index.html 116 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168216921702171217221732174217521762177217821792180218121822183218421852186218721882189219021912192219321942195219621972198219922002201220222032204220522062207220822092210221122122213221422152216221722182219222022212222222322242225222622272228222922302231223222332234223522362237223822392240224122422243224422452246224722482249225022512252225322542255225622572258225922602261226222632264226522662267226822692270227122722273227422752276227722782279228022812282228322842285228622872288228922902291229222932294229522962297229822992300230123022303230423052306230723082309231023112312231323142315231623172318231923202321232223232324232523262327232823292330233123322333233423352336233723382339234023412342234323442345234623472348234923502351235223532354235523562357235823592360236123622363236423652366236723682369237023712372237323742375237623772378237923802381238223832384238523862387238823892390239123922393239423952396239723982399240024012402240324042405240624072408240924102411241224132414241524162417241824192420242124222423242424252426242724282429243024312432243324342435243624372438243924402441244224432444244524462447244824492450245124522453245424552456245724582459246024612462246324642465246624672468246924702471247224732474247524762477247824792480248124822483248424852486248724882489249024912492249324942495249624972498249925002501250225032504250525062507250825092510251125122513251425152516251725182519252025212522252325242525252625272528252925302531253225332534253525362537253825392540254125422543254425452546254725482549255025512552255325542555255625572558255925602561256225632564256525662567256825692570257125722573257425752576257725782579258025812582258325842585258625872588258925902591259225932594259525962597259825992600260126022603260426052606260726082609261026112612261326142615261626172618261926202621262226232624262526262627262826292630263126322633263426352636263726382639264026412642264326442645264626472648264926502651265226532654265526562657265826592660266126622663266426652666266726682669267026712672267326742675267626772678267926802681268226832684268526862687268826892690269126922693269426952696269726982699270027012702270327042705270627072708270927102711271227132714271527162717271827192720272127222723272427252726272727282729273027312732273327342735273627372738273927402741274227432744274527462747274827492750275127522753275427552756275727582759276027612762276327642765276627672768276927702771277227732774277527762777277827792780278127822783278427852786278727882789279027912792279327942795279627972798279928002801280228032804280528062807280828092810281128122813281428152816281728182819282028212822282328242825282628272828282928302831283228332834283528362837283828392840284128422843284428452846284728482849285028512852285328542855285628572858285928602861286228632864286528662867286828692870287128722873287428752876287728782879288028812882288328842885288628872888288928902891289228932894289528962897289828992900290129022903290429052906290729082909291029112912291329142915291629172918291929202921292229232924292529262927292829292930293129322933293429352936293729382939294029412942294329442945294629472948294929502951295229532954295529562957295829592960296129622963296429652966296729682969297029712972297329742975297629772978297929802981298229832984298529862987298829892990299129922993299429952996299729982999300030013002300330043005300630073008300930103011301230133014301530163017301830193020302130223023302430253026302730283029303030313032303330343035303630373038303930403041304230433044304530463047304830493050305130523053305430553056305730583059306030613062306330643065306630673068306930703071307230733074307530763077307830793080308130823083308430853086308730883089309030913092309330943095309630973098309931003101310231033104310531063107310831093110311131123113311431153116311731183119312031213122312331243125312631273128312931303131313231333134313531363137313831393140314131423143314431453146314731483149315031513152315331543155315631573158315931603161316231633164316531663167316831693170317131723173317431753176317731783179318031813182318331843185318631873188318931903191319231933194319531963197319831993200320132023203320432053206320732083209321032113212321332143215321632173218321932203221322232233224322532263227322832293230323132323233323432353236323732383239324032413242324332443245324632473248324932503251325232533254325532563257325832593260326132623263326432653266326732683269327032713272327332743275327632773278327932803281328232833284328532863287328832893290329132923293329432953296329732983299330033013302330333043305330633073308330933103311331233133314331533163317331833193320332133223323332433253326332733283329333033313332333333343335333633373338333933403341334233433344334533463347334833493350335133523353335433553356335733583359336033613362336333643365336633673368336933703371337233733374337533763377337833793380338133823383338433853386338733883389339033913392339333943395339633973398339934003401340234033404340534063407340834093410341134123413341434153416341734183419342034213422342334243425342634273428342934303431343234333434343534363437343834393440344134423443344434453446344734483449345034513452345334543455345634573458345934603461346234633464346534663467346834693470347134723473347434753476347734783479348034813482348334843485348634873488348934903491349234933494349534963497349834993500350135023503350435053506350735083509351035113512351335143515351635173518351935203521352235233524352535263527352835293530353135323533353435353536353735383539354035413542354335443545354635473548354935503551355235533554355535563557355835593560356135623563356435653566356735683569357035713572357335743575357635773578357935803581358235833584358535863587358835893590359135923593359435953596359735983599360036013602360336043605360636073608360936103611361236133614361536163617361836193620362136223623362436253626362736283629363036313632363336343635363636373638363936403641364236433644364536463647364836493650365136523653365436553656365736583659366036613662366336643665366636673668366936703671367236733674367536763677367836793680368136823683368436853686368736883689369036913692369336943695369636973698369937003701370237033704370537063707370837093710371137123713371437153716371737183719372037213722372337243725372637273728372937303731373237333734373537363737373837393740374137423743374437453746374737483749375037513752375337543755375637573758375937603761376237633764376537663767376837693770377137723773377437753776377737783779378037813782378337843785378637873788378937903791379237933794379537963797379837993800380138023803380438053806380738083809381038113812381338143815381638173818381938203821382238233824382538263827382838293830383138323833383438353836383738383839384038413842384338443845384638473848384938503851385238533854385538563857385838593860386138623863386438653866386738683869387038713872387338743875387638773878387938803881388238833884388538863887388838893890389138923893389438953896389738983899390039013902390339043905390639073908390939103911391239133914391539163917391839193920392139223923392439253926392739283929393039313932393339343935393639373938393939403941394239433944394539463947394839493950395139523953395439553956395739583959396039613962396339643965396639673968396939703971397239733974397539763977397839793980398139823983398439853986398739883989399039913992399339943995399639973998399940004001400240034004400540064007400840094010401140124013401440154016401740184019402040214022402340244025402640274028402940304031403240334034403540364037403840394040404140424043404440454046404740484049405040514052405340544055405640574058405940604061406240634064406540664067406840694070407140724073407440754076407740784079408040814082408340844085408640874088408940904091409240934094409540964097409840994100410141024103410441054106410741084109411041114112411341144115411641174118411941204121412241234124412541264127412841294130413141324133413441354136413741384139414041414142414341444145414641474148414941504151415241534154415541564157415841594160416141624163416441654166416741684169417041714172417341744175417641774178417941804181418241834184418541864187418841894190419141924193419441954196419741984199420042014202420342044205420642074208420942104211421242134214421542164217421842194220422142224223422442254226422742284229423042314232423342344235423642374238423942404241424242434244424542464247424842494250425142524253425442554256425742584259426042614262426342644265426642674268426942704271427242734274427542764277427842794280428142824283428442854286428742884289429042914292429342944295429642974298429943004301430243034304430543064307430843094310431143124313431443154316431743184319432043214322432343244325432643274328432943304331433243334334433543364337433843394340434143424343434443454346434743484349435043514352435343544355435643574358435943604361436243634364436543664367436843694370437143724373437443754376437743784379438043814382438343844385438643874388438943904391439243934394439543964397439843994400440144024403440444054406440744084409441044114412441344144415441644174418441944204421442244234424442544264427442844294430443144324433443444354436443744384439444044414442444344444445444644474448444944504451445244534454445544564457445844594460446144624463446444654466446744684469447044714472447344744475447644774478447944804481448244834484448544864487448844894490449144924493449444954496449744984499450045014502450345044505450645074508450945104511451245134514451545164517451845194520452145224523452445254526452745284529453045314532453345344535453645374538453945404541454245434544454545464547454845494550455145524553455445554556455745584559456045614562456345644565456645674568456945704571457245734574457545764577457845794580458145824583458445854586458745884589459045914592459345944595459645974598459946004601460246034604460546064607460846094610461146124613461446154616461746184619462046214622462346244625462646274628462946304631463246334634463546364637463846394640464146424643464446454646464746484649465046514652465346544655465646574658465946604661466246634664466546664667466846694670467146724673467446754676467746784679468046814682468346844685468646874688468946904691469246934694469546964697469846994700
  1. <!doctype html>
  2. <html lang="en" class="no-js">
  3. <head>
  4. <meta charset="utf-8">
  5. <meta name="viewport" content="width=device-width,initial-scale=1">
  6. <link rel="prev" href="../aws-secrets-manager/">
  7. <link rel="next" href="../azure-key-vault/">
  8. <link rel="icon" href="../../pictures/eso-round-logo.svg">
  9. <meta name="generator" content="mkdocs-1.6.1, mkdocs-material-9.6.14">
  10. <title>AWS Parameter Store - External Secrets Operator</title>
  11. <link rel="stylesheet" href="../../assets/stylesheets/main.342714a4.min.css">
  12. <link rel="stylesheet" href="../../assets/stylesheets/palette.06af60db.min.css">
  13. <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
  14. <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
  15. <style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
  16. <script>__md_scope=new URL("../..",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
  17. <script id="__analytics">function __md_analytics(){function e(){dataLayer.push(arguments)}window.dataLayer=window.dataLayer||[],e("js",new Date),e("config","G-QP38TD8K7V"),document.addEventListener("DOMContentLoaded",(function(){document.forms.search&&document.forms.search.query.addEventListener("blur",(function(){this.value&&e("event","search",{search_term:this.value})}));document$.subscribe((function(){var t=document.forms.feedback;if(void 0!==t)for(var a of t.querySelectorAll("[type=submit]"))a.addEventListener("click",(function(a){a.preventDefault();var n=document.location.pathname,d=this.getAttribute("data-md-value");e("event","feedback",{page:n,data:d}),t.firstElementChild.disabled=!0;var r=t.querySelector(".md-feedback__note [data-md-value='"+d+"']");r&&(r.hidden=!1)})),t.hidden=!1})),location$.subscribe((function(t){e("config","G-QP38TD8K7V",{page_path:t.pathname})}))}));var t=document.createElement("script");t.async=!0,t.src="https://www.googletagmanager.com/gtag/js?id=G-QP38TD8K7V",document.getElementById("__analytics").insertAdjacentElement("afterEnd",t)}</script>
  18. <script>"undefined"!=typeof __md_analytics&&__md_analytics()</script>
  19. </head>
  20. <body dir="ltr" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo">
  21. <input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
  22. <input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
  23. <label class="md-overlay" for="__drawer"></label>
  24. <div data-md-component="skip">
  25. <a href="#parameter-store" class="md-skip">
  26. Skip to content
  27. </a>
  28. </div>
  29. <div data-md-component="announce">
  30. </div>
  31. <div data-md-color-scheme="default" data-md-component="outdated" hidden>
  32. <aside class="md-banner md-banner--warning">
  33. <div class="md-banner__inner md-grid md-typeset">
  34. You're not viewing the latest version.
  35. <a href="../../..">
  36. <strong>Click here to go to latest.</strong>
  37. </a>
  38. </div>
  39. <script>var el=document.querySelector("[data-md-component=outdated]"),base=new URL("../.."),outdated=__md_get("__outdated",sessionStorage,base);!0===outdated&&el&&(el.hidden=!1)</script>
  40. </aside>
  41. </div>
  42. <header class="md-header" data-md-component="header">
  43. <nav class="md-header__inner md-grid" aria-label="Header">
  44. <a href="../.." title="External Secrets Operator" class="md-header__button md-logo" aria-label="External Secrets Operator" data-md-component="logo">
  45. <img src="../../pictures/eso-round-logo.svg" alt="logo">
  46. </a>
  47. <label class="md-header__button md-icon" for="__drawer">
  48. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg>
  49. </label>
  50. <div class="md-header__title" data-md-component="header-title">
  51. <div class="md-header__ellipsis">
  52. <div class="md-header__topic">
  53. <span class="md-ellipsis">
  54. External Secrets Operator
  55. </span>
  56. </div>
  57. <div class="md-header__topic" data-md-component="header-topic">
  58. <span class="md-ellipsis">
  59. AWS Parameter Store
  60. </span>
  61. </div>
  62. </div>
  63. </div>
  64. <form class="md-header__option" data-md-component="palette">
  65. <input class="md-option" data-md-color-media="(prefers-color-scheme: light)" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo" aria-label="Switch to dark mode" type="radio" name="__palette" id="__palette_0">
  66. <label class="md-header__button md-icon" title="Switch to dark mode" for="__palette_1" hidden>
  67. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a4 4 0 0 0-4 4 4 4 0 0 0 4 4 4 4 0 0 0 4-4 4 4 0 0 0-4-4m0 10a6 6 0 0 1-6-6 6 6 0 0 1 6-6 6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12z"/></svg>
  68. </label>
  69. <input class="md-option" data-md-color-media="(prefers-color-scheme: dark)" data-md-color-scheme="slate" data-md-color-primary="indigo" data-md-color-accent="indigo" aria-label="Switch to light mode" type="radio" name="__palette" id="__palette_1">
  70. <label class="md-header__button md-icon" title="Switch to light mode" for="__palette_0" hidden>
  71. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 18c-.89 0-1.74-.2-2.5-.55C11.56 16.5 13 14.42 13 12s-1.44-4.5-3.5-5.45C10.26 6.2 11.11 6 12 6a6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12z"/></svg>
  72. </label>
  73. </form>
  74. <script>var palette=__md_get("__palette");if(palette&&palette.color){if("(prefers-color-scheme)"===palette.color.media){var media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']");palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent")}for(var[key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script>
  75. <label class="md-header__button md-icon" for="__search">
  76. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
  77. </label>
  78. <div class="md-search" data-md-component="search" role="dialog">
  79. <label class="md-search__overlay" for="__search"></label>
  80. <div class="md-search__inner" role="search">
  81. <form class="md-search__form" name="search">
  82. <input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
  83. <label class="md-search__icon md-icon" for="__search">
  84. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
  85. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg>
  86. </label>
  87. <nav class="md-search__options" aria-label="Search">
  88. <button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
  89. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/></svg>
  90. </button>
  91. </nav>
  92. </form>
  93. <div class="md-search__output">
  94. <div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix>
  95. <div class="md-search-result" data-md-component="search-result">
  96. <div class="md-search-result__meta">
  97. Initializing search
  98. </div>
  99. <ol class="md-search-result__list" role="presentation"></ol>
  100. </div>
  101. </div>
  102. </div>
  103. </div>
  104. </div>
  105. <div class="md-header__source">
  106. <a href="https://github.com/external-secrets/external-secrets" title="Go to repository" class="md-source" data-md-component="source">
  107. <div class="md-source__icon md-icon">
  108. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.7.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81"/></svg>
  109. </div>
  110. <div class="md-source__repository">
  111. External Secrets Operator
  112. </div>
  113. </a>
  114. </div>
  115. </nav>
  116. </header>
  117. <div class="md-container" data-md-component="container">
  118. <nav class="md-tabs" aria-label="Tabs" data-md-component="tabs">
  119. <div class="md-grid">
  120. <ul class="md-tabs__list">
  121. <li class="md-tabs__item">
  122. <a href="../.." class="md-tabs__link">
  123. Introduction
  124. </a>
  125. </li>
  126. <li class="md-tabs__item">
  127. <a href="../../api/components/" class="md-tabs__link">
  128. API
  129. </a>
  130. </li>
  131. <li class="md-tabs__item">
  132. <a href="../../guides/introduction/" class="md-tabs__link">
  133. Guides
  134. </a>
  135. </li>
  136. <li class="md-tabs__item md-tabs__item--active">
  137. <a href="../aws-secrets-manager/" class="md-tabs__link">
  138. Provider
  139. </a>
  140. </li>
  141. <li class="md-tabs__item">
  142. <a href="../../examples/gitops-using-fluxcd/" class="md-tabs__link">
  143. Examples
  144. </a>
  145. </li>
  146. <li class="md-tabs__item">
  147. <a href="../../contributing/devguide/" class="md-tabs__link">
  148. Community
  149. </a>
  150. </li>
  151. </ul>
  152. </div>
  153. </nav>
  154. <main class="md-main" data-md-component="main">
  155. <div class="md-main__inner md-grid">
  156. <div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
  157. <div class="md-sidebar__scrollwrap">
  158. <div class="md-sidebar__inner">
  159. <nav class="md-nav md-nav--primary md-nav--lifted" aria-label="Navigation" data-md-level="0">
  160. <label class="md-nav__title" for="__drawer">
  161. <a href="../.." title="External Secrets Operator" class="md-nav__button md-logo" aria-label="External Secrets Operator" data-md-component="logo">
  162. <img src="../../pictures/eso-round-logo.svg" alt="logo">
  163. </a>
  164. External Secrets Operator
  165. </label>
  166. <div class="md-nav__source">
  167. <a href="https://github.com/external-secrets/external-secrets" title="Go to repository" class="md-source" data-md-component="source">
  168. <div class="md-source__icon md-icon">
  169. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.7.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81"/></svg>
  170. </div>
  171. <div class="md-source__repository">
  172. External Secrets Operator
  173. </div>
  174. </a>
  175. </div>
  176. <ul class="md-nav__list" data-md-scrollfix>
  177. <li class="md-nav__item md-nav__item--nested">
  178. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_1" >
  179. <div class="md-nav__link md-nav__container">
  180. <a href="../.." class="md-nav__link ">
  181. <span class="md-ellipsis">
  182. Introduction
  183. </span>
  184. </a>
  185. <label class="md-nav__link " for="__nav_1" id="__nav_1_label" tabindex="0">
  186. <span class="md-nav__icon md-icon"></span>
  187. </label>
  188. </div>
  189. <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_1_label" aria-expanded="false">
  190. <label class="md-nav__title" for="__nav_1">
  191. <span class="md-nav__icon md-icon"></span>
  192. Introduction
  193. </label>
  194. <ul class="md-nav__list" data-md-scrollfix>
  195. <li class="md-nav__item">
  196. <a href="../../introduction/overview/" class="md-nav__link">
  197. <span class="md-ellipsis">
  198. Overview
  199. </span>
  200. </a>
  201. </li>
  202. <li class="md-nav__item">
  203. <a href="../../introduction/glossary/" class="md-nav__link">
  204. <span class="md-ellipsis">
  205. Glossary
  206. </span>
  207. </a>
  208. </li>
  209. <li class="md-nav__item">
  210. <a href="../../introduction/prerequisites/" class="md-nav__link">
  211. <span class="md-ellipsis">
  212. Prerequisites
  213. </span>
  214. </a>
  215. </li>
  216. <li class="md-nav__item">
  217. <a href="../../introduction/getting-started/" class="md-nav__link">
  218. <span class="md-ellipsis">
  219. Getting started
  220. </span>
  221. </a>
  222. </li>
  223. <li class="md-nav__item">
  224. <a href="../../introduction/faq/" class="md-nav__link">
  225. <span class="md-ellipsis">
  226. FAQ
  227. </span>
  228. </a>
  229. </li>
  230. <li class="md-nav__item">
  231. <a href="../../introduction/stability-support/" class="md-nav__link">
  232. <span class="md-ellipsis">
  233. Stability and Support
  234. </span>
  235. </a>
  236. </li>
  237. <li class="md-nav__item">
  238. <a href="../../introduction/deprecation-policy/" class="md-nav__link">
  239. <span class="md-ellipsis">
  240. Deprecation Policy
  241. </span>
  242. </a>
  243. </li>
  244. </ul>
  245. </nav>
  246. </li>
  247. <li class="md-nav__item md-nav__item--nested">
  248. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_2" >
  249. <label class="md-nav__link" for="__nav_2" id="__nav_2_label" tabindex="0">
  250. <span class="md-ellipsis">
  251. API
  252. </span>
  253. <span class="md-nav__icon md-icon"></span>
  254. </label>
  255. <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_2_label" aria-expanded="false">
  256. <label class="md-nav__title" for="__nav_2">
  257. <span class="md-nav__icon md-icon"></span>
  258. API
  259. </label>
  260. <ul class="md-nav__list" data-md-scrollfix>
  261. <li class="md-nav__item">
  262. <a href="../../api/components/" class="md-nav__link">
  263. <span class="md-ellipsis">
  264. Components
  265. </span>
  266. </a>
  267. </li>
  268. <li class="md-nav__item md-nav__item--nested">
  269. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_2_2" >
  270. <label class="md-nav__link" for="__nav_2_2" id="__nav_2_2_label" tabindex="0">
  271. <span class="md-ellipsis">
  272. Core Resources
  273. </span>
  274. <span class="md-nav__icon md-icon"></span>
  275. </label>
  276. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_2_2_label" aria-expanded="false">
  277. <label class="md-nav__title" for="__nav_2_2">
  278. <span class="md-nav__icon md-icon"></span>
  279. Core Resources
  280. </label>
  281. <ul class="md-nav__list" data-md-scrollfix>
  282. <li class="md-nav__item">
  283. <a href="../../api/externalsecret/" class="md-nav__link">
  284. <span class="md-ellipsis">
  285. ExternalSecret
  286. </span>
  287. </a>
  288. </li>
  289. <li class="md-nav__item">
  290. <a href="../../api/secretstore/" class="md-nav__link">
  291. <span class="md-ellipsis">
  292. SecretStore
  293. </span>
  294. </a>
  295. </li>
  296. <li class="md-nav__item">
  297. <a href="../../api/clustersecretstore/" class="md-nav__link">
  298. <span class="md-ellipsis">
  299. ClusterSecretStore
  300. </span>
  301. </a>
  302. </li>
  303. <li class="md-nav__item">
  304. <a href="../../api/clusterexternalsecret/" class="md-nav__link">
  305. <span class="md-ellipsis">
  306. ClusterExternalSecret
  307. </span>
  308. </a>
  309. </li>
  310. <li class="md-nav__item">
  311. <a href="../../api/clusterpushsecret/" class="md-nav__link">
  312. <span class="md-ellipsis">
  313. ClusterPushSecret
  314. </span>
  315. </a>
  316. </li>
  317. <li class="md-nav__item">
  318. <a href="../../api/pushsecret/" class="md-nav__link">
  319. <span class="md-ellipsis">
  320. PushSecret
  321. </span>
  322. </a>
  323. </li>
  324. </ul>
  325. </nav>
  326. </li>
  327. <li class="md-nav__item md-nav__item--nested">
  328. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_2_3" >
  329. <div class="md-nav__link md-nav__container">
  330. <a href="../../api/generator/" class="md-nav__link ">
  331. <span class="md-ellipsis">
  332. Generators
  333. </span>
  334. </a>
  335. <label class="md-nav__link " for="__nav_2_3" id="__nav_2_3_label" tabindex="0">
  336. <span class="md-nav__icon md-icon"></span>
  337. </label>
  338. </div>
  339. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_2_3_label" aria-expanded="false">
  340. <label class="md-nav__title" for="__nav_2_3">
  341. <span class="md-nav__icon md-icon"></span>
  342. Generators
  343. </label>
  344. <ul class="md-nav__list" data-md-scrollfix>
  345. <li class="md-nav__item">
  346. <a href="../../api/generator/acr/" class="md-nav__link">
  347. <span class="md-ellipsis">
  348. Azure Container Registry
  349. </span>
  350. </a>
  351. </li>
  352. <li class="md-nav__item">
  353. <a href="../../api/generator/ecr/" class="md-nav__link">
  354. <span class="md-ellipsis">
  355. AWS Elastic Container Registry
  356. </span>
  357. </a>
  358. </li>
  359. <li class="md-nav__item">
  360. <a href="../../api/generator/sts/" class="md-nav__link">
  361. <span class="md-ellipsis">
  362. AWS STS Session Token
  363. </span>
  364. </a>
  365. </li>
  366. <li class="md-nav__item">
  367. <a href="../../api/generator/cluster/" class="md-nav__link">
  368. <span class="md-ellipsis">
  369. Cluster Generator
  370. </span>
  371. </a>
  372. </li>
  373. <li class="md-nav__item">
  374. <a href="../../api/generator/gcr/" class="md-nav__link">
  375. <span class="md-ellipsis">
  376. Google Container Registry
  377. </span>
  378. </a>
  379. </li>
  380. <li class="md-nav__item">
  381. <a href="../../api/generator/quay/" class="md-nav__link">
  382. <span class="md-ellipsis">
  383. Quay
  384. </span>
  385. </a>
  386. </li>
  387. <li class="md-nav__item">
  388. <a href="../../api/generator/vault/" class="md-nav__link">
  389. <span class="md-ellipsis">
  390. Vault Dynamic Secret
  391. </span>
  392. </a>
  393. </li>
  394. <li class="md-nav__item">
  395. <a href="../../api/generator/password/" class="md-nav__link">
  396. <span class="md-ellipsis">
  397. Password
  398. </span>
  399. </a>
  400. </li>
  401. <li class="md-nav__item">
  402. <a href="../../api/generator/fake/" class="md-nav__link">
  403. <span class="md-ellipsis">
  404. Fake
  405. </span>
  406. </a>
  407. </li>
  408. <li class="md-nav__item">
  409. <a href="../../api/generator/webhook/" class="md-nav__link">
  410. <span class="md-ellipsis">
  411. Webhook
  412. </span>
  413. </a>
  414. </li>
  415. <li class="md-nav__item">
  416. <a href="../../api/generator/github/" class="md-nav__link">
  417. <span class="md-ellipsis">
  418. Github
  419. </span>
  420. </a>
  421. </li>
  422. <li class="md-nav__item">
  423. <a href="../../api/generator/uuid/" class="md-nav__link">
  424. <span class="md-ellipsis">
  425. UUID
  426. </span>
  427. </a>
  428. </li>
  429. </ul>
  430. </nav>
  431. </li>
  432. <li class="md-nav__item md-nav__item--nested">
  433. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_2_4" >
  434. <label class="md-nav__link" for="__nav_2_4" id="__nav_2_4_label" tabindex="0">
  435. <span class="md-ellipsis">
  436. Reference Docs
  437. </span>
  438. <span class="md-nav__icon md-icon"></span>
  439. </label>
  440. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_2_4_label" aria-expanded="false">
  441. <label class="md-nav__title" for="__nav_2_4">
  442. <span class="md-nav__icon md-icon"></span>
  443. Reference Docs
  444. </label>
  445. <ul class="md-nav__list" data-md-scrollfix>
  446. <li class="md-nav__item">
  447. <a href="../../api/spec/" class="md-nav__link">
  448. <span class="md-ellipsis">
  449. API specification
  450. </span>
  451. </a>
  452. </li>
  453. <li class="md-nav__item">
  454. <a href="../../api/controller-options/" class="md-nav__link">
  455. <span class="md-ellipsis">
  456. Controller Options
  457. </span>
  458. </a>
  459. </li>
  460. <li class="md-nav__item">
  461. <a href="../../api/metrics/" class="md-nav__link">
  462. <span class="md-ellipsis">
  463. Metrics
  464. </span>
  465. </a>
  466. </li>
  467. </ul>
  468. </nav>
  469. </li>
  470. </ul>
  471. </nav>
  472. </li>
  473. <li class="md-nav__item md-nav__item--nested">
  474. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_3" >
  475. <label class="md-nav__link" for="__nav_3" id="__nav_3_label" tabindex="0">
  476. <span class="md-ellipsis">
  477. Guides
  478. </span>
  479. <span class="md-nav__icon md-icon"></span>
  480. </label>
  481. <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_3_label" aria-expanded="false">
  482. <label class="md-nav__title" for="__nav_3">
  483. <span class="md-nav__icon md-icon"></span>
  484. Guides
  485. </label>
  486. <ul class="md-nav__list" data-md-scrollfix>
  487. <li class="md-nav__item">
  488. <a href="../../guides/introduction/" class="md-nav__link">
  489. <span class="md-ellipsis">
  490. Introduction
  491. </span>
  492. </a>
  493. </li>
  494. <li class="md-nav__item md-nav__item--nested">
  495. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_3_2" >
  496. <label class="md-nav__link" for="__nav_3_2" id="__nav_3_2_label" tabindex="0">
  497. <span class="md-ellipsis">
  498. External Secrets
  499. </span>
  500. <span class="md-nav__icon md-icon"></span>
  501. </label>
  502. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_2_label" aria-expanded="false">
  503. <label class="md-nav__title" for="__nav_3_2">
  504. <span class="md-nav__icon md-icon"></span>
  505. External Secrets
  506. </label>
  507. <ul class="md-nav__list" data-md-scrollfix>
  508. <li class="md-nav__item">
  509. <a href="../../guides/all-keys-one-secret/" class="md-nav__link">
  510. <span class="md-ellipsis">
  511. Extract structured data
  512. </span>
  513. </a>
  514. </li>
  515. <li class="md-nav__item">
  516. <a href="../../guides/getallsecrets/" class="md-nav__link">
  517. <span class="md-ellipsis">
  518. Find Secrets by Name or Metadata
  519. </span>
  520. </a>
  521. </li>
  522. <li class="md-nav__item">
  523. <a href="../../guides/datafrom-rewrite/" class="md-nav__link">
  524. <span class="md-ellipsis">
  525. Rewriting Keys
  526. </span>
  527. </a>
  528. </li>
  529. <li class="md-nav__item md-nav__item--nested">
  530. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_3_2_4" >
  531. <label class="md-nav__link" for="__nav_3_2_4" id="__nav_3_2_4_label" tabindex="0">
  532. <span class="md-ellipsis">
  533. Advanced Templating
  534. </span>
  535. <span class="md-nav__icon md-icon"></span>
  536. </label>
  537. <nav class="md-nav" data-md-level="3" aria-labelledby="__nav_3_2_4_label" aria-expanded="false">
  538. <label class="md-nav__title" for="__nav_3_2_4">
  539. <span class="md-nav__icon md-icon"></span>
  540. Advanced Templating
  541. </label>
  542. <ul class="md-nav__list" data-md-scrollfix>
  543. <li class="md-nav__item">
  544. <a href="../../guides/templating/" class="md-nav__link">
  545. <span class="md-ellipsis">
  546. v2
  547. </span>
  548. </a>
  549. </li>
  550. <li class="md-nav__item">
  551. <a href="../../guides/templating-v1/" class="md-nav__link">
  552. <span class="md-ellipsis">
  553. v1
  554. </span>
  555. </a>
  556. </li>
  557. </ul>
  558. </nav>
  559. </li>
  560. <li class="md-nav__item">
  561. <a href="../../guides/common-k8s-secret-types/" class="md-nav__link">
  562. <span class="md-ellipsis">
  563. Kubernetes Secret Types
  564. </span>
  565. </a>
  566. </li>
  567. <li class="md-nav__item">
  568. <a href="../../guides/ownership-deletion-policy/" class="md-nav__link">
  569. <span class="md-ellipsis">
  570. Lifecycle: ownership & deletion
  571. </span>
  572. </a>
  573. </li>
  574. <li class="md-nav__item">
  575. <a href="../../guides/decoding-strategy/" class="md-nav__link">
  576. <span class="md-ellipsis">
  577. Decoding Strategies
  578. </span>
  579. </a>
  580. </li>
  581. <li class="md-nav__item">
  582. <a href="../../guides/controller-class/" class="md-nav__link">
  583. <span class="md-ellipsis">
  584. Controller Classes
  585. </span>
  586. </a>
  587. </li>
  588. </ul>
  589. </nav>
  590. </li>
  591. <li class="md-nav__item">
  592. <a href="../../guides/generator/" class="md-nav__link">
  593. <span class="md-ellipsis">
  594. Generators
  595. </span>
  596. </a>
  597. </li>
  598. <li class="md-nav__item">
  599. <a href="../../guides/pushsecrets/" class="md-nav__link">
  600. <span class="md-ellipsis">
  601. Push Secrets
  602. </span>
  603. </a>
  604. </li>
  605. <li class="md-nav__item md-nav__item--nested">
  606. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_3_5" >
  607. <label class="md-nav__link" for="__nav_3_5" id="__nav_3_5_label" tabindex="0">
  608. <span class="md-ellipsis">
  609. Operations
  610. </span>
  611. <span class="md-nav__icon md-icon"></span>
  612. </label>
  613. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_5_label" aria-expanded="false">
  614. <label class="md-nav__title" for="__nav_3_5">
  615. <span class="md-nav__icon md-icon"></span>
  616. Operations
  617. </label>
  618. <ul class="md-nav__list" data-md-scrollfix>
  619. <li class="md-nav__item">
  620. <a href="../../guides/multi-tenancy/" class="md-nav__link">
  621. <span class="md-ellipsis">
  622. Multi Tenancy
  623. </span>
  624. </a>
  625. </li>
  626. <li class="md-nav__item">
  627. <a href="../../guides/security-best-practices/" class="md-nav__link">
  628. <span class="md-ellipsis">
  629. Security Best Practices
  630. </span>
  631. </a>
  632. </li>
  633. <li class="md-nav__item">
  634. <a href="../../guides/threat-model/" class="md-nav__link">
  635. <span class="md-ellipsis">
  636. Threat Model
  637. </span>
  638. </a>
  639. </li>
  640. <li class="md-nav__item">
  641. <a href="../../guides/v1beta1/" class="md-nav__link">
  642. <span class="md-ellipsis">
  643. Upgrading to v1beta1
  644. </span>
  645. </a>
  646. </li>
  647. <li class="md-nav__item">
  648. <a href="../../guides/using-latest-image/" class="md-nav__link">
  649. <span class="md-ellipsis">
  650. Using Latest Image
  651. </span>
  652. </a>
  653. </li>
  654. <li class="md-nav__item">
  655. <a href="../../guides/disable-cluster-features/" class="md-nav__link">
  656. <span class="md-ellipsis">
  657. Disable Cluster Features
  658. </span>
  659. </a>
  660. </li>
  661. </ul>
  662. </nav>
  663. </li>
  664. <li class="md-nav__item md-nav__item--nested">
  665. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_3_6" >
  666. <label class="md-nav__link" for="__nav_3_6" id="__nav_3_6_label" tabindex="0">
  667. <span class="md-ellipsis">
  668. Tooling
  669. </span>
  670. <span class="md-nav__icon md-icon"></span>
  671. </label>
  672. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_6_label" aria-expanded="false">
  673. <label class="md-nav__title" for="__nav_3_6">
  674. <span class="md-nav__icon md-icon"></span>
  675. Tooling
  676. </label>
  677. <ul class="md-nav__list" data-md-scrollfix>
  678. <li class="md-nav__item">
  679. <a href="../../guides/using-esoctl-tool/" class="md-nav__link">
  680. <span class="md-ellipsis">
  681. Using the esoctl tool
  682. </span>
  683. </a>
  684. </li>
  685. </ul>
  686. </nav>
  687. </li>
  688. </ul>
  689. </nav>
  690. </li>
  691. <li class="md-nav__item md-nav__item--active md-nav__item--section md-nav__item--nested">
  692. <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4" checked>
  693. <label class="md-nav__link" for="__nav_4" id="__nav_4_label" tabindex="">
  694. <span class="md-ellipsis">
  695. Provider
  696. </span>
  697. <span class="md-nav__icon md-icon"></span>
  698. </label>
  699. <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_4_label" aria-expanded="true">
  700. <label class="md-nav__title" for="__nav_4">
  701. <span class="md-nav__icon md-icon"></span>
  702. Provider
  703. </label>
  704. <ul class="md-nav__list" data-md-scrollfix>
  705. <li class="md-nav__item">
  706. <a href="../aws-secrets-manager/" class="md-nav__link">
  707. <span class="md-ellipsis">
  708. AWS Secrets Manager
  709. </span>
  710. </a>
  711. </li>
  712. <li class="md-nav__item md-nav__item--active">
  713. <input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
  714. <label class="md-nav__link md-nav__link--active" for="__toc">
  715. <span class="md-ellipsis">
  716. AWS Parameter Store
  717. </span>
  718. <span class="md-nav__icon md-icon"></span>
  719. </label>
  720. <a href="./" class="md-nav__link md-nav__link--active">
  721. <span class="md-ellipsis">
  722. AWS Parameter Store
  723. </span>
  724. </a>
  725. <nav class="md-nav md-nav--secondary" aria-label="Table of contents">
  726. <label class="md-nav__title" for="__toc">
  727. <span class="md-nav__icon md-icon"></span>
  728. Table of contents
  729. </label>
  730. <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
  731. <li class="md-nav__item">
  732. <a href="#parameter-store" class="md-nav__link">
  733. <span class="md-ellipsis">
  734. Parameter Store
  735. </span>
  736. </a>
  737. <nav class="md-nav" aria-label="Parameter Store">
  738. <ul class="md-nav__list">
  739. <li class="md-nav__item">
  740. <a href="#iam-policy" class="md-nav__link">
  741. <span class="md-ellipsis">
  742. IAM Policy
  743. </span>
  744. </a>
  745. <nav class="md-nav" aria-label="IAM Policy">
  746. <ul class="md-nav__list">
  747. <li class="md-nav__item">
  748. <a href="#fetching-parameters" class="md-nav__link">
  749. <span class="md-ellipsis">
  750. Fetching Parameters
  751. </span>
  752. </a>
  753. </li>
  754. <li class="md-nav__item">
  755. <a href="#pushing-parameters" class="md-nav__link">
  756. <span class="md-ellipsis">
  757. Pushing Parameters
  758. </span>
  759. </a>
  760. </li>
  761. </ul>
  762. </nav>
  763. </li>
  764. <li class="md-nav__item">
  765. <a href="#json-secret-values" class="md-nav__link">
  766. <span class="md-ellipsis">
  767. JSON Secret Values
  768. </span>
  769. </a>
  770. </li>
  771. <li class="md-nav__item">
  772. <a href="#parameter-versions" class="md-nav__link">
  773. <span class="md-ellipsis">
  774. Parameter Versions
  775. </span>
  776. </a>
  777. </li>
  778. </ul>
  779. </nav>
  780. </li>
  781. <li class="md-nav__item">
  782. <a href="#setsecret" class="md-nav__link">
  783. <span class="md-ellipsis">
  784. SetSecret
  785. </span>
  786. </a>
  787. <nav class="md-nav" aria-label="SetSecret">
  788. <ul class="md-nav__list">
  789. <li class="md-nav__item">
  790. <a href="#creating-a-push-secret" class="md-nav__link">
  791. <span class="md-ellipsis">
  792. Creating a Push Secret
  793. </span>
  794. </a>
  795. <nav class="md-nav" aria-label="Creating a Push Secret">
  796. <ul class="md-nav__list">
  797. <li class="md-nav__item">
  798. <a href="#additional-metadata-for-pushsecret" class="md-nav__link">
  799. <span class="md-ellipsis">
  800. Additional Metadata for PushSecret
  801. </span>
  802. </a>
  803. </li>
  804. <li class="md-nav__item">
  805. <a href="#check-successful-secret-sync" class="md-nav__link">
  806. <span class="md-ellipsis">
  807. Check successful secret sync
  808. </span>
  809. </a>
  810. </li>
  811. <li class="md-nav__item">
  812. <a href="#test-new-secret-using-aws-cli" class="md-nav__link">
  813. <span class="md-ellipsis">
  814. Test new secret using AWS CLI
  815. </span>
  816. </a>
  817. </li>
  818. </ul>
  819. </nav>
  820. </li>
  821. </ul>
  822. </nav>
  823. </li>
  824. <li class="md-nav__item">
  825. <a href="#aws-authentication" class="md-nav__link">
  826. <span class="md-ellipsis">
  827. AWS Authentication
  828. </span>
  829. </a>
  830. <nav class="md-nav" aria-label="AWS Authentication">
  831. <ul class="md-nav__list">
  832. <li class="md-nav__item">
  833. <a href="#controllers-pod-identity" class="md-nav__link">
  834. <span class="md-ellipsis">
  835. Controller's Pod Identity
  836. </span>
  837. </a>
  838. </li>
  839. <li class="md-nav__item">
  840. <a href="#access-key-id-secret-access-key" class="md-nav__link">
  841. <span class="md-ellipsis">
  842. Access Key ID &amp; Secret Access Key
  843. </span>
  844. </a>
  845. </li>
  846. <li class="md-nav__item">
  847. <a href="#eks-service-account-credentials" class="md-nav__link">
  848. <span class="md-ellipsis">
  849. EKS Service Account credentials
  850. </span>
  851. </a>
  852. </li>
  853. </ul>
  854. </nav>
  855. </li>
  856. <li class="md-nav__item">
  857. <a href="#eks-pod-identity-setup" class="md-nav__link">
  858. <span class="md-ellipsis">
  859. EKS Pod Identity Setup
  860. </span>
  861. </a>
  862. </li>
  863. <li class="md-nav__item">
  864. <a href="#custom-endpoints" class="md-nav__link">
  865. <span class="md-ellipsis">
  866. Custom Endpoints
  867. </span>
  868. </a>
  869. </li>
  870. </ul>
  871. </nav>
  872. </li>
  873. <li class="md-nav__item">
  874. <a href="../azure-key-vault/" class="md-nav__link">
  875. <span class="md-ellipsis">
  876. Azure Key Vault
  877. </span>
  878. </a>
  879. </li>
  880. <li class="md-nav__item">
  881. <a href="../beyondtrust/" class="md-nav__link">
  882. <span class="md-ellipsis">
  883. BeyondTrust
  884. </span>
  885. </a>
  886. </li>
  887. <li class="md-nav__item">
  888. <a href="../bitwarden-secrets-manager/" class="md-nav__link">
  889. <span class="md-ellipsis">
  890. Bitwarden Secrets Manager
  891. </span>
  892. </a>
  893. </li>
  894. <li class="md-nav__item">
  895. <a href="../chef/" class="md-nav__link">
  896. <span class="md-ellipsis">
  897. Chef
  898. </span>
  899. </a>
  900. </li>
  901. <li class="md-nav__item">
  902. <a href="../cloudru/" class="md-nav__link">
  903. <span class="md-ellipsis">
  904. Cloud.ru Secret Manager
  905. </span>
  906. </a>
  907. </li>
  908. <li class="md-nav__item">
  909. <a href="../conjur/" class="md-nav__link">
  910. <span class="md-ellipsis">
  911. CyberArk Conjur
  912. </span>
  913. </a>
  914. </li>
  915. <li class="md-nav__item">
  916. <a href="../device42/" class="md-nav__link">
  917. <span class="md-ellipsis">
  918. Device42
  919. </span>
  920. </a>
  921. </li>
  922. <li class="md-nav__item">
  923. <a href="../google-secrets-manager/" class="md-nav__link">
  924. <span class="md-ellipsis">
  925. Google Cloud Secret Manager
  926. </span>
  927. </a>
  928. </li>
  929. <li class="md-nav__item">
  930. <a href="../hashicorp-vault/" class="md-nav__link">
  931. <span class="md-ellipsis">
  932. HashiCorp Vault
  933. </span>
  934. </a>
  935. </li>
  936. <li class="md-nav__item">
  937. <a href="../kubernetes/" class="md-nav__link">
  938. <span class="md-ellipsis">
  939. Kubernetes
  940. </span>
  941. </a>
  942. </li>
  943. <li class="md-nav__item">
  944. <a href="../ibm-secrets-manager/" class="md-nav__link">
  945. <span class="md-ellipsis">
  946. IBM Secrets Manager
  947. </span>
  948. </a>
  949. </li>
  950. <li class="md-nav__item">
  951. <a href="../akeyless/" class="md-nav__link">
  952. <span class="md-ellipsis">
  953. Akeyless
  954. </span>
  955. </a>
  956. </li>
  957. <li class="md-nav__item">
  958. <a href="../yandex-certificate-manager/" class="md-nav__link">
  959. <span class="md-ellipsis">
  960. Yandex Certificate Manager
  961. </span>
  962. </a>
  963. </li>
  964. <li class="md-nav__item">
  965. <a href="../yandex-lockbox/" class="md-nav__link">
  966. <span class="md-ellipsis">
  967. Yandex Lockbox
  968. </span>
  969. </a>
  970. </li>
  971. <li class="md-nav__item">
  972. <a href="../alibaba/" class="md-nav__link">
  973. <span class="md-ellipsis">
  974. Alibaba Cloud
  975. </span>
  976. </a>
  977. </li>
  978. <li class="md-nav__item">
  979. <a href="../gitlab-variables/" class="md-nav__link">
  980. <span class="md-ellipsis">
  981. GitLab Variables
  982. </span>
  983. </a>
  984. </li>
  985. <li class="md-nav__item">
  986. <a href="../github/" class="md-nav__link">
  987. <span class="md-ellipsis">
  988. Github Actions Secrets
  989. </span>
  990. </a>
  991. </li>
  992. <li class="md-nav__item">
  993. <a href="../oracle-vault/" class="md-nav__link">
  994. <span class="md-ellipsis">
  995. Oracle Vault
  996. </span>
  997. </a>
  998. </li>
  999. <li class="md-nav__item">
  1000. <a href="../1password-automation/" class="md-nav__link">
  1001. <span class="md-ellipsis">
  1002. 1Password Connect Server
  1003. </span>
  1004. </a>
  1005. </li>
  1006. <li class="md-nav__item">
  1007. <a href="../1password-sdk/" class="md-nav__link">
  1008. <span class="md-ellipsis">
  1009. 1Password SDK
  1010. </span>
  1011. </a>
  1012. </li>
  1013. <li class="md-nav__item">
  1014. <a href="../webhook/" class="md-nav__link">
  1015. <span class="md-ellipsis">
  1016. Webhook
  1017. </span>
  1018. </a>
  1019. </li>
  1020. <li class="md-nav__item">
  1021. <a href="../fake/" class="md-nav__link">
  1022. <span class="md-ellipsis">
  1023. Fake
  1024. </span>
  1025. </a>
  1026. </li>
  1027. <li class="md-nav__item">
  1028. <a href="../senhasegura-dsm/" class="md-nav__link">
  1029. <span class="md-ellipsis">
  1030. senhasegura DevOps Secrets Management (DSM)
  1031. </span>
  1032. </a>
  1033. </li>
  1034. <li class="md-nav__item">
  1035. <a href="../doppler/" class="md-nav__link">
  1036. <span class="md-ellipsis">
  1037. Doppler
  1038. </span>
  1039. </a>
  1040. </li>
  1041. <li class="md-nav__item">
  1042. <a href="../keeper-security/" class="md-nav__link">
  1043. <span class="md-ellipsis">
  1044. Keeper Security
  1045. </span>
  1046. </a>
  1047. </li>
  1048. <li class="md-nav__item">
  1049. <a href="../cloak/" class="md-nav__link">
  1050. <span class="md-ellipsis">
  1051. Cloak End 2 End Encrypted Secrets
  1052. </span>
  1053. </a>
  1054. </li>
  1055. <li class="md-nav__item">
  1056. <a href="../scaleway/" class="md-nav__link">
  1057. <span class="md-ellipsis">
  1058. Scaleway
  1059. </span>
  1060. </a>
  1061. </li>
  1062. <li class="md-nav__item">
  1063. <a href="../delinea/" class="md-nav__link">
  1064. <span class="md-ellipsis">
  1065. Delinea
  1066. </span>
  1067. </a>
  1068. </li>
  1069. <li class="md-nav__item">
  1070. <a href="../secretserver/" class="md-nav__link">
  1071. <span class="md-ellipsis">
  1072. Secret Server
  1073. </span>
  1074. </a>
  1075. </li>
  1076. <li class="md-nav__item">
  1077. <a href="../passbolt/" class="md-nav__link">
  1078. <span class="md-ellipsis">
  1079. Passbolt
  1080. </span>
  1081. </a>
  1082. </li>
  1083. <li class="md-nav__item">
  1084. <a href="../pulumi/" class="md-nav__link">
  1085. <span class="md-ellipsis">
  1086. Pulumi ESC
  1087. </span>
  1088. </a>
  1089. </li>
  1090. <li class="md-nav__item">
  1091. <a href="../onboardbase/" class="md-nav__link">
  1092. <span class="md-ellipsis">
  1093. Onboardbase
  1094. </span>
  1095. </a>
  1096. </li>
  1097. <li class="md-nav__item">
  1098. <a href="../../provider-passworddepot/" class="md-nav__link">
  1099. <span class="md-ellipsis">
  1100. Password Depot
  1101. </span>
  1102. </a>
  1103. </li>
  1104. <li class="md-nav__item">
  1105. <a href="../fortanix/" class="md-nav__link">
  1106. <span class="md-ellipsis">
  1107. Fortanix
  1108. </span>
  1109. </a>
  1110. </li>
  1111. <li class="md-nav__item">
  1112. <a href="../infisical/" class="md-nav__link">
  1113. <span class="md-ellipsis">
  1114. Infisical
  1115. </span>
  1116. </a>
  1117. </li>
  1118. <li class="md-nav__item">
  1119. <a href="../previder/" class="md-nav__link">
  1120. <span class="md-ellipsis">
  1121. Previder
  1122. </span>
  1123. </a>
  1124. </li>
  1125. <li class="md-nav__item">
  1126. <a href="../openbao/" class="md-nav__link">
  1127. <span class="md-ellipsis">
  1128. OpenBao
  1129. </span>
  1130. </a>
  1131. </li>
  1132. </ul>
  1133. </nav>
  1134. </li>
  1135. <li class="md-nav__item md-nav__item--nested">
  1136. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_5" >
  1137. <label class="md-nav__link" for="__nav_5" id="__nav_5_label" tabindex="0">
  1138. <span class="md-ellipsis">
  1139. Examples
  1140. </span>
  1141. <span class="md-nav__icon md-icon"></span>
  1142. </label>
  1143. <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_5_label" aria-expanded="false">
  1144. <label class="md-nav__title" for="__nav_5">
  1145. <span class="md-nav__icon md-icon"></span>
  1146. Examples
  1147. </label>
  1148. <ul class="md-nav__list" data-md-scrollfix>
  1149. <li class="md-nav__item">
  1150. <a href="../../examples/gitops-using-fluxcd/" class="md-nav__link">
  1151. <span class="md-ellipsis">
  1152. FluxCD
  1153. </span>
  1154. </a>
  1155. </li>
  1156. <li class="md-nav__item">
  1157. <a href="../../examples/anchore-engine-credentials/" class="md-nav__link">
  1158. <span class="md-ellipsis">
  1159. Anchore Engine
  1160. </span>
  1161. </a>
  1162. </li>
  1163. <li class="md-nav__item">
  1164. <a href="../../examples/jenkins-kubernetes-credentials/" class="md-nav__link">
  1165. <span class="md-ellipsis">
  1166. Jenkins
  1167. </span>
  1168. </a>
  1169. </li>
  1170. <li class="md-nav__item">
  1171. <a href="../../examples/bitwarden/" class="md-nav__link">
  1172. <span class="md-ellipsis">
  1173. Bitwarden
  1174. </span>
  1175. </a>
  1176. </li>
  1177. </ul>
  1178. </nav>
  1179. </li>
  1180. <li class="md-nav__item md-nav__item--nested">
  1181. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_6" >
  1182. <label class="md-nav__link" for="__nav_6" id="__nav_6_label" tabindex="0">
  1183. <span class="md-ellipsis">
  1184. Community
  1185. </span>
  1186. <span class="md-nav__icon md-icon"></span>
  1187. </label>
  1188. <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_6_label" aria-expanded="false">
  1189. <label class="md-nav__title" for="__nav_6">
  1190. <span class="md-nav__icon md-icon"></span>
  1191. Community
  1192. </label>
  1193. <ul class="md-nav__list" data-md-scrollfix>
  1194. <li class="md-nav__item md-nav__item--nested">
  1195. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_6_1" >
  1196. <label class="md-nav__link" for="__nav_6_1" id="__nav_6_1_label" tabindex="0">
  1197. <span class="md-ellipsis">
  1198. Contributing
  1199. </span>
  1200. <span class="md-nav__icon md-icon"></span>
  1201. </label>
  1202. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_6_1_label" aria-expanded="false">
  1203. <label class="md-nav__title" for="__nav_6_1">
  1204. <span class="md-nav__icon md-icon"></span>
  1205. Contributing
  1206. </label>
  1207. <ul class="md-nav__list" data-md-scrollfix>
  1208. <li class="md-nav__item">
  1209. <a href="../../contributing/devguide/" class="md-nav__link">
  1210. <span class="md-ellipsis">
  1211. Developer guide
  1212. </span>
  1213. </a>
  1214. </li>
  1215. <li class="md-nav__item">
  1216. <a href="../../contributing/process/" class="md-nav__link">
  1217. <span class="md-ellipsis">
  1218. Contributing Process
  1219. </span>
  1220. </a>
  1221. </li>
  1222. <li class="md-nav__item">
  1223. <a href="../../contributing/release/" class="md-nav__link">
  1224. <span class="md-ellipsis">
  1225. Release Process
  1226. </span>
  1227. </a>
  1228. </li>
  1229. <li class="md-nav__item">
  1230. <a href="../../contributing/coc/" class="md-nav__link">
  1231. <span class="md-ellipsis">
  1232. Code of Conduct
  1233. </span>
  1234. </a>
  1235. </li>
  1236. <li class="md-nav__item">
  1237. <a href="../../contributing/calendar/" class="md-nav__link">
  1238. <span class="md-ellipsis">
  1239. Community meetings calendar
  1240. </span>
  1241. </a>
  1242. </li>
  1243. <li class="md-nav__item">
  1244. <a href="../../contributing/roadmap/" class="md-nav__link">
  1245. <span class="md-ellipsis">
  1246. Roadmap
  1247. </span>
  1248. </a>
  1249. </li>
  1250. </ul>
  1251. </nav>
  1252. </li>
  1253. <li class="md-nav__item md-nav__item--nested">
  1254. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_6_2" >
  1255. <label class="md-nav__link" for="__nav_6_2" id="__nav_6_2_label" tabindex="0">
  1256. <span class="md-ellipsis">
  1257. External Resources
  1258. </span>
  1259. <span class="md-nav__icon md-icon"></span>
  1260. </label>
  1261. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_6_2_label" aria-expanded="false">
  1262. <label class="md-nav__title" for="__nav_6_2">
  1263. <span class="md-nav__icon md-icon"></span>
  1264. External Resources
  1265. </label>
  1266. <ul class="md-nav__list" data-md-scrollfix>
  1267. <li class="md-nav__item">
  1268. <a href="../../eso-talks/" class="md-nav__link">
  1269. <span class="md-ellipsis">
  1270. Talks
  1271. </span>
  1272. </a>
  1273. </li>
  1274. <li class="md-nav__item">
  1275. <a href="../../eso-demos/" class="md-nav__link">
  1276. <span class="md-ellipsis">
  1277. Demos
  1278. </span>
  1279. </a>
  1280. </li>
  1281. <li class="md-nav__item">
  1282. <a href="../../eso-blogs/" class="md-nav__link">
  1283. <span class="md-ellipsis">
  1284. Blogs
  1285. </span>
  1286. </a>
  1287. </li>
  1288. <li class="md-nav__item">
  1289. <a href="../../eso-tools/" class="md-nav__link">
  1290. <span class="md-ellipsis">
  1291. Tools
  1292. </span>
  1293. </a>
  1294. </li>
  1295. </ul>
  1296. </nav>
  1297. </li>
  1298. </ul>
  1299. </nav>
  1300. </li>
  1301. </ul>
  1302. </nav>
  1303. </div>
  1304. </div>
  1305. </div>
  1306. <div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
  1307. <div class="md-sidebar__scrollwrap">
  1308. <div class="md-sidebar__inner">
  1309. <nav class="md-nav md-nav--secondary" aria-label="Table of contents">
  1310. <label class="md-nav__title" for="__toc">
  1311. <span class="md-nav__icon md-icon"></span>
  1312. Table of contents
  1313. </label>
  1314. <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
  1315. <li class="md-nav__item">
  1316. <a href="#parameter-store" class="md-nav__link">
  1317. <span class="md-ellipsis">
  1318. Parameter Store
  1319. </span>
  1320. </a>
  1321. <nav class="md-nav" aria-label="Parameter Store">
  1322. <ul class="md-nav__list">
  1323. <li class="md-nav__item">
  1324. <a href="#iam-policy" class="md-nav__link">
  1325. <span class="md-ellipsis">
  1326. IAM Policy
  1327. </span>
  1328. </a>
  1329. <nav class="md-nav" aria-label="IAM Policy">
  1330. <ul class="md-nav__list">
  1331. <li class="md-nav__item">
  1332. <a href="#fetching-parameters" class="md-nav__link">
  1333. <span class="md-ellipsis">
  1334. Fetching Parameters
  1335. </span>
  1336. </a>
  1337. </li>
  1338. <li class="md-nav__item">
  1339. <a href="#pushing-parameters" class="md-nav__link">
  1340. <span class="md-ellipsis">
  1341. Pushing Parameters
  1342. </span>
  1343. </a>
  1344. </li>
  1345. </ul>
  1346. </nav>
  1347. </li>
  1348. <li class="md-nav__item">
  1349. <a href="#json-secret-values" class="md-nav__link">
  1350. <span class="md-ellipsis">
  1351. JSON Secret Values
  1352. </span>
  1353. </a>
  1354. </li>
  1355. <li class="md-nav__item">
  1356. <a href="#parameter-versions" class="md-nav__link">
  1357. <span class="md-ellipsis">
  1358. Parameter Versions
  1359. </span>
  1360. </a>
  1361. </li>
  1362. </ul>
  1363. </nav>
  1364. </li>
  1365. <li class="md-nav__item">
  1366. <a href="#setsecret" class="md-nav__link">
  1367. <span class="md-ellipsis">
  1368. SetSecret
  1369. </span>
  1370. </a>
  1371. <nav class="md-nav" aria-label="SetSecret">
  1372. <ul class="md-nav__list">
  1373. <li class="md-nav__item">
  1374. <a href="#creating-a-push-secret" class="md-nav__link">
  1375. <span class="md-ellipsis">
  1376. Creating a Push Secret
  1377. </span>
  1378. </a>
  1379. <nav class="md-nav" aria-label="Creating a Push Secret">
  1380. <ul class="md-nav__list">
  1381. <li class="md-nav__item">
  1382. <a href="#additional-metadata-for-pushsecret" class="md-nav__link">
  1383. <span class="md-ellipsis">
  1384. Additional Metadata for PushSecret
  1385. </span>
  1386. </a>
  1387. </li>
  1388. <li class="md-nav__item">
  1389. <a href="#check-successful-secret-sync" class="md-nav__link">
  1390. <span class="md-ellipsis">
  1391. Check successful secret sync
  1392. </span>
  1393. </a>
  1394. </li>
  1395. <li class="md-nav__item">
  1396. <a href="#test-new-secret-using-aws-cli" class="md-nav__link">
  1397. <span class="md-ellipsis">
  1398. Test new secret using AWS CLI
  1399. </span>
  1400. </a>
  1401. </li>
  1402. </ul>
  1403. </nav>
  1404. </li>
  1405. </ul>
  1406. </nav>
  1407. </li>
  1408. <li class="md-nav__item">
  1409. <a href="#aws-authentication" class="md-nav__link">
  1410. <span class="md-ellipsis">
  1411. AWS Authentication
  1412. </span>
  1413. </a>
  1414. <nav class="md-nav" aria-label="AWS Authentication">
  1415. <ul class="md-nav__list">
  1416. <li class="md-nav__item">
  1417. <a href="#controllers-pod-identity" class="md-nav__link">
  1418. <span class="md-ellipsis">
  1419. Controller's Pod Identity
  1420. </span>
  1421. </a>
  1422. </li>
  1423. <li class="md-nav__item">
  1424. <a href="#access-key-id-secret-access-key" class="md-nav__link">
  1425. <span class="md-ellipsis">
  1426. Access Key ID &amp; Secret Access Key
  1427. </span>
  1428. </a>
  1429. </li>
  1430. <li class="md-nav__item">
  1431. <a href="#eks-service-account-credentials" class="md-nav__link">
  1432. <span class="md-ellipsis">
  1433. EKS Service Account credentials
  1434. </span>
  1435. </a>
  1436. </li>
  1437. </ul>
  1438. </nav>
  1439. </li>
  1440. <li class="md-nav__item">
  1441. <a href="#eks-pod-identity-setup" class="md-nav__link">
  1442. <span class="md-ellipsis">
  1443. EKS Pod Identity Setup
  1444. </span>
  1445. </a>
  1446. </li>
  1447. <li class="md-nav__item">
  1448. <a href="#custom-endpoints" class="md-nav__link">
  1449. <span class="md-ellipsis">
  1450. Custom Endpoints
  1451. </span>
  1452. </a>
  1453. </li>
  1454. </ul>
  1455. </nav>
  1456. </div>
  1457. </div>
  1458. </div>
  1459. <div class="md-content" data-md-component="content">
  1460. <article class="md-content__inner md-typeset">
  1461. <h1>AWS Parameter Store</h1>
  1462. <p><img alt="aws sm" src="../../pictures/diagrams-provider-aws-ssm-parameter-store.png" /></p>
  1463. <h2 id="parameter-store">Parameter Store</h2>
  1464. <p>A <code>ParameterStore</code> points to AWS SSM Parameter Store in a certain account within a
  1465. defined region. You should define Roles that define fine-grained access to
  1466. individual secrets and pass them to ESO using <code>spec.provider.aws.role</code>. This
  1467. way users of the <code>SecretStore</code> can only access the secrets necessary.</p>
  1468. <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1</span>
  1469. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
  1470. <span class="nt">metadata</span><span class="p">:</span>
  1471. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">parameterstore</span>
  1472. <span class="nt">spec</span><span class="p">:</span>
  1473. <span class="w"> </span><span class="nt">provider</span><span class="p">:</span>
  1474. <span class="w"> </span><span class="nt">aws</span><span class="p">:</span>
  1475. <span class="w"> </span><span class="nt">service</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ParameterStore</span>
  1476. <span class="w"> </span><span class="c1"># define a specific role to limit access</span>
  1477. <span class="w"> </span><span class="c1"># to certain secrets</span>
  1478. <span class="w"> </span><span class="nt">role</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">arn:aws:iam::123456789012:role/external-secrets</span>
  1479. <span class="w"> </span><span class="nt">region</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">eu-central-1</span>
  1480. <span class="w"> </span><span class="nt">auth</span><span class="p">:</span>
  1481. <span class="w"> </span><span class="nt">secretRef</span><span class="p">:</span>
  1482. <span class="w"> </span><span class="nt">accessKeyIDSecretRef</span><span class="p">:</span>
  1483. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">awssm-secret</span>
  1484. <span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">access-key</span>
  1485. <span class="w"> </span><span class="nt">secretAccessKeySecretRef</span><span class="p">:</span>
  1486. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">awssm-secret</span>
  1487. <span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret-access-key</span>
  1488. </code></pre></div>
  1489. <p><strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> in <code>accessKeyIDSecretRef</code> and <code>secretAccessKeySecretRef</code> with the namespaces where the secrets reside.</p>
  1490. <div class="admonition warning">
  1491. <p class="admonition-title">API Pricing &amp; Throttling</p>
  1492. <p>The SSM Parameter Store API is charged by throughput and
  1493. is available in different tiers, <a href="https://aws.amazon.com/systems-manager/pricing/#Parameter_Store">see pricing</a>.
  1494. Please estimate your costs before using ESO. Cost depends on the RefreshInterval of your ExternalSecrets.</p>
  1495. </div>
  1496. <h3 id="iam-policy">IAM Policy</h3>
  1497. <h4 id="fetching-parameters">Fetching Parameters</h4>
  1498. <p>The example policy below shows the minimum required permissions for fetching SSM parameters. This policy permits pinning down access to secrets with a path matching <code>dev-*</code>. Other operations may require additional permission. For example, finding parameters based on tags will also require <code>ssm:DescribeParameters</code> and <code>tag:GetResources</code> permission with <code>"Resource": "*"</code>. Generally, the specific permission required will be logged as an error if an operation fails.</p>
  1499. <p>For further information see <a href="https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-paramstore-access.html">AWS Documentation</a>.</p>
  1500. <div class="highlight"><pre><span></span><code><span class="p">{</span>
  1501. <span class="w"> </span><span class="nt">&quot;Version&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;2012-10-17&quot;</span><span class="p">,</span>
  1502. <span class="w"> </span><span class="nt">&quot;Statement&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span>
  1503. <span class="w"> </span><span class="p">{</span>
  1504. <span class="w"> </span><span class="nt">&quot;Effect&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;Allow&quot;</span><span class="p">,</span>
  1505. <span class="w"> </span><span class="nt">&quot;Action&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span>
  1506. <span class="w"> </span><span class="s2">&quot;ssm:GetParameter*&quot;</span><span class="p">,</span>
  1507. <span class="w"> </span><span class="p">],</span>
  1508. <span class="w"> </span><span class="nt">&quot;Resource&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;arn:aws:ssm:us-east-2:1234567889911:parameter/dev-*&quot;</span>
  1509. <span class="w"> </span><span class="p">}</span>
  1510. <span class="w"> </span><span class="p">]</span>
  1511. <span class="p">}</span>
  1512. </code></pre></div>
  1513. <h4 id="pushing-parameters">Pushing Parameters</h4>
  1514. <p>The example policy below shows the minimum required permissions for pushing SSM parameters. Like with the fetching policy it restricts the path in which it can push secrets too.</p>
  1515. <div class="highlight"><pre><span></span><code><span class="p">{</span>
  1516. <span class="w"> </span><span class="nt">&quot;Action&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span>
  1517. <span class="w"> </span><span class="s2">&quot;ssm:GetParameter*&quot;</span><span class="p">,</span>
  1518. <span class="w"> </span><span class="s2">&quot;ssm:PutParameter*&quot;</span><span class="p">,</span>
  1519. <span class="w"> </span><span class="s2">&quot;ssm:AddTagsToResource&quot;</span><span class="p">,</span>
  1520. <span class="w"> </span><span class="s2">&quot;ssm:ListTagsForResource&quot;</span>
  1521. <span class="w"> </span><span class="p">],</span>
  1522. <span class="w"> </span><span class="nt">&quot;Effect&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;Allow&quot;</span><span class="p">,</span>
  1523. <span class="w"> </span><span class="nt">&quot;Resource&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;arn:aws:ssm:us-east-2:1234567889911:parameter/dev-*&quot;</span>
  1524. <span class="p">}</span>
  1525. </code></pre></div>
  1526. <h3 id="json-secret-values">JSON Secret Values</h3>
  1527. <p>You can store JSON objects in a parameter. You can access nested values or arrays using <a href="https://github.com/tidwall/gjson/blob/master/SYNTAX.md">gjson syntax</a>:</p>
  1528. <p>Consider the following JSON object that is stored in the Parameter Store key <code>friendslist</code>:</p>
  1529. <div class="highlight"><pre><span></span><code><span class="p">{</span>
  1530. <span class="w"> </span><span class="nt">&quot;name&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="nt">&quot;first&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;Tom&quot;</span><span class="p">,</span><span class="w"> </span><span class="nt">&quot;last&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;Anderson&quot;</span><span class="p">},</span>
  1531. <span class="w"> </span><span class="nt">&quot;friends&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span>
  1532. <span class="w"> </span><span class="p">{</span><span class="nt">&quot;first&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;Dale&quot;</span><span class="p">,</span><span class="w"> </span><span class="nt">&quot;last&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;Murphy&quot;</span><span class="p">},</span>
  1533. <span class="w"> </span><span class="p">{</span><span class="nt">&quot;first&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;Roger&quot;</span><span class="p">,</span><span class="w"> </span><span class="nt">&quot;last&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;Craig&quot;</span><span class="p">},</span>
  1534. <span class="w"> </span><span class="p">{</span><span class="nt">&quot;first&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;Jane&quot;</span><span class="p">,</span><span class="w"> </span><span class="nt">&quot;last&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;Murphy&quot;</span><span class="p">}</span>
  1535. <span class="w"> </span><span class="p">]</span>
  1536. <span class="p">}</span>
  1537. </code></pre></div>
  1538. <p>This is an example on how you would look up nested keys in the above json object:</p>
  1539. <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1</span>
  1540. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
  1541. <span class="nt">metadata</span><span class="p">:</span>
  1542. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">extract-data</span>
  1543. <span class="nt">spec</span><span class="p">:</span>
  1544. <span class="w"> </span><span class="c1"># [omitted for brevity]</span>
  1545. <span class="w"> </span><span class="nt">data</span><span class="p">:</span>
  1546. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my_name</span>
  1547. <span class="w"> </span><span class="nt">remoteRef</span><span class="p">:</span>
  1548. <span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">friendslist</span>
  1549. <span class="w"> </span><span class="nt">property</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">name.first</span><span class="w"> </span><span class="c1"># Tom</span>
  1550. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">first_friend</span>
  1551. <span class="w"> </span><span class="nt">remoteRef</span><span class="p">:</span>
  1552. <span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">friendslist</span>
  1553. <span class="w"> </span><span class="nt">property</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">friends.1.first</span><span class="w"> </span><span class="c1"># Roger</span>
  1554. <span class="w"> </span><span class="c1"># metadataPolicy to fetch all the tags in JSON format</span>
  1555. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">tags</span>
  1556. <span class="w"> </span><span class="nt">remoteRef</span><span class="p">:</span>
  1557. <span class="w"> </span><span class="nt">metadataPolicy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Fetch</span>
  1558. <span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database-credentials</span>
  1559. <span class="w"> </span><span class="c1"># metadataPolicy to fetch a specific tag (dev) from the source secret</span>
  1560. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">developer</span>
  1561. <span class="w"> </span><span class="nt">remoteRef</span><span class="p">:</span>
  1562. <span class="w"> </span><span class="nt">metadataPolicy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Fetch</span>
  1563. <span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database-credentials</span>
  1564. <span class="w"> </span><span class="nt">property</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">dev</span>
  1565. </code></pre></div>
  1566. <h3 id="parameter-versions">Parameter Versions</h3>
  1567. <p>ParameterStore creates a new version of a parameter every time it is updated with a new value. The parameter can be referenced via the <code>version</code> property</p>
  1568. <h2 id="setsecret">SetSecret</h2>
  1569. <p>The SetSecret method for the Parameter Store allows the user to set the value stored within the Kubernetes cluster to the remote AWS Parameter Store.</p>
  1570. <h3 id="creating-a-push-secret">Creating a Push Secret</h3>
  1571. <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
  1572. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">PushSecret</span>
  1573. <span class="nt">metadata</span><span class="p">:</span>
  1574. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">pushsecret-example</span><span class="w"> </span><span class="c1"># Customisable</span>
  1575. <span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">default</span><span class="w"> </span><span class="c1"># Same of the SecretStores</span>
  1576. <span class="nt">spec</span><span class="p">:</span>
  1577. <span class="w"> </span><span class="nt">updatePolicy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Replace</span><span class="w"> </span><span class="c1"># Policy to overwrite existing secrets in the provider on sync</span>
  1578. <span class="w"> </span><span class="nt">deletionPolicy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Delete</span><span class="w"> </span><span class="c1"># the provider&#39; secret will be deleted if the PushSecret is deleted</span>
  1579. <span class="w"> </span><span class="nt">refreshInterval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1h</span><span class="w"> </span><span class="c1"># Refresh interval for which push secret will reconcile</span>
  1580. <span class="w"> </span><span class="nt">secretStoreRefs</span><span class="p">:</span><span class="w"> </span><span class="c1"># A list of secret stores to push secrets to</span>
  1581. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">aws-parameterstore</span>
  1582. <span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
  1583. <span class="w"> </span><span class="nt">selector</span><span class="p">:</span>
  1584. <span class="w"> </span><span class="nt">secret</span><span class="p">:</span>
  1585. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">pokedex-credentials</span><span class="w"> </span><span class="c1"># Source Kubernetes secret to be pushed</span>
  1586. <span class="w"> </span><span class="c1"># Alternatively, you can point to a generator that produces values to be pushed</span>
  1587. <span class="w"> </span><span class="nt">generatorRef</span><span class="p">:</span>
  1588. <span class="w"> </span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">generators.external-secrets.io/v1alpha1</span>
  1589. <span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ECRAuthorizationToken</span>
  1590. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">prod-registry-credentials</span>
  1591. <span class="w"> </span><span class="nt">template</span><span class="p">:</span>
  1592. <span class="w"> </span><span class="nt">metadata</span><span class="p">:</span>
  1593. <span class="w"> </span><span class="nt">annotations</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">{</span><span class="w"> </span><span class="p p-Indicator">}</span>
  1594. <span class="w"> </span><span class="nt">labels</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">{</span><span class="w"> </span><span class="p p-Indicator">}</span>
  1595. <span class="w"> </span><span class="nt">data</span><span class="p">:</span>
  1596. <span class="w"> </span><span class="nt">best-pokemon</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;{{</span><span class="nv"> </span><span class="s">.best-pokemon</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">toString</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">upper</span><span class="nv"> </span><span class="s">}}</span><span class="nv"> </span><span class="s">is</span><span class="nv"> </span><span class="s">the</span><span class="nv"> </span><span class="s">really</span><span class="nv"> </span><span class="s">best!&quot;</span>
  1597. <span class="w"> </span><span class="c1"># Uses an existing template from configmap</span>
  1598. <span class="w"> </span><span class="c1"># Secret is fetched, merged and templated within the referenced configMap data</span>
  1599. <span class="w"> </span><span class="c1"># It does not update the configmap, it creates a secret with: data[&quot;alertmanager.yml&quot;] = ...result...</span>
  1600. <span class="w"> </span><span class="nt">templateFrom</span><span class="p">:</span>
  1601. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">configMap</span><span class="p">:</span>
  1602. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">application-config-tmpl</span>
  1603. <span class="w"> </span><span class="nt">items</span><span class="p">:</span>
  1604. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">config.yml</span>
  1605. <span class="w"> </span><span class="nt">data</span><span class="p">:</span>
  1606. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">conversionStrategy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">None</span><span class="w"> </span><span class="c1"># Also supports the ReverseUnicode strategy</span>
  1607. <span class="w"> </span><span class="nt">match</span><span class="p">:</span>
  1608. <span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">best-pokemon</span><span class="w"> </span><span class="c1"># Source Kubernetes secret key to be pushed</span>
  1609. <span class="w"> </span><span class="nt">remoteRef</span><span class="p">:</span>
  1610. <span class="w"> </span><span class="nt">remoteKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-first-parameter</span><span class="w"> </span><span class="c1"># Remote reference (where the secret is going to be pushed)</span>
  1611. </code></pre></div>
  1612. <h4 id="additional-metadata-for-pushsecret">Additional Metadata for PushSecret</h4>
  1613. <p>Optionally, it is possible to configure additional options for the parameter. These are as follows:
  1614. - type
  1615. - keyID
  1616. - tier &amp; policies
  1617. - encodeAsDecoded</p>
  1618. <p>To control this behaviour you can set the following provider's <code>metadata</code>:</p>
  1619. <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1alpha1</span>
  1620. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">PushSecret</span>
  1621. <span class="nt">metadata</span><span class="p">:</span>
  1622. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">pushsecret-example</span><span class="w"> </span><span class="c1"># Customisable</span>
  1623. <span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">default</span><span class="w"> </span><span class="c1"># Same of the SecretStores</span>
  1624. <span class="nt">spec</span><span class="p">:</span>
  1625. <span class="w"> </span><span class="nt">deletionPolicy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Delete</span><span class="w"> </span><span class="c1"># the provider&#39; secret will be deleted if the PushSecret is deleted</span>
  1626. <span class="w"> </span><span class="nt">refreshInterval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1h</span><span class="w"> </span><span class="c1"># Refresh interval for which push secret will reconcile</span>
  1627. <span class="w"> </span><span class="nt">secretStoreRefs</span><span class="p">:</span><span class="w"> </span><span class="c1"># A list of secret stores to push secrets to</span>
  1628. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">aws-parameterstore</span>
  1629. <span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
  1630. <span class="w"> </span><span class="nt">selector</span><span class="p">:</span>
  1631. <span class="w"> </span><span class="nt">secret</span><span class="p">:</span>
  1632. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">pokedex-credentials</span><span class="w"> </span><span class="c1"># Source Kubernetes secret to be pushed</span>
  1633. <span class="w"> </span><span class="nt">data</span><span class="p">:</span>
  1634. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">match</span><span class="p">:</span>
  1635. <span class="w"> </span><span class="nt">remoteRef</span><span class="p">:</span>
  1636. <span class="w"> </span><span class="nt">remoteKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-first-parameter</span><span class="w"> </span><span class="c1"># Remote reference (where the secret is going to be pushed)</span>
  1637. <span class="w"> </span><span class="nt">metadata</span><span class="p">:</span>
  1638. <span class="w"> </span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">kubernetes.external-secrets.io/v1alpha1</span>
  1639. <span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">PushSecretMetadata</span>
  1640. <span class="w"> </span><span class="nt">spec</span><span class="p">:</span>
  1641. <span class="w"> </span><span class="nt">secretType</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecureString</span>
  1642. <span class="w"> </span><span class="nt">kmsKeyID</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">bb123123-b2b0-4f60-ac3a-44a13f0e6b6c</span>
  1643. <span class="w"> </span><span class="nt">tier</span><span class="p">:</span>
  1644. <span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Advanced</span><span class="w"> </span><span class="c1"># default is Standard</span>
  1645. <span class="w"> </span><span class="nt">policies</span><span class="p">:</span>
  1646. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;Expiration&quot;</span>
  1647. <span class="w"> </span><span class="nt">version</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;1.0&quot;</span>
  1648. <span class="w"> </span><span class="nt">attributes</span><span class="p">:</span>
  1649. <span class="w"> </span><span class="nt">timestamp</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;2024-12-02T21:34:33.000Z&quot;</span>
  1650. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;ExpirationNotification&quot;</span>
  1651. <span class="w"> </span><span class="nt">version</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;1.0&quot;</span>
  1652. <span class="w"> </span><span class="nt">attributes</span><span class="p">:</span>
  1653. <span class="w"> </span><span class="nt">before</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;2&quot;</span>
  1654. <span class="w"> </span><span class="nt">unit</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;Days&quot;</span>
  1655. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;ExpirationNotification&quot;</span>
  1656. <span class="w"> </span><span class="nt">version</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;1.0&quot;</span>
  1657. <span class="w"> </span><span class="nt">attributes</span><span class="p">:</span>
  1658. <span class="w"> </span><span class="nt">before</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;30&quot;</span>
  1659. <span class="w"> </span><span class="nt">unit</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;Days&quot;</span>
  1660. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;NoChangeNotification&quot;</span>
  1661. <span class="w"> </span><span class="nt">version</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;1.0&quot;</span>
  1662. <span class="w"> </span><span class="nt">attributes</span><span class="p">:</span>
  1663. <span class="w"> </span><span class="nt">after</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;30&quot;</span>
  1664. <span class="w"> </span><span class="nt">unit</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;Days&quot;</span>
  1665. </code></pre></div>
  1666. <ul>
  1667. <li><code>secretType</code> takes three options. <code>String</code>, <code>StringList</code>, and <code>SecureString</code>, where <code>String</code> is the <em>default</em></li>
  1668. <li><code>kmsKeyID</code> takes a KMS Key <code>$ID</code> or <code>$ARN</code> (in case a key source is created in another account) as a string, where <code>alias/aws/ssm</code> is the <em>default</em>. This property is only used if <code>secretType</code> is set as <code>SecureString</code>.</li>
  1669. <li>tier &amp; policies contains advanced policy configs such as <code>ExpirationNotification</code>.</li>
  1670. <li>encodeAsDecoded if set to true will get the secrets and push them as plain values when pushing the entire secret (instead of encoding them)
  1671. instead of base64 encoding the []byte values from the secret.</li>
  1672. </ul>
  1673. <h4 id="check-successful-secret-sync">Check successful secret sync</h4>
  1674. <p>To be able to check that the secret has been successfully synced you can run the following command:</p>
  1675. <div class="highlight"><pre><span></span><code>kubectl<span class="w"> </span>get<span class="w"> </span>pushsecret<span class="w"> </span>pushsecret-example
  1676. </code></pre></div>
  1677. <p>If the secret has synced successfully it will show the status as "Synced".</p>
  1678. <h4 id="test-new-secret-using-aws-cli">Test new secret using AWS CLI</h4>
  1679. <p>To View your parameter on AWS Parameter Store using the AWS CLI, install and login to the AWS CLI using the following guide: <a href="https://aws.amazon.com/cli/">AWS CLI</a>.</p>
  1680. <p>Run the following commands to get your synchronized parameter from AWS Parameter Store:</p>
  1681. <div class="highlight"><pre><span></span><code>aws<span class="w"> </span>ssm<span class="w"> </span>get-parameter<span class="w"> </span>--name<span class="o">=</span>my-first-parameter<span class="w"> </span>--region<span class="o">=</span>us-east-1
  1682. </code></pre></div>
  1683. <p>You should see something similar to the following output:</p>
  1684. <div class="highlight"><pre><span></span><code><span class="p">{</span>
  1685. <span class="w"> </span><span class="nt">&quot;Parameter&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">{</span>
  1686. <span class="w"> </span><span class="nt">&quot;Name&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;my-first-parameter&quot;</span><span class="p">,</span>
  1687. <span class="w"> </span><span class="nt">&quot;Type&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;String&quot;</span><span class="p">,</span>
  1688. <span class="w"> </span><span class="nt">&quot;Value&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;charmander&quot;</span><span class="p">,</span>
  1689. <span class="w"> </span><span class="nt">&quot;Version&quot;</span><span class="p">:</span><span class="w"> </span><span class="mi">4</span><span class="p">,</span>
  1690. <span class="w"> </span><span class="nt">&quot;LastModifiedDate&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;2022-09-15T13:04:31.098000-03:00&quot;</span><span class="p">,</span>
  1691. <span class="w"> </span><span class="nt">&quot;ARN&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;arn:aws:ssm:us-east-1:1234567890123:parameter/my-first-parameter&quot;</span><span class="p">,</span>
  1692. <span class="w"> </span><span class="nt">&quot;DataType&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;text&quot;</span>
  1693. <span class="w"> </span><span class="p">}</span>
  1694. <span class="p">}</span>
  1695. </code></pre></div>
  1696. <h2 id="aws-authentication">AWS Authentication</h2>
  1697. <h3 id="controllers-pod-identity">Controller's Pod Identity</h3>
  1698. <p><img alt="Pod Identity Authentication" src="../../pictures/diagrams-provider-aws-auth-pod-identity.png" /></p>
  1699. <p>Note: If you are using Parameter Store replace <code>service: SecretsManager</code> with <code>service: ParameterStore</code> in all examples below.</p>
  1700. <p>This is basically a zero-configuration authentication method that inherits the credentials from the runtime environment using the <a href="https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html#credentials-default">aws sdk default credential chain</a>.</p>
  1701. <p>You can attach a role to the pod using <a href="https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html">IRSA</a>, <a href="https://github.com/uswitch/kiam">kiam</a> or <a href="https://github.com/jtblin/kube2iam">kube2iam</a>. When no other authentication method is configured in the <code>Kind=Secretstore</code> this role is used to make all API calls against AWS Secrets Manager or SSM Parameter Store.</p>
  1702. <p>Based on the Pod's identity you can do a <code>sts:assumeRole</code> before fetching the secrets to limit access to certain keys in your provider. This is optional.</p>
  1703. <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1</span>
  1704. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
  1705. <span class="nt">metadata</span><span class="p">:</span>
  1706. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">team-b-store</span>
  1707. <span class="nt">spec</span><span class="p">:</span>
  1708. <span class="w"> </span><span class="nt">provider</span><span class="p">:</span>
  1709. <span class="w"> </span><span class="nt">aws</span><span class="p">:</span>
  1710. <span class="w"> </span><span class="nt">service</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretsManager</span>
  1711. <span class="w"> </span><span class="nt">region</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">eu-central-1</span>
  1712. <span class="w"> </span><span class="c1"># optional: do a sts:assumeRole before fetching secrets</span>
  1713. <span class="w"> </span><span class="nt">role</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">team-b</span>
  1714. </code></pre></div>
  1715. <h3 id="access-key-id-secret-access-key">Access Key ID &amp; Secret Access Key</h3>
  1716. <p><img alt="SecretRef" src="../../pictures/diagrams-provider-aws-auth-secret-ref.png" /></p>
  1717. <p>You can store Access Key ID &amp; Secret Access Key in a <code>Kind=Secret</code> and reference it from a SecretStore.</p>
  1718. <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1</span>
  1719. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
  1720. <span class="nt">metadata</span><span class="p">:</span>
  1721. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">team-b-store</span>
  1722. <span class="nt">spec</span><span class="p">:</span>
  1723. <span class="w"> </span><span class="nt">provider</span><span class="p">:</span>
  1724. <span class="w"> </span><span class="nt">aws</span><span class="p">:</span>
  1725. <span class="w"> </span><span class="nt">service</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretsManager</span>
  1726. <span class="w"> </span><span class="nt">region</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">eu-central-1</span>
  1727. <span class="w"> </span><span class="c1"># optional: assume role before fetching secrets</span>
  1728. <span class="w"> </span><span class="nt">role</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">team-b</span>
  1729. <span class="w"> </span><span class="nt">auth</span><span class="p">:</span>
  1730. <span class="w"> </span><span class="nt">secretRef</span><span class="p">:</span>
  1731. <span class="w"> </span><span class="nt">accessKeyIDSecretRef</span><span class="p">:</span>
  1732. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">awssm-secret</span>
  1733. <span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">access-key</span>
  1734. <span class="w"> </span><span class="nt">secretAccessKeySecretRef</span><span class="p">:</span>
  1735. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">awssm-secret</span>
  1736. <span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret-access-key</span>
  1737. </code></pre></div>
  1738. <p><strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> in <code>accessKeyIDSecretRef</code>, <code>secretAccessKeySecretRef</code> with the namespaces where the secrets reside.</p>
  1739. <h3 id="eks-service-account-credentials">EKS Service Account credentials</h3>
  1740. <p><img alt="Service Account" src="../../pictures/diagrams-provider-aws-auth-service-account.png" /></p>
  1741. <p>This feature lets you use short-lived service account tokens to authenticate with AWS.
  1742. You must have <a href="https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection">Service Account Volume Projection</a> enabled - it is by default on EKS. See <a href="https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts-technical-overview.html">EKS guide</a> on how to set up IAM roles for service accounts.</p>
  1743. <p>The big advantage of this approach is that ESO runs without any credentials.</p>
  1744. <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v1</span>
  1745. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ServiceAccount</span>
  1746. <span class="nt">metadata</span><span class="p">:</span>
  1747. <span class="w"> </span><span class="nt">annotations</span><span class="p">:</span>
  1748. <span class="w"> </span><span class="nt">eks.amazonaws.com/role-arn</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">arn:aws:iam::123456789012:role/team-a</span>
  1749. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-serviceaccount</span>
  1750. <span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">default</span>
  1751. </code></pre></div>
  1752. <p>Reference the service account from above in the Secret Store:</p>
  1753. <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1</span>
  1754. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
  1755. <span class="nt">metadata</span><span class="p">:</span>
  1756. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secretstore-sample</span>
  1757. <span class="nt">spec</span><span class="p">:</span>
  1758. <span class="w"> </span><span class="nt">provider</span><span class="p">:</span>
  1759. <span class="w"> </span><span class="nt">aws</span><span class="p">:</span>
  1760. <span class="w"> </span><span class="nt">service</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretsManager</span>
  1761. <span class="w"> </span><span class="nt">region</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">eu-central-1</span>
  1762. <span class="w"> </span><span class="nt">auth</span><span class="p">:</span>
  1763. <span class="w"> </span><span class="nt">jwt</span><span class="p">:</span>
  1764. <span class="w"> </span><span class="nt">serviceAccountRef</span><span class="p">:</span>
  1765. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-serviceaccount</span>
  1766. </code></pre></div>
  1767. <p><strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> for <code>serviceAccountRef</code> with the namespace where the service account resides.</p>
  1768. <h2 id="eks-pod-identity-setup">EKS Pod Identity Setup</h2>
  1769. <p>In order to use EKS Pod Identity Agent, create a role like this:</p>
  1770. <div class="highlight"><pre><span></span><code><span class="p">{</span>
  1771. <span class="w"> </span><span class="nt">&quot;Statement&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span>
  1772. <span class="w"> </span><span class="p">{</span>
  1773. <span class="w"> </span><span class="nt">&quot;Action&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span>
  1774. <span class="w"> </span><span class="s2">&quot;secretsmanager:GetResourcePolicy&quot;</span><span class="p">,</span>
  1775. <span class="w"> </span><span class="s2">&quot;secretsmanager:GetSecretValue&quot;</span><span class="p">,</span>
  1776. <span class="w"> </span><span class="s2">&quot;secretsmanager:DescribeSecret&quot;</span><span class="p">,</span>
  1777. <span class="w"> </span><span class="s2">&quot;secretsmanager:ListSecretVersionIds&quot;</span>
  1778. <span class="w"> </span><span class="p">],</span>
  1779. <span class="w"> </span><span class="nt">&quot;Effect&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;Allow&quot;</span><span class="p">,</span>
  1780. <span class="w"> </span><span class="nt">&quot;Resource&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span>
  1781. <span class="w"> </span><span class="s2">&quot;*&quot;</span>
  1782. <span class="w"> </span><span class="p">]</span>
  1783. <span class="w"> </span><span class="p">}</span>
  1784. <span class="w"> </span><span class="p">],</span>
  1785. <span class="w"> </span><span class="nt">&quot;Version&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;2012-10-17&quot;</span>
  1786. <span class="p">}</span>
  1787. </code></pre></div>
  1788. <div class="highlight"><pre><span></span><code><span class="p">{</span>
  1789. <span class="w"> </span><span class="nt">&quot;Version&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;2012-10-17&quot;</span><span class="p">,</span>
  1790. <span class="w"> </span><span class="nt">&quot;Statement&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span>
  1791. <span class="w"> </span><span class="p">{</span>
  1792. <span class="w"> </span><span class="nt">&quot;Sid&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;AllowEksAuthToAssumeRoleForPodIdentity&quot;</span><span class="p">,</span>
  1793. <span class="w"> </span><span class="nt">&quot;Effect&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;Allow&quot;</span><span class="p">,</span>
  1794. <span class="w"> </span><span class="nt">&quot;Principal&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">{</span>
  1795. <span class="w"> </span><span class="nt">&quot;Service&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;pods.eks.amazonaws.com&quot;</span>
  1796. <span class="w"> </span><span class="p">},</span>
  1797. <span class="w"> </span><span class="nt">&quot;Action&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span>
  1798. <span class="w"> </span><span class="s2">&quot;sts:AssumeRole&quot;</span><span class="p">,</span>
  1799. <span class="w"> </span><span class="s2">&quot;sts:TagSession&quot;</span>
  1800. <span class="w"> </span><span class="p">]</span>
  1801. <span class="w"> </span><span class="p">}</span>
  1802. <span class="w"> </span><span class="p">]</span>
  1803. <span class="p">}</span>
  1804. </code></pre></div>
  1805. <p>Install ESO using helm and define these values:</p>
  1806. <div class="highlight"><pre><span></span><code><span class="nt">serviceAccount</span><span class="p">:</span>
  1807. <span class="w"> </span><span class="nt">annotations</span><span class="p">:</span>
  1808. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets</span>
  1809. </code></pre></div>
  1810. <p>Create a pod association:</p>
  1811. <div class="highlight"><pre><span></span><code>aws eks create-pod-identity-association --cluster-name my-cluster --role-arn arn:aws:iam::111122223333:role/my-role --namespace external-secrets --service-account external-secrets
  1812. </code></pre></div>
  1813. <p>Then create a secret store like this:</p>
  1814. <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1</span>
  1815. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
  1816. <span class="nt">metadata</span><span class="p">:</span>
  1817. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">store</span>
  1818. <span class="nt">spec</span><span class="p">:</span>
  1819. <span class="w"> </span><span class="nt">provider</span><span class="p">:</span>
  1820. <span class="w"> </span><span class="nt">aws</span><span class="p">:</span>
  1821. <span class="w"> </span><span class="nt">service</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretsManager</span>
  1822. <span class="w"> </span><span class="nt">region</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">eu-central-1</span>
  1823. </code></pre></div>
  1824. <p><em>Note</em>: <code>serviceAccountRef</code> <em>cannot</em> be used together with EKS Pod Identity. That's because ESO can not impersonate
  1825. service accounts which have iam roles bound using pod identity. Doing so will result in an error like this:
  1826. <div class="highlight"><pre><span></span><code>unable to create session: an IAM role must be associated with service account ...
  1827. </code></pre></div></p>
  1828. <p><em>Note:</em> No <code>auth</code> section is defined for the SecretStore.</p>
  1829. <p><em>Note:</em> For even more details you can follow this post for more setup and information using Terraform <a href="https://containscloud.com/2024/03/24/integrating-aws-secrets-manager-to-eks-using-external-secrets/">here</a>.</p>
  1830. <h2 id="custom-endpoints">Custom Endpoints</h2>
  1831. <p>You can define custom AWS endpoints if you want to use regional, vpc or custom endpoints. See List of endpoints for <a href="https://docs.aws.amazon.com/general/latest/gr/asm.html">Secrets Manager</a>, <a href="https://docs.aws.amazon.com/general/latest/gr/ssm.html">Secure Systems Manager</a> and <a href="https://docs.aws.amazon.com/general/latest/gr/sts.html">Security Token Service</a>.</p>
  1832. <p>Use the following environment variables to point the controller to your custom endpoints. Note: All resources managed by this controller are affected.</p>
  1833. <table>
  1834. <thead>
  1835. <tr>
  1836. <th>ENV VAR</th>
  1837. <th>DESCRIPTION</th>
  1838. </tr>
  1839. </thead>
  1840. <tbody>
  1841. <tr>
  1842. <td>AWS_SECRETSMANAGER_ENDPOINT</td>
  1843. <td>Endpoint for the Secrets Manager Service. The controller uses this endpoint to fetch secrets from AWS Secrets Manager.</td>
  1844. </tr>
  1845. <tr>
  1846. <td>AWS_SSM_ENDPOINT</td>
  1847. <td>Endpoint for the AWS Secure Systems Manager. The controller uses this endpoint to fetch secrets from SSM Parameter Store.</td>
  1848. </tr>
  1849. <tr>
  1850. <td>AWS_STS_ENDPOINT</td>
  1851. <td>Endpoint for the Security Token Service. The controller uses this endpoint when creating a session and when doing <code>assumeRole</code> or <code>assumeRoleWithWebIdentity</code> calls.</td>
  1852. </tr>
  1853. </tbody>
  1854. </table>
  1855. </article>
  1856. </div>
  1857. <script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
  1858. </div>
  1859. </main>
  1860. <img referrerpolicy="no-referrer-when-downgrade" src="https://static.scarf.sh/a.png?x-pxid=6658a9eb-067d-49f1-94f2-b8b00f21451e" alt=""/>
  1861. <footer class="md-footer">
  1862. <div class="md-footer-meta md-typeset">
  1863. <div class="md-footer-meta__inner md-grid">
  1864. <div class="md-copyright">
  1865. <div class="md-copyright__highlight">
  1866. &copy; 2025 The external-secrets Authors.<br/>
  1867. &copy; 2025 The Linux Foundation. All rights reserved.<br/><br/>
  1868. The Linux Foundation has registered trademarks and uses trademarks.<br/>
  1869. For a list of trademarks of The Linux Foundation, please see our <a href="https://www.linuxfoundation.org/trademark-usage/">Trademark Usage page</a>.
  1870. </div>
  1871. Made with
  1872. <a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
  1873. Material for MkDocs
  1874. </a>
  1875. </div>
  1876. </div>
  1877. </div>
  1878. </footer>
  1879. </div>
  1880. <div class="md-dialog" data-md-component="dialog">
  1881. <div class="md-dialog__inner md-typeset"></div>
  1882. </div>
  1883. <script id="__config" type="application/json">{"base": "../..", "features": ["navigation.tabs", "navigation.indexes", "navigation.expand"], "search": "../../assets/javascripts/workers/search.d50fe291.min.js", "tags": null, "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}, "version": {"provider": "mike"}}</script>
  1884. <script src="../../assets/javascripts/bundle.13a4f30d.min.js"></script>
  1885. </body>
  1886. </html>