Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Tree: a89abc6147
Branches Tags
helm-externa...
/
docs
/
snippets
/
full-pushsecret.yaml

full-pushsecret.yaml 2.2 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455 
  1. {% raw %}
    2. 

  2. ---
    3. 

  3. # The source secret that will be pushed to the destination secret by PushSecret.
    4. 

  4. apiVersion: v1
    5. 

  5. kind: Secret
    6. 

  6. metadata:
    7. 

  7.   name: pushsecret-example
    8. 

  8. stringData:
    9. 

  9.   best-pokemon-src: "Pikachu"
    10. 

  10. ---
    11. 

  11. apiVersion: external-secrets.io/v1alpha1
    12. 

  12. kind: PushSecret
    13. 

  13. metadata:
    14. 

  14.   name: pushsecret-example # Customisable
    15. 

  15.   namespace: default # Same of the SecretStores
    16. 

  16. spec:
    17. 

  17.   updatePolicy: Replace # Policy to overwrite existing secrets in the provider on sync
    18. 

  18.   deletionPolicy: Delete # the provider' secret will be deleted if the PushSecret is deleted
    19. 

  19.   refreshInterval: 1h0m0s # Refresh interval for which push secret will reconcile
    20. 

  20.   secretStoreRefs: # A list of secret stores to push secrets to
    21. 

  21.     - name: aws-parameterstore
    22. 

  22.       kind: SecretStore
    23. 

  23.   selector:
    24. 

  24.     secret:
    25. 

  25.       name: pokedex-credentials # Source Kubernetes secret to be pushed
    26. 

  26.     # Alternatively, you can point to a generator that produces values to be pushed
    27. 

  27.     generatorRef:
    28. 

  28.       apiVersion: generators.external-secrets.io/v1alpha1
    29. 

  29.       kind: ECRAuthorizationToken
    30. 

  30.       name: prod-registry-credentials
    31. 

  31.   template:
    32. 

  32.     metadata:
    33. 

  33.       annotations: { }
    34. 

  34.       labels: { }
    35. 

  35.     data:
    36. 

  36.       # If the key source secret key has dashes, then it cannot be accessed directly,
    37. 

  37.       # and the "index" function should be used.
    38. 

  38.       best-pokemon: "{{ index . \"best-pokemon-src\" | toString | upper }} is the really best!"
    39. 

  39.     # Also, it's possible to use an existing template from configmap where Secret is fetched,
    40. 

  40.     # merged and templated within the referenced configMap data.
    41. 

  41.     # It does not update the configmap, it creates a secret with: data["config.yml"] = ...result...
    42. 

  42.     templateFrom:
    43. 

  43.       - configMap:
    44. 

  44.           name: application-config-tmpl
    45. 

  45.           items:
    46. 

  46.             - key: config.yml
    47. 

  47.   data:
    48. 

  48.     - conversionStrategy: None # Also supports the ReverseUnicode strategy
    49. 

  49.       match:
    50. 

  50.         # The secretKey is used within PushSecret (it should match key under spec.template.data)
    51. 

  51.         secretKey: best-pokemon
    52. 

  52.         remoteRef:
    53. 

  53.           remoteKey: destination-secret # The destination secret object name (where the secret is going to be pushed)
    54. 

  54.           property: best-pokemon-dst # The key within the destination secret object.
    55. 

  55. {% endraw %}
    56.