-secretstore/" class="md-nav__link">
        SecretStore
      </a>
    </li>
  

          
            
  
  
  
    <li class="md-nav__item">
      <a href="../api-clustersecretstore/" class="md-nav__link">
        ClusterSecretStore
      </a>
    </li>
  

          
        </ul>
      </nav>
    </li>
  

    
      
      
      

  
  
  
    
    <li class="md-nav__item md-nav__item--nested">
      
      
        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_4" type="checkbox" id="__nav_4" >
      
      <label class="md-nav__link" for="__nav_4">
        Guides
        <span class="md-nav__icon md-icon"></span>
      </label>
      <nav class="md-nav" aria-label="Guides" data-md-level="1">
        <label class="md-nav__title" for="__nav_4">
          <span class="md-nav__icon md-icon"></span>
          Guides
        </label>
        <ul class="md-nav__list" data-md-scrollfix>
          
            
  
  
  
    <li class="md-nav__item">
      <a href="../guides-introduction/" class="md-nav__link">
        Introduction
      </a>
    </li>
  

          
            
  
  
  
    <li class="md-nav__item">
      <a href="../guides-getting-started/" class="md-nav__link">
        Getting started
      </a>
    </li>
  

          
            
  
  
  
    <li class="md-nav__item">
      <a href="../guides-templating/" class="md-nav__link">
        Advanced Templating
      </a>
    </li>
  

          
            
  
  
  
    <li class="md-nav__item">
      <a href="../guides-controller-class/" class="md-nav__link">
        Controller Classes
      </a>
    </li>
  

          
            
  
  
  
    <li class="md-nav__item">
      <a href="../guides-all-keys-one-secret/" class="md-nav__link">
        All keys, One secret
      </a>
    </li>
  

          
            
  
  
  
    <li class="md-nav__item">
      <a href="../guides-common-k8s-secret-types/" class="md-nav__link">
        Common K8S Secret Types
      </a>
    </li>
  

          
            
  
  
  
    <li class="md-nav__item">
      <a href="../guides-multi-tenancy/" class="md-nav__link">
        Multi Tenancy
      </a>
    </li>
  

          
            
  
  
  
    <li class="md-nav__item">
      <a href="../guides-metrics/" class="md-nav__link">
        Metrics
      </a>
    </li>
  

          
            
  
  
  
    <li class="md-nav__item">
      <a href="../guides-using-latest-image/" class="md-nav__link">
        Using Latest Image
      </a>
    </li>
  

          
            
  
  
  
    <li class="md-nav__item">
      <a href="../guides-gitops-using-fluxcd/" class="md-nav__link">
        GitOps using FluxCD
      </a>
    </li>
  

          
        </ul>
      </nav>
    </li>
  

    
      
      
      

  
  
    
  
  
    
    <li class="md-nav__item md-nav__item--active md-nav__item--nested">
      
      
        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_5" type="checkbox" id="__nav_5" checked>
      
      <label class="md-nav__link" for="__nav_5">
        Provider
        <span class="md-nav__icon md-icon"></span>
      </label>
      <nav class="md-nav" aria-label="Provider" data-md-level="1">
        <label class="md-nav__title" for="__nav_5">
          <span class="md-nav__icon md-icon"></span>
          Provider
        </label>
        <ul class="md-nav__list" data-md-scrollfix>
          
            
  
  
  
    
    <li class="md-nav__item md-nav__item--nested">
      
      
        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_5_1" type="checkbox" id="__nav_5_1" >
      
      <label class="md-nav__link" for="__nav_5_1">
        AWS
        <span class="md-nav__icon md-icon"></span>
      </label>
      <nav class="md-nav" aria-label="AWS" data-md-level="2">
        <label class="md-nav__title" for="__nav_5_1">
          <span class="md-nav__icon md-icon"></span>
          AWS
        </label>
        <ul class="md-nav__list" data-md-scrollfix>
          
            
  
  
  
    <li class="md-nav__item">
      <a href="../provider-aws-secrets-manager/" class="md-nav__link">
        Secrets Manager
      </a>
    </li>
  

          
            
  
  
  
    <li class="md-nav__item">
      <a href="../provider-aws-parameter-store/" class="md-nav__link">
        Parameter Store
      </a>
    </li>
  

          
        </ul>
      </nav>
    </li>
  

          
            
  
  
  
    
    <li class="md-nav__item md-nav__item--nested">
      
      
        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_5_2" type="checkbox" id="__nav_5_2" >
      
      <label class="md-nav__link" for="__nav_5_2">
        Azure
        <span class="md-nav__icon md-icon"></span>
      </label>
      <nav class="md-nav" aria-label="Azure" data-md-level="2">
        <label class="md-nav__title" for="__nav_5_2">
          <span class="md-nav__icon md-icon"></span>
          Azure
        </label>
        <ul class="md-nav__list" data-md-scrollfix>
          
            
  
  
  
    <li class="md-nav__item">
      <a href="../provider-azure-key-vault/" class="md-nav__link">
        Key Vault
      </a>
    </li>
  

          
        </ul>
      </nav>
    </li>
  

          
            
  
  
  
    
    <li class="md-nav__item md-nav__item--nested">
      
      
        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_5_3" type="checkbox" id="__nav_5_3" >
      
      <label class="md-nav__link" for="__nav_5_3">
        Google
        <span class="md-nav__icon md-icon"></span>
      </label>
      <nav class="md-nav" aria-label="Google" data-md-level="2">
        <label class="md-nav__title" for="__nav_5_3">
          <span class="md-nav__icon md-icon"></span>
          Google
        </label>
        <ul class="md-nav__list" data-md-scrollfix>
          
            
  
  
  
    <li class="md-nav__item">
      <a href="../provider-google-secrets-manager/" class="md-nav__link">
        Secrets Manager
      </a>
    </li>
  

          
        </ul>
      </nav>
    </li>
  

          
            
  
  
    
  
  
    
    <li class="md-nav__item md-nav__item--active md-nav__item--nested">
      
      
        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_5_4" type="checkbox" id="__nav_5_4" checked>
      
      <label class="md-nav__link" for="__nav_5_4">
        IBM
        <span class="md-nav__icon md-icon"></span>
      </label>
      <nav class="md-nav" aria-label="IBM" data-md-level="2">
        <label class="md-nav__title" for="__nav_5_4">
          <span class="md-nav__icon md-icon"></span>
          IBM
        </label>
        <ul class="md-nav__list" data-md-scrollfix>
          
            
  
  
    
  
  
    <li class="md-nav__item md-nav__item--active">
      
      <input class="md-nav__toggle md-toggle" data-md-toggle="toc" type="checkbox" id="__toc">
      
      
      
        <label class="md-nav__link md-nav__link--active" for="__toc">
          Secrets Manager
          <span class="md-nav__icon md-icon"></span>
        </label>
      
      <a href="./" class="md-nav__link md-nav__link--active">
        Secrets Manager
      </a>
      
        
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
  
  
  
  
    <label class="md-nav__title" for="__toc">
      <span class="md-nav__icon md-icon"></span>
      Table of contents
    </label>
    <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
      
        <li class="md-nav__item">
  <a href="#ibm-cloud-secret-manager" class="md-nav__link">
    IBM Cloud Secret Manager
  </a>
  
    <nav class="md-nav" aria-label="IBM Cloud Secret Manager">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#authentication" class="md-nav__link">
    Authentication
  </a>
  
    <nav class="md-nav" aria-label="Authentication">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#api-key-secret" class="md-nav__link">
    API key secret
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
        
          <li class="md-nav__item">
  <a href="#update-secret-store" class="md-nav__link">
    Update secret store
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#secret-types" class="md-nav__link">
    Secret Types
  </a>
  
    <nav class="md-nav" aria-label="Secret Types">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#arbitrary" class="md-nav__link">
    arbitrary
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#username_password" class="md-nav__link">
    username_password
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#iam_credentials" class="md-nav__link">
    iam_credentials
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#imported_cert" class="md-nav__link">
    imported_cert
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
        
          <li class="md-nav__item">
  <a href="#creating-external-secret" class="md-nav__link">
    Creating external secret
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#getting-the-kubernetes-secret" class="md-nav__link">
    Getting the Kubernetes secret
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
    </ul>
  
</nav>
      
    </li>
  

          
        </ul>
      </nav>
    </li>
  

          
            
  
  
  
    <li class="md-nav__item">
      <a href="../provider-akeyless/" class="md-nav__link">
        Akeyless
      </a>
    </li>
  

          
            
  
  
  
    <li class="md-nav__item">
      <a href="../provider-hashicorp-vault/" class="md-nav__link">
        HashiCorp Vault
      </a>
    </li>
  

          
            
  
  
  
    
    <li class="md-nav__item md-nav__item--nested">
      
      
        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_5_7" type="checkbox" id="__nav_5_7" >
      
      <label class="md-nav__link" for="__nav_5_7">
        Yandex
        <span class="md-nav__icon md-icon"></span>
      </label>
      <nav class="md-nav" aria-label="Yandex" data-md-level="2">
        <label class="md-nav__title" for="__nav_5_7">
          <span class="md-nav__icon md-icon"></span>
          Yandex
        </label>
        <ul class="md-nav__list" data-md-scrollfix>
          
            
  
  
  
    <li class="md-nav__item">
      <a href="../provider-yandex-lockbox/" class="md-nav__link">
        Lockbox
      </a>
    </li>
  

          
        </ul>
      </nav>
    </li>
  

          
            
  
  
  
    
    <li class="md-nav__item md-nav__item--nested">
      
      
        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_5_8" type="checkbox" id="__nav_5_8" >
      
      <label class="md-nav__link" for="__nav_5_8">
        Gitlab
        <span class="md-nav__icon md-icon"></span>
      </label>
      <nav class="md-nav" aria-label="Gitlab" data-md-level="2">
        <label class="md-nav__title" for="__nav_5_8">
          <span class="md-nav__icon md-icon"></span>
          Gitlab
        </label>
        <ul class="md-nav__list" data-md-scrollfix>
          
            
  
  
  
    <li class="md-nav__item">
      <a href="../provider-gitlab-project-variables/" class="md-nav__link">
        Gitlab Project Variables
      </a>
    </li>
  

          
        </ul>
      </nav>
    </li>
  

          
            
  
  
  
    
    <li class="md-nav__item md-nav__item--nested">
      
      
        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_5_9" type="checkbox" id="__nav_5_9" >
      
      <label class="md-nav__link" for="__nav_5_9">
        Oracle
        <span class="md-nav__icon md-icon"></span>
      </label>
      <nav class="md-nav" aria-label="Oracle" data-md-level="2">
        <label class="md-nav__title" for="__nav_5_9">
          <span class="md-nav__icon md-icon"></span>
          Oracle
        </label>
        <ul class="md-nav__list" data-md-scrollfix>
          
            
  
  
  
    <li class="md-nav__item">
      <a href="../provider-oracle-vault/" class="md-nav__link">
        Oracle Vault
      </a>
    </li>
  

          
        </ul>
      </nav>
    </li>
  

          
            
  
  
  
    <li class="md-nav__item">
      <a href="../provider-webhook/" class="md-nav__link">
        Webhook
      </a>
    </li>
  

          
        </ul>
      </nav>
    </li>
  

    
      
      
      

  
  
  
    
    <li class="md-nav__item md-nav__item--nested">
      
      
        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_6" type="checkbox" id="__nav_6" >
      
      <label class="md-nav__link" for="__nav_6">
        References
        <span class="md-nav__icon md-icon"></span>
      </label>
      <nav class="md-nav" aria-label="References" data-md-level="1">
        <label class="md-nav__title" for="__nav_6">
          <span class="md-nav__icon md-icon"></span>
          References
        </label>
        <ul class="md-nav__list" data-md-scrollfix>
          
            
  
  
  
    <li class="md-nav__item">
      <a href="../spec/" class="md-nav__link">
        API specification
      </a>
    </li>
  

          
        </ul>
      </nav>
    </li>
  

    
      
      
      

  
  
  
    
    <li class="md-nav__item md-nav__item--nested">
      
      
        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_7" type="checkbox" id="__nav_7" >
      
      <label class="md-nav__link" for="__nav_7">
        Contributing
        <span class="md-nav__icon md-icon"></span>
      </label>
      <nav class="md-nav" aria-label="Contributing" data-md-level="1">
        <label class="md-nav__title" for="__nav_7">
          <span class="md-nav__icon md-icon"></span>
          Contributing
        </label>
        <ul class="md-nav__list" data-md-scrollfix>
          
            
  
  
  
    <li class="md-nav__item">
      <a href="../contributing-devguide/" class="md-nav__link">
        Developer guide
      </a>
    </li>
  

          
            
  
  
  
    <li class="md-nav__item">
      <a href="../contributing-process/" class="md-nav__link">
        Contributing Process
      </a>
    </li>
  

          
            
  
  
  
    <li class="md-nav__item">
      <a href="../contributing-coc/" class="md-nav__link">
        Code of Conduct
      </a>
    </li>
  

          
        </ul>
      </nav>
    </li>
  

    
      
      
      

  
  
  
    <li class="md-nav__item">
      <a href="../deprecation-policy/" class="md-nav__link">
        Deprecation Policy
      </a>
    </li>
  

    
  </ul>
</nav>
                  </div>
                </div>
              </div>
            
            
              
              <div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
                <div class="md-sidebar__scrollwrap">
                  <div class="md-sidebar__inner">
                    
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
  
  
  
  
    <label class="md-nav__title" for="__toc">
      <span class="md-nav__icon md-icon"></span>
      Table of contents
    </label>
    <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
      
        <li class="md-nav__item">
  <a href="#ibm-cloud-secret-manager" class="md-nav__link">
    IBM Cloud Secret Manager
  </a>
  
    <nav class="md-nav" aria-label="IBM Cloud Secret Manager">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#authentication" class="md-nav__link">
    Authentication
  </a>
  
    <nav class="md-nav" aria-label="Authentication">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#api-key-secret" class="md-nav__link">
    API key secret
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
        
          <li class="md-nav__item">
  <a href="#update-secret-store" class="md-nav__link">
    Update secret store
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#secret-types" class="md-nav__link">
    Secret Types
  </a>
  
    <nav class="md-nav" aria-label="Secret Types">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#arbitrary" class="md-nav__link">
    arbitrary
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#username_password" class="md-nav__link">
    username_password
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#iam_credentials" class="md-nav__link">
    iam_credentials
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#imported_cert" class="md-nav__link">
    imported_cert
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
        
          <li class="md-nav__item">
  <a href="#creating-external-secret" class="md-nav__link">
    Creating external secret
  </a>
  
</li>
        
          <li class="md-nav__item">
  <a href="#getting-the-kubernetes-secret" class="md-nav__link">
    Getting the Kubernetes secret
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
    </ul>
  
</nav>
                  </div>
                </div>
              </div>
            
          
          <div class="md-content" data-md-component="content">
            <article class="md-content__inner md-typeset">
              
                
                  <a href="https://github.com/external-secrets/external-secrets/edit/master/docs/provider-ibm-secrets-manager.md" title="Edit this page" class="md-content__button md-icon">
                    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20.71 7.04c.39-.39.39-1.04 0-1.41l-2.34-2.34c-.37-.39-1.02-.39-1.41 0l-1.84 1.83 3.75 3.75M3 17.25V21h3.75L17.81 9.93l-3.75-3.75L3 17.25z"/></svg>
                  </a>
                
                
                  <h1>Secrets Manager</h1>
                
                <h2 id="ibm-cloud-secret-manager">IBM Cloud Secret Manager</h2>
<p>External Secrets Operator integrates with <a href="https://www.ibm.com/cloud/secrets-manager">IBM Secret Manager</a> for secret management.</p>
<h3 id="authentication">Authentication</h3>
<p>At the moment, we only support API key authentication for this provider. To generate your key (for test purposes we are going to generate from your user), first got to your (Access IAM) page:</p>
<p><img alt="iam" src="../pictures/screenshot_api_keys_iam.png" /></p>
<p>On the left, click "IBM Cloud API Keys":</p>
<p><img alt="iam-left" src="../pictures/screenshot_api_keys_iam_left.png" /></p>
<p>Press "Create an IBM Cloud API Key":</p>
<p><img alt="iam-create-button" src="../pictures/screenshot_api_keys_create_button.png" /></p>
<p>Pick a name and description for your key:</p>
<p><img alt="iam-create-key" src="../pictures/screenshot_api_keys_create.png" /></p>
<p>You have created a key. Press the eyeball to show the key. Copy or save it because keys can't be displayed or downloaded twice.</p>
<p><img alt="iam-create-success" src="../pictures/screenshot_api_keys_create_successful.png" /></p>
<h4 id="api-key-secret">API key secret</h4>
<p>Create a secret containing your apiKey:</p>
<div class="highlight"><pre><span></span><code>kubectl create secret generic ibm-secret --from-literal<span class="o">=</span><span class="nv">apiKey</span><span class="o">=</span><span class="s1">&#39;API_KEY_VALUE&#39;</span>
</code></pre></div>

<h3 id="update-secret-store">Update secret store</h3>
<p>Be sure the <code>ibm</code> provider is listed in the <code>Kind=SecretStore</code></p>
<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
<span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
<span class="nt">metadata</span><span class="p">:</span>
  <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">secretstore-sample</span>
<span class="nt">spec</span><span class="p">:</span>
  <span class="nt">provider</span><span class="p">:</span>
    <span class="nt">ibm</span><span class="p">:</span>
      <span class="nt">serviceUrl</span><span class="p">:</span> <span class="s">&quot;https://SECRETS_MANAGER_ID.REGION.secrets-manager.appdomain.cloud&quot;</span>
      <span class="nt">auth</span><span class="p">:</span>
        <span class="nt">secretRef</span><span class="p">:</span>
          <span class="nt">secretApiKeySecretRef</span><span class="p">:</span>
            <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">ibm-secret</span>
            <span class="nt">key</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">apiKey</span>
</code></pre></div>

<p>To find your serviceURL, under your Secrets Manager resource, go to "Endpoints" on the left.
Note: Use the url without the <code>/api</code> suffix that is presented in the UI.
See here for a list of <a href="https://cloud.ibm.com/apidocs/secrets-manager#getting-started-endpoints">publicly available endpoints</a>.</p>
<p><img alt="iam-create-success" src="../pictures/screenshot_service_url.png" /></p>
<h3 id="secret-types">Secret Types</h3>
<p>We support all secret types of <a href="https://cloud.ibm.com/apidocs/secrets-manager">IBM Secrets Manager</a>: <code>arbitrary</code>, <code>username_password</code>, <code>iam_credentials</code> and <code>imported_cert</code>. To define the type of secret you would like to sync you need to prefix the secret id with the desired type. If the secret type is not specified it is defaulted to <code>arbitrary</code>:</p>
<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
<span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
<span class="nt">metadata</span><span class="p">:</span>
  <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">ibm-sample</span>
<span class="nt">spec</span><span class="p">:</span>
  <span class="c1"># [...]</span>
  <span class="nt">data</span><span class="p">:</span>
  <span class="p p-Indicator">-</span> <span class="nt">secretKey</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">test</span>
    <span class="nt">remoteRef</span><span class="p">:</span>
      <span class="c1"># defaults to type=arbitrary</span>
      <span class="nt">key</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx</span>
  <span class="p p-Indicator">-</span> <span class="nt">secretKey</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">foo</span>
    <span class="nt">remoteRef</span><span class="p">:</span>
      <span class="nt">key</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">username_password/yyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy</span>
  <span class="p p-Indicator">-</span> <span class="nt">secretKey</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">bar</span>
    <span class="nt">remoteRef</span><span class="p">:</span>
      <span class="nt">key</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">iam_credentials/zzzzzzz-zzzz-zzzz-zzzz-zzzzzzzzzzzz</span>
  <span class="p p-Indicator">-</span> <span class="nt">secretKey</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">baz</span>
    <span class="nt">remoteRef</span><span class="p">:</span>
      <span class="nt">key</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">imported_cert/zzzzzzz-zzzz-zzzz-zzzz-zzzzzzzzzzzz</span>
</code></pre></div>

<p>The behavior for the different secret types is as following:</p>
<h4 id="arbitrary">arbitrary</h4>
<ul>
<li><code>remoteRef</code> retrieves a string from secrets manager and sets it for specified <code>secretKey</code></li>
<li><code>dataFrom</code> retrieves a string from secrets manager and tries to parse it as JSON object setting the key:values pairs in resulting Kubernetes secret if successful</li>
</ul>
<h4 id="username_password">username_password</h4>
<ul>
<li><code>remoteRef</code> requires a <code>property</code> to be set for either <code>username</code> or <code>password</code> to retrieve respective fields from the secrets manager secret and set in specified <code>secretKey</code></li>
<li><code>dataFrom</code> retrieves both <code>username</code> and <code>password</code> fields from the secrets manager secret and sets appropriate key:value pairs in the resulting Kubernetes secret</li>
</ul>
<h4 id="iam_credentials">iam_credentials</h4>
<ul>
<li><code>remoteRef</code> retrieves an apikey from secrets manager and sets it for specified <code>secretKey</code></li>
<li><code>dataFrom</code> retrieves an apikey from secrets manager and sets it for the <code>apikey</code> Kubernetes secret key</li>
</ul>
<h4 id="imported_cert">imported_cert</h4>
<ul>
<li><code>remoteRef</code> requires a <code>property</code> to be set for either <code>certificate</code>, <code>private_key</code> or <code>intermediate</code> to retrieve respective fields from the secrets manager secret and set in specified <code>secretKey</code></li>
<li><code>dataFrom</code> retrieves all <code>certificate</code>, <code>private_key</code> and <code>intermediate</code> fields from the secrets manager secret and sets appropriate key:value pairs in the resulting Kubernetes secret</li>
</ul>
<h3 id="creating-external-secret">Creating external secret</h3>
<p>To create a kubernetes secret from the IBM Secrets Manager, a <code>Kind=ExternalSecret</code> is needed.</p>
<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
<span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
<span class="nt">metadata</span><span class="p">:</span>
  <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">external-secret-sample</span>
<span class="nt">spec</span><span class="p">:</span>
  <span class="nt">refreshInterval</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">1m</span>
  <span class="nt">secretStoreRef</span><span class="p">:</span>
    <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">secretstore-sample</span>
    <span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
  <span class="nt">target</span><span class="p">:</span>
    <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">secret-to-be-created</span>
    <span class="nt">creationPolicy</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">Owner</span>
  <span class="nt">data</span><span class="p">:</span>
  <span class="p p-Indicator">-</span> <span class="nt">secretKey</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">test</span>
    <span class="nt">remoteRef</span><span class="p">:</span>
      <span class="nt">key</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx</span>
</code></pre></div>

<p>Currently we can only get the secret by its id and not its name, so something like <code>565287ce-578f-8d96-a746-9409d531fe2a</code>.</p>
<h3 id="getting-the-kubernetes-secret">Getting the Kubernetes secret</h3>
<p>The operator will fetch the IBM Secret Manager secret and inject it as a <code>Kind=Secret</code>
<div class="highlight"><pre><span></span><code>kubectl get secret secret-to-be-created -n &lt;namespace&gt; | -o jsonpath=&#39;{.data.test}&#39; | base64 -d
</code></pre></div></p>
                
              
              
                


              
            </article>
          </div>
        </div>
        
      </main>
      
        
<footer class="md-footer">
  
    <nav class="md-footer__inner md-grid" aria-label="Footer">
      
        
        <a href="../provider-google-secrets-manager/" class="md-footer__link md-footer__link--prev" aria-label="Previous: Secrets Manager" rel="prev">
          <div class="md-footer__button md-icon">
            <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg>
          </div>
          <div class="md-footer__title">
            <div class="md-ellipsis">
              <span class="md-footer__direction">
                Previous
              </span>
              Secrets Manager
            </div>
          </div>
        </a>
      
      
        
        <a href="../provider-akeyless/" class="md-footer__link md-footer__link--next" aria-label="Next: Akeyless" rel="next">
          <div class="md-footer__title">
            <div class="md-ellipsis">
              <span class="md-footer__direction">
                Next
              </span>
              Akeyless
            </div>
          </div>
          <div class="md-footer__button md-icon">
            <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M4 11v2h12l-5.5 5.5 1.42 1.42L19.84 12l-7.92-7.92L10.5 5.5 16 11H4z"/></svg>
          </div>
        </a>
      
    </nav>
  
  <div class="md-footer-meta md-typeset">
    <div class="md-footer-meta__inner md-grid">
      <div class="md-footer-copyright">
        
        Made with
        <a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
          Material for MkDocs
        </a>
        
      </div>
      
    </div>
  </div>
</footer>
      
    </div>
    <div class="md-dialog" data-md-component="dialog">
      <div class="md-dialog__inner md-typeset"></div>
    </div>
    <script id="__config" type="application/json">{"base": "..", "features": [], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../assets/javascripts/workers/search.b0710199.min.js", "version": {"provider": "mike"}}</script>
    
    
      <script src="../assets/javascripts/bundle.76f349be.min.js"></script>
      
    
  </body>
</html>