index.html 80 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168216921702171217221732174217521762177217821792180218121822183218421852186218721882189219021912192219321942195219621972198219922002201220222032204220522062207220822092210221122122213221422152216221722182219222022212222222322242225222622272228222922302231223222332234223522362237223822392240224122422243224422452246224722482249225022512252225322542255225622572258225922602261226222632264226522662267226822692270227122722273227422752276227722782279228022812282228322842285228622872288228922902291229222932294229522962297229822992300230123022303230423052306230723082309231023112312231323142315231623172318231923202321232223232324232523262327232823292330233123322333233423352336233723382339234023412342234323442345234623472348234923502351235223532354235523562357235823592360236123622363236423652366236723682369237023712372237323742375237623772378237923802381238223832384238523862387238823892390239123922393239423952396239723982399240024012402240324042405240624072408240924102411241224132414241524162417241824192420242124222423242424252426242724282429243024312432243324342435243624372438243924402441244224432444244524462447244824492450245124522453245424552456245724582459246024612462246324642465246624672468246924702471247224732474247524762477247824792480248124822483248424852486248724882489249024912492249324942495249624972498249925002501250225032504250525062507250825092510251125122513251425152516251725182519252025212522252325242525252625272528252925302531253225332534253525362537253825392540254125422543254425452546254725482549255025512552255325542555255625572558255925602561256225632564256525662567256825692570257125722573257425752576257725782579258025812582258325842585258625872588258925902591259225932594259525962597259825992600260126022603260426052606260726082609261026112612261326142615261626172618261926202621262226232624262526262627262826292630263126322633263426352636263726382639264026412642264326442645264626472648264926502651265226532654265526562657265826592660266126622663266426652666266726682669267026712672267326742675267626772678267926802681268226832684268526862687268826892690269126922693269426952696269726982699270027012702270327042705270627072708270927102711271227132714271527162717271827192720272127222723272427252726272727282729273027312732273327342735273627372738273927402741274227432744274527462747274827492750275127522753275427552756275727582759276027612762276327642765276627672768276927702771277227732774277527762777277827792780278127822783278427852786278727882789279027912792279327942795279627972798279928002801280228032804280528062807280828092810281128122813281428152816281728182819282028212822282328242825282628272828282928302831283228332834283528362837283828392840284128422843284428452846284728482849285028512852285328542855285628572858285928602861286228632864286528662867286828692870287128722873287428752876287728782879288028812882288328842885288628872888288928902891289228932894289528962897289828992900290129022903290429052906290729082909291029112912291329142915291629172918291929202921292229232924292529262927292829292930293129322933293429352936293729382939294029412942294329442945294629472948294929502951295229532954295529562957295829592960296129622963296429652966296729682969297029712972297329742975297629772978297929802981298229832984298529862987298829892990299129922993299429952996299729982999300030013002300330043005300630073008300930103011301230133014301530163017301830193020302130223023302430253026302730283029303030313032303330343035303630373038303930403041304230433044304530463047304830493050305130523053305430553056305730583059306030613062306330643065306630673068306930703071307230733074307530763077307830793080308130823083308430853086308730883089309030913092309330943095309630973098309931003101310231033104310531063107310831093110311131123113311431153116311731183119312031213122312331243125312631273128312931303131313231333134313531363137313831393140314131423143314431453146314731483149315031513152315331543155315631573158315931603161316231633164316531663167316831693170317131723173317431753176317731783179318031813182318331843185318631873188318931903191319231933194319531963197319831993200320132023203320432053206320732083209321032113212321332143215321632173218321932203221322232233224322532263227322832293230323132323233323432353236323732383239324032413242324332443245324632473248324932503251325232533254325532563257325832593260326132623263326432653266326732683269327032713272327332743275327632773278327932803281328232833284328532863287328832893290329132923293329432953296329732983299330033013302330333043305330633073308330933103311331233133314331533163317331833193320332133223323332433253326332733283329333033313332333333343335333633373338333933403341334233433344334533463347334833493350335133523353335433553356335733583359336033613362336333643365336633673368336933703371337233733374337533763377337833793380338133823383338433853386338733883389339033913392339333943395339633973398339934003401340234033404340534063407340834093410341134123413341434153416341734183419342034213422342334243425342634273428342934303431343234333434343534363437343834393440344134423443344434453446344734483449345034513452345334543455345634573458345934603461346234633464346534663467346834693470347134723473347434753476347734783479348034813482348334843485348634873488348934903491349234933494349534963497349834993500350135023503350435053506350735083509351035113512351335143515351635173518351935203521352235233524352535263527352835293530353135323533353435353536353735383539354035413542354335443545354635473548354935503551355235533554355535563557355835593560356135623563356435653566356735683569357035713572357335743575357635773578357935803581358235833584358535863587358835893590359135923593359435953596359735983599360036013602360336043605360636073608360936103611361236133614361536163617361836193620362136223623362436253626362736283629363036313632363336343635363636373638363936403641364236433644364536463647364836493650365136523653365436553656365736583659366036613662366336643665366636673668366936703671367236733674367536763677367836793680368136823683368436853686368736883689369036913692
  1. <!doctype html>
  2. <html lang="en" class="no-js">
  3. <head>
  4. <meta charset="utf-8">
  5. <meta name="viewport" content="width=device-width,initial-scale=1">
  6. <link rel="prev" href="../device42/">
  7. <link rel="next" href="../hashicorp-vault/">
  8. <link rel="icon" href="../../pictures/eso-round-logo.svg">
  9. <meta name="generator" content="mkdocs-1.6.1, mkdocs-material-9.5.42">
  10. <title>Google Cloud Secret Manager - External Secrets Operator</title>
  11. <link rel="stylesheet" href="../../assets/stylesheets/main.0253249f.min.css">
  12. <link rel="stylesheet" href="../../assets/stylesheets/palette.06af60db.min.css">
  13. <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
  14. <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
  15. <style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
  16. <script>__md_scope=new URL("../..",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
  17. <script id="__analytics">function __md_analytics(){function e(){dataLayer.push(arguments)}window.dataLayer=window.dataLayer||[],e("js",new Date),e("config","G-QP38TD8K7V"),document.addEventListener("DOMContentLoaded",(function(){document.forms.search&&document.forms.search.query.addEventListener("blur",(function(){this.value&&e("event","search",{search_term:this.value})}));document$.subscribe((function(){var t=document.forms.feedback;if(void 0!==t)for(var a of t.querySelectorAll("[type=submit]"))a.addEventListener("click",(function(a){a.preventDefault();var n=document.location.pathname,d=this.getAttribute("data-md-value");e("event","feedback",{page:n,data:d}),t.firstElementChild.disabled=!0;var r=t.querySelector(".md-feedback__note [data-md-value='"+d+"']");r&&(r.hidden=!1)})),t.hidden=!1})),location$.subscribe((function(t){e("config","G-QP38TD8K7V",{page_path:t.pathname})}))}));var t=document.createElement("script");t.async=!0,t.src="https://www.googletagmanager.com/gtag/js?id=G-QP38TD8K7V",document.getElementById("__analytics").insertAdjacentElement("afterEnd",t)}</script>
  18. <script>"undefined"!=typeof __md_analytics&&__md_analytics()</script>
  19. </head>
  20. <body dir="ltr" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo">
  21. <input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
  22. <input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
  23. <label class="md-overlay" for="__drawer"></label>
  24. <div data-md-component="skip">
  25. <a href="#google-cloud-secret-manager" class="md-skip">
  26. Skip to content
  27. </a>
  28. </div>
  29. <div data-md-component="announce">
  30. </div>
  31. <div data-md-color-scheme="default" data-md-component="outdated" hidden>
  32. <aside class="md-banner md-banner--warning">
  33. <div class="md-banner__inner md-grid md-typeset">
  34. You're not viewing the latest version.
  35. <a href="../../..">
  36. <strong>Click here to go to latest.</strong>
  37. </a>
  38. </div>
  39. <script>var el=document.querySelector("[data-md-component=outdated]"),outdated=__md_get("__outdated",sessionStorage);!0===outdated&&el&&(el.hidden=!1)</script>
  40. </aside>
  41. </div>
  42. <header class="md-header" data-md-component="header">
  43. <nav class="md-header__inner md-grid" aria-label="Header">
  44. <a href="../.." title="External Secrets Operator" class="md-header__button md-logo" aria-label="External Secrets Operator" data-md-component="logo">
  45. <img src="../../pictures/eso-round-logo.svg" alt="logo">
  46. </a>
  47. <label class="md-header__button md-icon" for="__drawer">
  48. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg>
  49. </label>
  50. <div class="md-header__title" data-md-component="header-title">
  51. <div class="md-header__ellipsis">
  52. <div class="md-header__topic">
  53. <span class="md-ellipsis">
  54. External Secrets Operator
  55. </span>
  56. </div>
  57. <div class="md-header__topic" data-md-component="header-topic">
  58. <span class="md-ellipsis">
  59. Google Cloud Secret Manager
  60. </span>
  61. </div>
  62. </div>
  63. </div>
  64. <form class="md-header__option" data-md-component="palette">
  65. <input class="md-option" data-md-color-media="(prefers-color-scheme: light)" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo" aria-label="Switch to dark mode" type="radio" name="__palette" id="__palette_0">
  66. <label class="md-header__button md-icon" title="Switch to dark mode" for="__palette_1" hidden>
  67. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a4 4 0 0 0-4 4 4 4 0 0 0 4 4 4 4 0 0 0 4-4 4 4 0 0 0-4-4m0 10a6 6 0 0 1-6-6 6 6 0 0 1 6-6 6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12z"/></svg>
  68. </label>
  69. <input class="md-option" data-md-color-media="(prefers-color-scheme: dark)" data-md-color-scheme="slate" data-md-color-primary="indigo" data-md-color-accent="indigo" aria-label="Switch to light mode" type="radio" name="__palette" id="__palette_1">
  70. <label class="md-header__button md-icon" title="Switch to light mode" for="__palette_0" hidden>
  71. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 18c-.89 0-1.74-.2-2.5-.55C11.56 16.5 13 14.42 13 12s-1.44-4.5-3.5-5.45C10.26 6.2 11.11 6 12 6a6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12z"/></svg>
  72. </label>
  73. </form>
  74. <script>var palette=__md_get("__palette");if(palette&&palette.color){if("(prefers-color-scheme)"===palette.color.media){var media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']");palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent")}for(var[key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script>
  75. <label class="md-header__button md-icon" for="__search">
  76. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
  77. </label>
  78. <div class="md-search" data-md-component="search" role="dialog">
  79. <label class="md-search__overlay" for="__search"></label>
  80. <div class="md-search__inner" role="search">
  81. <form class="md-search__form" name="search">
  82. <input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
  83. <label class="md-search__icon md-icon" for="__search">
  84. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
  85. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg>
  86. </label>
  87. <nav class="md-search__options" aria-label="Search">
  88. <button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
  89. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/></svg>
  90. </button>
  91. </nav>
  92. </form>
  93. <div class="md-search__output">
  94. <div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix>
  95. <div class="md-search-result" data-md-component="search-result">
  96. <div class="md-search-result__meta">
  97. Initializing search
  98. </div>
  99. <ol class="md-search-result__list" role="presentation"></ol>
  100. </div>
  101. </div>
  102. </div>
  103. </div>
  104. </div>
  105. <div class="md-header__source">
  106. <a href="https://github.com/external-secrets/external-secrets" title="Go to repository" class="md-source" data-md-component="source">
  107. <div class="md-source__icon md-icon">
  108. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81"/></svg>
  109. </div>
  110. <div class="md-source__repository">
  111. External Secrets Operator
  112. </div>
  113. </a>
  114. </div>
  115. </nav>
  116. </header>
  117. <div class="md-container" data-md-component="container">
  118. <nav class="md-tabs" aria-label="Tabs" data-md-component="tabs">
  119. <div class="md-grid">
  120. <ul class="md-tabs__list">
  121. <li class="md-tabs__item">
  122. <a href="../.." class="md-tabs__link">
  123. Introduction
  124. </a>
  125. </li>
  126. <li class="md-tabs__item">
  127. <a href="../../api/components/" class="md-tabs__link">
  128. API
  129. </a>
  130. </li>
  131. <li class="md-tabs__item">
  132. <a href="../../guides/introduction/" class="md-tabs__link">
  133. Guides
  134. </a>
  135. </li>
  136. <li class="md-tabs__item md-tabs__item--active">
  137. <a href="../aws-secrets-manager/" class="md-tabs__link">
  138. Provider
  139. </a>
  140. </li>
  141. <li class="md-tabs__item">
  142. <a href="../../examples/gitops-using-fluxcd/" class="md-tabs__link">
  143. Examples
  144. </a>
  145. </li>
  146. <li class="md-tabs__item">
  147. <a href="../../contributing/devguide/" class="md-tabs__link">
  148. Community
  149. </a>
  150. </li>
  151. </ul>
  152. </div>
  153. </nav>
  154. <main class="md-main" data-md-component="main">
  155. <div class="md-main__inner md-grid">
  156. <div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
  157. <div class="md-sidebar__scrollwrap">
  158. <div class="md-sidebar__inner">
  159. <nav class="md-nav md-nav--primary md-nav--lifted" aria-label="Navigation" data-md-level="0">
  160. <label class="md-nav__title" for="__drawer">
  161. <a href="../.." title="External Secrets Operator" class="md-nav__button md-logo" aria-label="External Secrets Operator" data-md-component="logo">
  162. <img src="../../pictures/eso-round-logo.svg" alt="logo">
  163. </a>
  164. External Secrets Operator
  165. </label>
  166. <div class="md-nav__source">
  167. <a href="https://github.com/external-secrets/external-secrets" title="Go to repository" class="md-source" data-md-component="source">
  168. <div class="md-source__icon md-icon">
  169. <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81"/></svg>
  170. </div>
  171. <div class="md-source__repository">
  172. External Secrets Operator
  173. </div>
  174. </a>
  175. </div>
  176. <ul class="md-nav__list" data-md-scrollfix>
  177. <li class="md-nav__item md-nav__item--nested">
  178. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_1" >
  179. <div class="md-nav__link md-nav__container">
  180. <a href="../.." class="md-nav__link ">
  181. <span class="md-ellipsis">
  182. Introduction
  183. </span>
  184. </a>
  185. <label class="md-nav__link " for="__nav_1" id="__nav_1_label" tabindex="0">
  186. <span class="md-nav__icon md-icon"></span>
  187. </label>
  188. </div>
  189. <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_1_label" aria-expanded="false">
  190. <label class="md-nav__title" for="__nav_1">
  191. <span class="md-nav__icon md-icon"></span>
  192. Introduction
  193. </label>
  194. <ul class="md-nav__list" data-md-scrollfix>
  195. <li class="md-nav__item">
  196. <a href="../../introduction/overview/" class="md-nav__link">
  197. <span class="md-ellipsis">
  198. Overview
  199. </span>
  200. </a>
  201. </li>
  202. <li class="md-nav__item">
  203. <a href="../../introduction/getting-started/" class="md-nav__link">
  204. <span class="md-ellipsis">
  205. Getting started
  206. </span>
  207. </a>
  208. </li>
  209. <li class="md-nav__item">
  210. <a href="../../introduction/faq/" class="md-nav__link">
  211. <span class="md-ellipsis">
  212. FAQ
  213. </span>
  214. </a>
  215. </li>
  216. <li class="md-nav__item">
  217. <a href="../../introduction/stability-support/" class="md-nav__link">
  218. <span class="md-ellipsis">
  219. Stability and Support
  220. </span>
  221. </a>
  222. </li>
  223. <li class="md-nav__item">
  224. <a href="../../introduction/deprecation-policy/" class="md-nav__link">
  225. <span class="md-ellipsis">
  226. Deprecation Policy
  227. </span>
  228. </a>
  229. </li>
  230. </ul>
  231. </nav>
  232. </li>
  233. <li class="md-nav__item md-nav__item--nested">
  234. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_2" >
  235. <label class="md-nav__link" for="__nav_2" id="__nav_2_label" tabindex="0">
  236. <span class="md-ellipsis">
  237. API
  238. </span>
  239. <span class="md-nav__icon md-icon"></span>
  240. </label>
  241. <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_2_label" aria-expanded="false">
  242. <label class="md-nav__title" for="__nav_2">
  243. <span class="md-nav__icon md-icon"></span>
  244. API
  245. </label>
  246. <ul class="md-nav__list" data-md-scrollfix>
  247. <li class="md-nav__item">
  248. <a href="../../api/components/" class="md-nav__link">
  249. <span class="md-ellipsis">
  250. Components
  251. </span>
  252. </a>
  253. </li>
  254. <li class="md-nav__item md-nav__item--nested">
  255. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_2_2" >
  256. <label class="md-nav__link" for="__nav_2_2" id="__nav_2_2_label" tabindex="0">
  257. <span class="md-ellipsis">
  258. Core Resources
  259. </span>
  260. <span class="md-nav__icon md-icon"></span>
  261. </label>
  262. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_2_2_label" aria-expanded="false">
  263. <label class="md-nav__title" for="__nav_2_2">
  264. <span class="md-nav__icon md-icon"></span>
  265. Core Resources
  266. </label>
  267. <ul class="md-nav__list" data-md-scrollfix>
  268. <li class="md-nav__item">
  269. <a href="../../api/externalsecret/" class="md-nav__link">
  270. <span class="md-ellipsis">
  271. ExternalSecret
  272. </span>
  273. </a>
  274. </li>
  275. <li class="md-nav__item">
  276. <a href="../../api/secretstore/" class="md-nav__link">
  277. <span class="md-ellipsis">
  278. SecretStore
  279. </span>
  280. </a>
  281. </li>
  282. <li class="md-nav__item">
  283. <a href="../../api/clustersecretstore/" class="md-nav__link">
  284. <span class="md-ellipsis">
  285. ClusterSecretStore
  286. </span>
  287. </a>
  288. </li>
  289. <li class="md-nav__item">
  290. <a href="../../api/clusterexternalsecret/" class="md-nav__link">
  291. <span class="md-ellipsis">
  292. ClusterExternalSecret
  293. </span>
  294. </a>
  295. </li>
  296. <li class="md-nav__item">
  297. <a href="../../api/pushsecret/" class="md-nav__link">
  298. <span class="md-ellipsis">
  299. PushSecret
  300. </span>
  301. </a>
  302. </li>
  303. </ul>
  304. </nav>
  305. </li>
  306. <li class="md-nav__item md-nav__item--nested">
  307. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_2_3" >
  308. <div class="md-nav__link md-nav__container">
  309. <a href="../../api/generator/" class="md-nav__link ">
  310. <span class="md-ellipsis">
  311. Generators
  312. </span>
  313. </a>
  314. <label class="md-nav__link " for="__nav_2_3" id="__nav_2_3_label" tabindex="0">
  315. <span class="md-nav__icon md-icon"></span>
  316. </label>
  317. </div>
  318. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_2_3_label" aria-expanded="false">
  319. <label class="md-nav__title" for="__nav_2_3">
  320. <span class="md-nav__icon md-icon"></span>
  321. Generators
  322. </label>
  323. <ul class="md-nav__list" data-md-scrollfix>
  324. <li class="md-nav__item">
  325. <a href="../../api/generator/acr/" class="md-nav__link">
  326. <span class="md-ellipsis">
  327. Azure Container Registry
  328. </span>
  329. </a>
  330. </li>
  331. <li class="md-nav__item">
  332. <a href="../../api/generator/ecr/" class="md-nav__link">
  333. <span class="md-ellipsis">
  334. AWS Elastic Container Registry
  335. </span>
  336. </a>
  337. </li>
  338. <li class="md-nav__item">
  339. <a href="../../api/generator/gcr/" class="md-nav__link">
  340. <span class="md-ellipsis">
  341. Google Container Registry
  342. </span>
  343. </a>
  344. </li>
  345. <li class="md-nav__item">
  346. <a href="../../api/generator/vault/" class="md-nav__link">
  347. <span class="md-ellipsis">
  348. Vault Dynamic Secret
  349. </span>
  350. </a>
  351. </li>
  352. <li class="md-nav__item">
  353. <a href="../../api/generator/password/" class="md-nav__link">
  354. <span class="md-ellipsis">
  355. Password
  356. </span>
  357. </a>
  358. </li>
  359. <li class="md-nav__item">
  360. <a href="../../api/generator/fake/" class="md-nav__link">
  361. <span class="md-ellipsis">
  362. Fake
  363. </span>
  364. </a>
  365. </li>
  366. <li class="md-nav__item">
  367. <a href="../../api/generator/webhook/" class="md-nav__link">
  368. <span class="md-ellipsis">
  369. Webhook
  370. </span>
  371. </a>
  372. </li>
  373. <li class="md-nav__item">
  374. <a href="../../api/generator/github/" class="md-nav__link">
  375. <span class="md-ellipsis">
  376. Github
  377. </span>
  378. </a>
  379. </li>
  380. <li class="md-nav__item">
  381. <a href="../../api/generator/uuid/" class="md-nav__link">
  382. <span class="md-ellipsis">
  383. UUID
  384. </span>
  385. </a>
  386. </li>
  387. </ul>
  388. </nav>
  389. </li>
  390. <li class="md-nav__item md-nav__item--nested">
  391. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_2_4" >
  392. <label class="md-nav__link" for="__nav_2_4" id="__nav_2_4_label" tabindex="0">
  393. <span class="md-ellipsis">
  394. Reference Docs
  395. </span>
  396. <span class="md-nav__icon md-icon"></span>
  397. </label>
  398. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_2_4_label" aria-expanded="false">
  399. <label class="md-nav__title" for="__nav_2_4">
  400. <span class="md-nav__icon md-icon"></span>
  401. Reference Docs
  402. </label>
  403. <ul class="md-nav__list" data-md-scrollfix>
  404. <li class="md-nav__item">
  405. <a href="../../api/spec/" class="md-nav__link">
  406. <span class="md-ellipsis">
  407. API specification
  408. </span>
  409. </a>
  410. </li>
  411. <li class="md-nav__item">
  412. <a href="../../api/controller-options/" class="md-nav__link">
  413. <span class="md-ellipsis">
  414. Controller Options
  415. </span>
  416. </a>
  417. </li>
  418. <li class="md-nav__item">
  419. <a href="../../api/metrics/" class="md-nav__link">
  420. <span class="md-ellipsis">
  421. Metrics
  422. </span>
  423. </a>
  424. </li>
  425. </ul>
  426. </nav>
  427. </li>
  428. </ul>
  429. </nav>
  430. </li>
  431. <li class="md-nav__item md-nav__item--nested">
  432. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_3" >
  433. <label class="md-nav__link" for="__nav_3" id="__nav_3_label" tabindex="0">
  434. <span class="md-ellipsis">
  435. Guides
  436. </span>
  437. <span class="md-nav__icon md-icon"></span>
  438. </label>
  439. <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_3_label" aria-expanded="false">
  440. <label class="md-nav__title" for="__nav_3">
  441. <span class="md-nav__icon md-icon"></span>
  442. Guides
  443. </label>
  444. <ul class="md-nav__list" data-md-scrollfix>
  445. <li class="md-nav__item">
  446. <a href="../../guides/introduction/" class="md-nav__link">
  447. <span class="md-ellipsis">
  448. Introduction
  449. </span>
  450. </a>
  451. </li>
  452. <li class="md-nav__item md-nav__item--nested">
  453. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_3_2" >
  454. <label class="md-nav__link" for="__nav_3_2" id="__nav_3_2_label" tabindex="0">
  455. <span class="md-ellipsis">
  456. External Secrets
  457. </span>
  458. <span class="md-nav__icon md-icon"></span>
  459. </label>
  460. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_2_label" aria-expanded="false">
  461. <label class="md-nav__title" for="__nav_3_2">
  462. <span class="md-nav__icon md-icon"></span>
  463. External Secrets
  464. </label>
  465. <ul class="md-nav__list" data-md-scrollfix>
  466. <li class="md-nav__item">
  467. <a href="../../guides/all-keys-one-secret/" class="md-nav__link">
  468. <span class="md-ellipsis">
  469. Extract structured data
  470. </span>
  471. </a>
  472. </li>
  473. <li class="md-nav__item">
  474. <a href="../../guides/getallsecrets/" class="md-nav__link">
  475. <span class="md-ellipsis">
  476. Find Secrets by Name or Metadata
  477. </span>
  478. </a>
  479. </li>
  480. <li class="md-nav__item">
  481. <a href="../../guides/datafrom-rewrite/" class="md-nav__link">
  482. <span class="md-ellipsis">
  483. Rewriting Keys
  484. </span>
  485. </a>
  486. </li>
  487. <li class="md-nav__item md-nav__item--nested">
  488. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_3_2_4" >
  489. <label class="md-nav__link" for="__nav_3_2_4" id="__nav_3_2_4_label" tabindex="0">
  490. <span class="md-ellipsis">
  491. Advanced Templating
  492. </span>
  493. <span class="md-nav__icon md-icon"></span>
  494. </label>
  495. <nav class="md-nav" data-md-level="3" aria-labelledby="__nav_3_2_4_label" aria-expanded="false">
  496. <label class="md-nav__title" for="__nav_3_2_4">
  497. <span class="md-nav__icon md-icon"></span>
  498. Advanced Templating
  499. </label>
  500. <ul class="md-nav__list" data-md-scrollfix>
  501. <li class="md-nav__item">
  502. <a href="../../guides/templating/" class="md-nav__link">
  503. <span class="md-ellipsis">
  504. v2
  505. </span>
  506. </a>
  507. </li>
  508. <li class="md-nav__item">
  509. <a href="../../guides/templating-v1/" class="md-nav__link">
  510. <span class="md-ellipsis">
  511. v1
  512. </span>
  513. </a>
  514. </li>
  515. </ul>
  516. </nav>
  517. </li>
  518. <li class="md-nav__item">
  519. <a href="../../guides/common-k8s-secret-types/" class="md-nav__link">
  520. <span class="md-ellipsis">
  521. Kubernetes Secret Types
  522. </span>
  523. </a>
  524. </li>
  525. <li class="md-nav__item">
  526. <a href="../../guides/ownership-deletion-policy/" class="md-nav__link">
  527. <span class="md-ellipsis">
  528. Lifecycle: ownership & deletion
  529. </span>
  530. </a>
  531. </li>
  532. <li class="md-nav__item">
  533. <a href="../../guides/decoding-strategy/" class="md-nav__link">
  534. <span class="md-ellipsis">
  535. Decoding Strategies
  536. </span>
  537. </a>
  538. </li>
  539. <li class="md-nav__item">
  540. <a href="../../guides/controller-class/" class="md-nav__link">
  541. <span class="md-ellipsis">
  542. Controller Classes
  543. </span>
  544. </a>
  545. </li>
  546. </ul>
  547. </nav>
  548. </li>
  549. <li class="md-nav__item">
  550. <a href="../../guides/generator/" class="md-nav__link">
  551. <span class="md-ellipsis">
  552. Generators
  553. </span>
  554. </a>
  555. </li>
  556. <li class="md-nav__item">
  557. <a href="../../guides/pushsecrets/" class="md-nav__link">
  558. <span class="md-ellipsis">
  559. Push Secrets
  560. </span>
  561. </a>
  562. </li>
  563. <li class="md-nav__item md-nav__item--nested">
  564. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_3_5" >
  565. <label class="md-nav__link" for="__nav_3_5" id="__nav_3_5_label" tabindex="0">
  566. <span class="md-ellipsis">
  567. Operations
  568. </span>
  569. <span class="md-nav__icon md-icon"></span>
  570. </label>
  571. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_5_label" aria-expanded="false">
  572. <label class="md-nav__title" for="__nav_3_5">
  573. <span class="md-nav__icon md-icon"></span>
  574. Operations
  575. </label>
  576. <ul class="md-nav__list" data-md-scrollfix>
  577. <li class="md-nav__item">
  578. <a href="../../guides/multi-tenancy/" class="md-nav__link">
  579. <span class="md-ellipsis">
  580. Multi Tenancy
  581. </span>
  582. </a>
  583. </li>
  584. <li class="md-nav__item">
  585. <a href="../../guides/security-best-practices/" class="md-nav__link">
  586. <span class="md-ellipsis">
  587. Security Best Practices
  588. </span>
  589. </a>
  590. </li>
  591. <li class="md-nav__item">
  592. <a href="../../guides/threat-model/" class="md-nav__link">
  593. <span class="md-ellipsis">
  594. Threat Model
  595. </span>
  596. </a>
  597. </li>
  598. <li class="md-nav__item">
  599. <a href="../../guides/v1beta1/" class="md-nav__link">
  600. <span class="md-ellipsis">
  601. Upgrading to v1beta1
  602. </span>
  603. </a>
  604. </li>
  605. <li class="md-nav__item">
  606. <a href="../../guides/using-latest-image/" class="md-nav__link">
  607. <span class="md-ellipsis">
  608. Using Latest Image
  609. </span>
  610. </a>
  611. </li>
  612. <li class="md-nav__item">
  613. <a href="../../guides/disable-cluster-features/" class="md-nav__link">
  614. <span class="md-ellipsis">
  615. Disable Cluster Features
  616. </span>
  617. </a>
  618. </li>
  619. </ul>
  620. </nav>
  621. </li>
  622. </ul>
  623. </nav>
  624. </li>
  625. <li class="md-nav__item md-nav__item--active md-nav__item--section md-nav__item--nested">
  626. <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4" checked>
  627. <label class="md-nav__link" for="__nav_4" id="__nav_4_label" tabindex="">
  628. <span class="md-ellipsis">
  629. Provider
  630. </span>
  631. <span class="md-nav__icon md-icon"></span>
  632. </label>
  633. <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_4_label" aria-expanded="true">
  634. <label class="md-nav__title" for="__nav_4">
  635. <span class="md-nav__icon md-icon"></span>
  636. Provider
  637. </label>
  638. <ul class="md-nav__list" data-md-scrollfix>
  639. <li class="md-nav__item">
  640. <a href="../aws-secrets-manager/" class="md-nav__link">
  641. <span class="md-ellipsis">
  642. AWS Secrets Manager
  643. </span>
  644. </a>
  645. </li>
  646. <li class="md-nav__item">
  647. <a href="../aws-parameter-store/" class="md-nav__link">
  648. <span class="md-ellipsis">
  649. AWS Parameter Store
  650. </span>
  651. </a>
  652. </li>
  653. <li class="md-nav__item">
  654. <a href="../azure-key-vault/" class="md-nav__link">
  655. <span class="md-ellipsis">
  656. Azure Key Vault
  657. </span>
  658. </a>
  659. </li>
  660. <li class="md-nav__item">
  661. <a href="../beyondtrust/" class="md-nav__link">
  662. <span class="md-ellipsis">
  663. BeyondTrust
  664. </span>
  665. </a>
  666. </li>
  667. <li class="md-nav__item">
  668. <a href="../bitwarden-secrets-manager/" class="md-nav__link">
  669. <span class="md-ellipsis">
  670. Bitwarden Secrets Manager
  671. </span>
  672. </a>
  673. </li>
  674. <li class="md-nav__item">
  675. <a href="../chef/" class="md-nav__link">
  676. <span class="md-ellipsis">
  677. Chef
  678. </span>
  679. </a>
  680. </li>
  681. <li class="md-nav__item">
  682. <a href="../conjur/" class="md-nav__link">
  683. <span class="md-ellipsis">
  684. CyberArk Conjur
  685. </span>
  686. </a>
  687. </li>
  688. <li class="md-nav__item">
  689. <a href="../device42/" class="md-nav__link">
  690. <span class="md-ellipsis">
  691. Device42
  692. </span>
  693. </a>
  694. </li>
  695. <li class="md-nav__item md-nav__item--active">
  696. <input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
  697. <label class="md-nav__link md-nav__link--active" for="__toc">
  698. <span class="md-ellipsis">
  699. Google Cloud Secret Manager
  700. </span>
  701. <span class="md-nav__icon md-icon"></span>
  702. </label>
  703. <a href="./" class="md-nav__link md-nav__link--active">
  704. <span class="md-ellipsis">
  705. Google Cloud Secret Manager
  706. </span>
  707. </a>
  708. <nav class="md-nav md-nav--secondary" aria-label="Table of contents">
  709. <label class="md-nav__title" for="__toc">
  710. <span class="md-nav__icon md-icon"></span>
  711. Table of contents
  712. </label>
  713. <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
  714. <li class="md-nav__item">
  715. <a href="#google-cloud-secret-manager" class="md-nav__link">
  716. <span class="md-ellipsis">
  717. Google Cloud Secret Manager
  718. </span>
  719. </a>
  720. </li>
  721. <li class="md-nav__item">
  722. <a href="#authentication" class="md-nav__link">
  723. <span class="md-ellipsis">
  724. Authentication
  725. </span>
  726. </a>
  727. <nav class="md-nav" aria-label="Authentication">
  728. <ul class="md-nav__list">
  729. <li class="md-nav__item">
  730. <a href="#workload-identity" class="md-nav__link">
  731. <span class="md-ellipsis">
  732. Workload Identity
  733. </span>
  734. </a>
  735. <nav class="md-nav" aria-label="Workload Identity">
  736. <ul class="md-nav__list">
  737. <li class="md-nav__item">
  738. <a href="#creating-workload-identity-service-accounts" class="md-nav__link">
  739. <span class="md-ellipsis">
  740. Creating Workload Identity Service Accounts
  741. </span>
  742. </a>
  743. </li>
  744. <li class="md-nav__item">
  745. <a href="#using-service-accounts-directly" class="md-nav__link">
  746. <span class="md-ellipsis">
  747. Using Service Accounts directly
  748. </span>
  749. </a>
  750. </li>
  751. <li class="md-nav__item">
  752. <a href="#using-pod-based-workload-identity" class="md-nav__link">
  753. <span class="md-ellipsis">
  754. Using Pod-based Workload Identity
  755. </span>
  756. </a>
  757. </li>
  758. </ul>
  759. </nav>
  760. </li>
  761. <li class="md-nav__item">
  762. <a href="#gcp-service-account-authentication" class="md-nav__link">
  763. <span class="md-ellipsis">
  764. GCP Service Account authentication
  765. </span>
  766. </a>
  767. <nav class="md-nav" aria-label="GCP Service Account authentication">
  768. <ul class="md-nav__list">
  769. <li class="md-nav__item">
  770. <a href="#update-secret-store" class="md-nav__link">
  771. <span class="md-ellipsis">
  772. Update secret store
  773. </span>
  774. </a>
  775. </li>
  776. <li class="md-nav__item">
  777. <a href="#creating-external-secret" class="md-nav__link">
  778. <span class="md-ellipsis">
  779. Creating external secret
  780. </span>
  781. </a>
  782. </li>
  783. </ul>
  784. </nav>
  785. </li>
  786. </ul>
  787. </nav>
  788. </li>
  789. </ul>
  790. </nav>
  791. </li>
  792. <li class="md-nav__item">
  793. <a href="../hashicorp-vault/" class="md-nav__link">
  794. <span class="md-ellipsis">
  795. HashiCorp Vault
  796. </span>
  797. </a>
  798. </li>
  799. <li class="md-nav__item">
  800. <a href="../kubernetes/" class="md-nav__link">
  801. <span class="md-ellipsis">
  802. Kubernetes
  803. </span>
  804. </a>
  805. </li>
  806. <li class="md-nav__item">
  807. <a href="../ibm-secrets-manager/" class="md-nav__link">
  808. <span class="md-ellipsis">
  809. IBM Secrets Manager
  810. </span>
  811. </a>
  812. </li>
  813. <li class="md-nav__item">
  814. <a href="../akeyless/" class="md-nav__link">
  815. <span class="md-ellipsis">
  816. Akeyless
  817. </span>
  818. </a>
  819. </li>
  820. <li class="md-nav__item">
  821. <a href="../yandex-certificate-manager/" class="md-nav__link">
  822. <span class="md-ellipsis">
  823. Yandex Certificate Manager
  824. </span>
  825. </a>
  826. </li>
  827. <li class="md-nav__item">
  828. <a href="../yandex-lockbox/" class="md-nav__link">
  829. <span class="md-ellipsis">
  830. Yandex Lockbox
  831. </span>
  832. </a>
  833. </li>
  834. <li class="md-nav__item">
  835. <a href="../alibaba/" class="md-nav__link">
  836. <span class="md-ellipsis">
  837. Alibaba Cloud
  838. </span>
  839. </a>
  840. </li>
  841. <li class="md-nav__item">
  842. <a href="../gitlab-variables/" class="md-nav__link">
  843. <span class="md-ellipsis">
  844. GitLab Variables
  845. </span>
  846. </a>
  847. </li>
  848. <li class="md-nav__item">
  849. <a href="../oracle-vault/" class="md-nav__link">
  850. <span class="md-ellipsis">
  851. Oracle Vault
  852. </span>
  853. </a>
  854. </li>
  855. <li class="md-nav__item">
  856. <a href="../1password-automation/" class="md-nav__link">
  857. <span class="md-ellipsis">
  858. 1Password Secrets Automation
  859. </span>
  860. </a>
  861. </li>
  862. <li class="md-nav__item">
  863. <a href="../webhook/" class="md-nav__link">
  864. <span class="md-ellipsis">
  865. Webhook
  866. </span>
  867. </a>
  868. </li>
  869. <li class="md-nav__item">
  870. <a href="../fake/" class="md-nav__link">
  871. <span class="md-ellipsis">
  872. Fake
  873. </span>
  874. </a>
  875. </li>
  876. <li class="md-nav__item">
  877. <a href="../senhasegura-dsm/" class="md-nav__link">
  878. <span class="md-ellipsis">
  879. senhasegura DevOps Secrets Management (DSM)
  880. </span>
  881. </a>
  882. </li>
  883. <li class="md-nav__item">
  884. <a href="../doppler/" class="md-nav__link">
  885. <span class="md-ellipsis">
  886. Doppler
  887. </span>
  888. </a>
  889. </li>
  890. <li class="md-nav__item">
  891. <a href="../keeper-security/" class="md-nav__link">
  892. <span class="md-ellipsis">
  893. Keeper Security
  894. </span>
  895. </a>
  896. </li>
  897. <li class="md-nav__item">
  898. <a href="../cloak/" class="md-nav__link">
  899. <span class="md-ellipsis">
  900. Cloak End 2 End Encrypted Secrets
  901. </span>
  902. </a>
  903. </li>
  904. <li class="md-nav__item">
  905. <a href="../scaleway/" class="md-nav__link">
  906. <span class="md-ellipsis">
  907. Scaleway
  908. </span>
  909. </a>
  910. </li>
  911. <li class="md-nav__item">
  912. <a href="../delinea/" class="md-nav__link">
  913. <span class="md-ellipsis">
  914. Delinea
  915. </span>
  916. </a>
  917. </li>
  918. <li class="md-nav__item">
  919. <a href="../secretserver/" class="md-nav__link">
  920. <span class="md-ellipsis">
  921. Secret Server
  922. </span>
  923. </a>
  924. </li>
  925. <li class="md-nav__item">
  926. <a href="../passbolt/" class="md-nav__link">
  927. <span class="md-ellipsis">
  928. Passbolt
  929. </span>
  930. </a>
  931. </li>
  932. <li class="md-nav__item">
  933. <a href="../pulumi/" class="md-nav__link">
  934. <span class="md-ellipsis">
  935. Pulumi ESC
  936. </span>
  937. </a>
  938. </li>
  939. <li class="md-nav__item">
  940. <a href="../onboardbase/" class="md-nav__link">
  941. <span class="md-ellipsis">
  942. Onboardbase
  943. </span>
  944. </a>
  945. </li>
  946. <li class="md-nav__item">
  947. <a href="../../provider-passworddepot/" class="md-nav__link">
  948. <span class="md-ellipsis">
  949. Password Depot
  950. </span>
  951. </a>
  952. </li>
  953. <li class="md-nav__item">
  954. <a href="../fortanix/" class="md-nav__link">
  955. <span class="md-ellipsis">
  956. Fortanix
  957. </span>
  958. </a>
  959. </li>
  960. <li class="md-nav__item">
  961. <a href="../infisical/" class="md-nav__link">
  962. <span class="md-ellipsis">
  963. Infisical
  964. </span>
  965. </a>
  966. </li>
  967. <li class="md-nav__item">
  968. <a href="../previder/" class="md-nav__link">
  969. <span class="md-ellipsis">
  970. Previder
  971. </span>
  972. </a>
  973. </li>
  974. </ul>
  975. </nav>
  976. </li>
  977. <li class="md-nav__item md-nav__item--nested">
  978. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_5" >
  979. <label class="md-nav__link" for="__nav_5" id="__nav_5_label" tabindex="0">
  980. <span class="md-ellipsis">
  981. Examples
  982. </span>
  983. <span class="md-nav__icon md-icon"></span>
  984. </label>
  985. <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_5_label" aria-expanded="false">
  986. <label class="md-nav__title" for="__nav_5">
  987. <span class="md-nav__icon md-icon"></span>
  988. Examples
  989. </label>
  990. <ul class="md-nav__list" data-md-scrollfix>
  991. <li class="md-nav__item">
  992. <a href="../../examples/gitops-using-fluxcd/" class="md-nav__link">
  993. <span class="md-ellipsis">
  994. FluxCD
  995. </span>
  996. </a>
  997. </li>
  998. <li class="md-nav__item">
  999. <a href="../../examples/anchore-engine-credentials/" class="md-nav__link">
  1000. <span class="md-ellipsis">
  1001. Anchore Engine
  1002. </span>
  1003. </a>
  1004. </li>
  1005. <li class="md-nav__item">
  1006. <a href="../../examples/jenkins-kubernetes-credentials/" class="md-nav__link">
  1007. <span class="md-ellipsis">
  1008. Jenkins
  1009. </span>
  1010. </a>
  1011. </li>
  1012. <li class="md-nav__item">
  1013. <a href="../../examples/bitwarden/" class="md-nav__link">
  1014. <span class="md-ellipsis">
  1015. BitWarden
  1016. </span>
  1017. </a>
  1018. </li>
  1019. </ul>
  1020. </nav>
  1021. </li>
  1022. <li class="md-nav__item md-nav__item--nested">
  1023. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_6" >
  1024. <label class="md-nav__link" for="__nav_6" id="__nav_6_label" tabindex="0">
  1025. <span class="md-ellipsis">
  1026. Community
  1027. </span>
  1028. <span class="md-nav__icon md-icon"></span>
  1029. </label>
  1030. <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_6_label" aria-expanded="false">
  1031. <label class="md-nav__title" for="__nav_6">
  1032. <span class="md-nav__icon md-icon"></span>
  1033. Community
  1034. </label>
  1035. <ul class="md-nav__list" data-md-scrollfix>
  1036. <li class="md-nav__item md-nav__item--nested">
  1037. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_6_1" >
  1038. <label class="md-nav__link" for="__nav_6_1" id="__nav_6_1_label" tabindex="0">
  1039. <span class="md-ellipsis">
  1040. Contributing
  1041. </span>
  1042. <span class="md-nav__icon md-icon"></span>
  1043. </label>
  1044. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_6_1_label" aria-expanded="false">
  1045. <label class="md-nav__title" for="__nav_6_1">
  1046. <span class="md-nav__icon md-icon"></span>
  1047. Contributing
  1048. </label>
  1049. <ul class="md-nav__list" data-md-scrollfix>
  1050. <li class="md-nav__item">
  1051. <a href="../../contributing/devguide/" class="md-nav__link">
  1052. <span class="md-ellipsis">
  1053. Developer guide
  1054. </span>
  1055. </a>
  1056. </li>
  1057. <li class="md-nav__item">
  1058. <a href="../../contributing/process/" class="md-nav__link">
  1059. <span class="md-ellipsis">
  1060. Contributing Process
  1061. </span>
  1062. </a>
  1063. </li>
  1064. <li class="md-nav__item">
  1065. <a href="../../contributing/release/" class="md-nav__link">
  1066. <span class="md-ellipsis">
  1067. Release Process
  1068. </span>
  1069. </a>
  1070. </li>
  1071. <li class="md-nav__item">
  1072. <a href="../../contributing/coc/" class="md-nav__link">
  1073. <span class="md-ellipsis">
  1074. Code of Conduct
  1075. </span>
  1076. </a>
  1077. </li>
  1078. <li class="md-nav__item">
  1079. <a href="../../contributing/roadmap/" class="md-nav__link">
  1080. <span class="md-ellipsis">
  1081. Roadmap
  1082. </span>
  1083. </a>
  1084. </li>
  1085. </ul>
  1086. </nav>
  1087. </li>
  1088. <li class="md-nav__item md-nav__item--nested">
  1089. <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_6_2" >
  1090. <label class="md-nav__link" for="__nav_6_2" id="__nav_6_2_label" tabindex="0">
  1091. <span class="md-ellipsis">
  1092. External Resources
  1093. </span>
  1094. <span class="md-nav__icon md-icon"></span>
  1095. </label>
  1096. <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_6_2_label" aria-expanded="false">
  1097. <label class="md-nav__title" for="__nav_6_2">
  1098. <span class="md-nav__icon md-icon"></span>
  1099. External Resources
  1100. </label>
  1101. <ul class="md-nav__list" data-md-scrollfix>
  1102. <li class="md-nav__item">
  1103. <a href="../../eso-talks/" class="md-nav__link">
  1104. <span class="md-ellipsis">
  1105. Talks
  1106. </span>
  1107. </a>
  1108. </li>
  1109. <li class="md-nav__item">
  1110. <a href="../../eso-demos/" class="md-nav__link">
  1111. <span class="md-ellipsis">
  1112. Demos
  1113. </span>
  1114. </a>
  1115. </li>
  1116. <li class="md-nav__item">
  1117. <a href="../../eso-blogs/" class="md-nav__link">
  1118. <span class="md-ellipsis">
  1119. Blogs
  1120. </span>
  1121. </a>
  1122. </li>
  1123. <li class="md-nav__item">
  1124. <a href="../../eso-tools/" class="md-nav__link">
  1125. <span class="md-ellipsis">
  1126. Tools
  1127. </span>
  1128. </a>
  1129. </li>
  1130. </ul>
  1131. </nav>
  1132. </li>
  1133. </ul>
  1134. </nav>
  1135. </li>
  1136. </ul>
  1137. </nav>
  1138. </div>
  1139. </div>
  1140. </div>
  1141. <div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
  1142. <div class="md-sidebar__scrollwrap">
  1143. <div class="md-sidebar__inner">
  1144. <nav class="md-nav md-nav--secondary" aria-label="Table of contents">
  1145. <label class="md-nav__title" for="__toc">
  1146. <span class="md-nav__icon md-icon"></span>
  1147. Table of contents
  1148. </label>
  1149. <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
  1150. <li class="md-nav__item">
  1151. <a href="#google-cloud-secret-manager" class="md-nav__link">
  1152. <span class="md-ellipsis">
  1153. Google Cloud Secret Manager
  1154. </span>
  1155. </a>
  1156. </li>
  1157. <li class="md-nav__item">
  1158. <a href="#authentication" class="md-nav__link">
  1159. <span class="md-ellipsis">
  1160. Authentication
  1161. </span>
  1162. </a>
  1163. <nav class="md-nav" aria-label="Authentication">
  1164. <ul class="md-nav__list">
  1165. <li class="md-nav__item">
  1166. <a href="#workload-identity" class="md-nav__link">
  1167. <span class="md-ellipsis">
  1168. Workload Identity
  1169. </span>
  1170. </a>
  1171. <nav class="md-nav" aria-label="Workload Identity">
  1172. <ul class="md-nav__list">
  1173. <li class="md-nav__item">
  1174. <a href="#creating-workload-identity-service-accounts" class="md-nav__link">
  1175. <span class="md-ellipsis">
  1176. Creating Workload Identity Service Accounts
  1177. </span>
  1178. </a>
  1179. </li>
  1180. <li class="md-nav__item">
  1181. <a href="#using-service-accounts-directly" class="md-nav__link">
  1182. <span class="md-ellipsis">
  1183. Using Service Accounts directly
  1184. </span>
  1185. </a>
  1186. </li>
  1187. <li class="md-nav__item">
  1188. <a href="#using-pod-based-workload-identity" class="md-nav__link">
  1189. <span class="md-ellipsis">
  1190. Using Pod-based Workload Identity
  1191. </span>
  1192. </a>
  1193. </li>
  1194. </ul>
  1195. </nav>
  1196. </li>
  1197. <li class="md-nav__item">
  1198. <a href="#gcp-service-account-authentication" class="md-nav__link">
  1199. <span class="md-ellipsis">
  1200. GCP Service Account authentication
  1201. </span>
  1202. </a>
  1203. <nav class="md-nav" aria-label="GCP Service Account authentication">
  1204. <ul class="md-nav__list">
  1205. <li class="md-nav__item">
  1206. <a href="#update-secret-store" class="md-nav__link">
  1207. <span class="md-ellipsis">
  1208. Update secret store
  1209. </span>
  1210. </a>
  1211. </li>
  1212. <li class="md-nav__item">
  1213. <a href="#creating-external-secret" class="md-nav__link">
  1214. <span class="md-ellipsis">
  1215. Creating external secret
  1216. </span>
  1217. </a>
  1218. </li>
  1219. </ul>
  1220. </nav>
  1221. </li>
  1222. </ul>
  1223. </nav>
  1224. </li>
  1225. </ul>
  1226. </nav>
  1227. </div>
  1228. </div>
  1229. </div>
  1230. <div class="md-content" data-md-component="content">
  1231. <article class="md-content__inner md-typeset">
  1232. <h1>Google Cloud Secret Manager</h1>
  1233. <h2 id="google-cloud-secret-manager">Google Cloud Secret Manager</h2>
  1234. <p>External Secrets Operator integrates with <a href="https://cloud.google.com/secret-manager">GCP Secret Manager</a> for secret management.</p>
  1235. <h2 id="authentication">Authentication</h2>
  1236. <h3 id="workload-identity">Workload Identity</h3>
  1237. <p>Your Google Kubernetes Engine (GKE) applications can consume GCP services like Secrets Manager without using static, long-lived authentication tokens. This is our recommended approach of handling credentials in GCP. ESO offers two options for integrating with GKE workload identity: <strong>pod-based workload identity</strong> and <strong>using service accounts directly</strong>. Before using either way you need to create a service account - this is covered below.</p>
  1238. <h4 id="creating-workload-identity-service-accounts">Creating Workload Identity Service Accounts</h4>
  1239. <p>You can find the documentation for Workload Identity <a href="https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity">here</a>. We will walk you through how to navigate it here.</p>
  1240. <p>Search <a href="https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity">the document</a> for this editable values and change them to your values:
  1241. <em>Note: If you have installed ESO, a serviceaccount has already been created. You can either patch the existing <code>external-secrets</code> SA or create a new one that fits your needs.</em></p>
  1242. <ul>
  1243. <li><code>CLUSTER_NAME</code>: The name of your cluster</li>
  1244. <li><code>PROJECT_ID</code>: Your project ID (not your Project number nor your Project name)</li>
  1245. <li><code>K8S_NAMESPACE</code>: For us following these steps here it will be <code>es</code>, but this will be the namespace where you deployed the external-secrets operator</li>
  1246. <li><code>KSA_NAME</code>: external-secrets (if you are not creating a new one to attach to the deployment)</li>
  1247. <li><code>GSA_NAME</code>: external-secrets for simplicity, or something else if you have to follow different naming conventions for cloud resources</li>
  1248. <li><code>ROLE_NAME</code>: should be <code>roles/secretmanager.secretAccessor</code> - so you make the pod only be able to access secrets on Secret Manager</li>
  1249. </ul>
  1250. <h4 id="using-service-accounts-directly">Using Service Accounts directly</h4>
  1251. <p>Let's assume you have created a service account correctly and attached a appropriate workload identity. It should roughly look like this:</p>
  1252. <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v1</span>
  1253. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ServiceAccount</span>
  1254. <span class="nt">metadata</span><span class="p">:</span>
  1255. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets</span>
  1256. <span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">es</span>
  1257. <span class="w"> </span><span class="nt">annotations</span><span class="p">:</span>
  1258. <span class="w"> </span><span class="nt">iam.gke.io/gcp-service-account</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">example-team-a@my-project.iam.gserviceaccount.com</span>
  1259. </code></pre></div>
  1260. <p>You can reference this particular ServiceAccount in a <code>SecretStore</code> or <code>ClusterSecretStore</code>. It's important that you also set the <code>projectID</code>, <code>clusterLocation</code> and <code>clusterName</code>. The Namespace on the <code>serviceAccountRef</code> is ignored when using a <code>SecretStore</code> resource. This is needed to isolate the namespaces properly.</p>
  1261. <p><em>When filling <code>clusterLocation</code> parameter keep in mind if it is Regional or Zonal cluster.</em></p>
  1262. <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span>
  1263. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ClusterSecretStore</span>
  1264. <span class="nt">metadata</span><span class="p">:</span>
  1265. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">gcp-store</span>
  1266. <span class="nt">spec</span><span class="p">:</span>
  1267. <span class="w"> </span><span class="nt">provider</span><span class="p">:</span>
  1268. <span class="w"> </span><span class="nt">gcpsm</span><span class="p">:</span>
  1269. <span class="w"> </span><span class="nt">projectID</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">alphabet-123</span>
  1270. <span class="w"> </span><span class="nt">auth</span><span class="p">:</span>
  1271. <span class="w"> </span><span class="nt">workloadIdentity</span><span class="p">:</span>
  1272. <span class="w"> </span><span class="c1"># name of the cluster Location, region or zone</span>
  1273. <span class="w"> </span><span class="nt">clusterLocation</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">europe-central2</span>
  1274. <span class="w"> </span><span class="c1"># name of the GKE cluster</span>
  1275. <span class="w"> </span><span class="nt">clusterName</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">alpha-cluster-42</span>
  1276. <span class="w"> </span><span class="c1"># projectID of the cluster (if omitted defaults to spec.provider.gcpsm.projectID)</span>
  1277. <span class="w"> </span><span class="nt">clusterProjectID</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-cluster-project</span>
  1278. <span class="w"> </span><span class="c1"># reference the sa from above</span>
  1279. <span class="w"> </span><span class="nt">serviceAccountRef</span><span class="p">:</span>
  1280. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">team-a</span>
  1281. <span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">team-a</span>
  1282. </code></pre></div>
  1283. <p><em>You need to give the Google service account the <code>roles/iam.serviceAccountTokenCreator</code> role so it can generate a service account token for you (not necessary in the Pod-based Workload Identity bellow)</em></p>
  1284. <h4 id="using-pod-based-workload-identity">Using Pod-based Workload Identity</h4>
  1285. <p>You can attach a Workload Identity directly to the ESO pod. ESO then has access to all the APIs defined in the attached service account policy. You attach the workload identity by (1) creating a service account with a attached workload identity (described above) and (2) using this particular service account in the pod's <code>serviceAccountName</code> field.</p>
  1286. <p>For this example we will assume that you installed ESO using helm and that you named the chart installation <code>external-secrets</code> and the namespace where it lives <code>es</code> like:</p>
  1287. <div class="highlight"><pre><span></span><code>helm<span class="w"> </span>install<span class="w"> </span>external-secrets<span class="w"> </span>external-secrets/external-secrets<span class="w"> </span>--namespace<span class="w"> </span>es
  1288. </code></pre></div>
  1289. <p>Then most of the resources would have this name, the important one here being the k8s service account attached to the external-secrets operator deployment:</p>
  1290. <div class="highlight"><pre><span></span><code><span class="c1"># ...</span>
  1291. <span class="w"> </span><span class="nt">containers</span><span class="p">:</span>
  1292. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ghcr.io/external-secrets/external-secrets:vVERSION</span>
  1293. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets</span>
  1294. <span class="w"> </span><span class="nt">ports</span><span class="p">:</span>
  1295. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">containerPort</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">8080</span>
  1296. <span class="w"> </span><span class="nt">protocol</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">TCP</span>
  1297. <span class="w"> </span><span class="nt">restartPolicy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Always</span>
  1298. <span class="w"> </span><span class="nt">schedulerName</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">default-scheduler</span>
  1299. <span class="w"> </span><span class="nt">serviceAccount</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets</span>
  1300. <span class="w"> </span><span class="nt">serviceAccountName</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets</span><span class="w"> </span><span class="c1"># &lt;--- here</span>
  1301. </code></pre></div>
  1302. <p>The pod now has the identity. Now you need to configure the <code>SecretStore</code>.
  1303. You just need to set the <code>projectID</code>, all other fields can be omitted.</p>
  1304. <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span>
  1305. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
  1306. <span class="nt">metadata</span><span class="p">:</span>
  1307. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">gcp-store</span>
  1308. <span class="nt">spec</span><span class="p">:</span>
  1309. <span class="w"> </span><span class="nt">provider</span><span class="p">:</span>
  1310. <span class="w"> </span><span class="nt">gcpsm</span><span class="p">:</span>
  1311. <span class="w"> </span><span class="nt">projectID</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">alphabet-123</span>
  1312. </code></pre></div>
  1313. <h3 id="gcp-service-account-authentication">GCP Service Account authentication</h3>
  1314. <p>You can use <a href="https://cloud.google.com/iam/docs/service-accounts">GCP Service Account</a> to authenticate with GCP. These are static, long-lived credentials. A GCP Service Account is a JSON file that needs to be stored in a <code>Kind=Secret</code>. ESO will use that Secret to authenticate with GCP. See here how you <a href="https://cloud.google.com/iam/docs/creating-managing-service-accounts">manage GCP Service Accounts</a>.
  1315. After creating a GCP Service account go to <code>IAM &amp; Admin</code> web UI, click <code>ADD ANOTHER ROLE</code> button, add <code>Secret Manager Secret Accessor</code> role to this service account.
  1316. The <code>Secret Manager Secret Accessor</code> role is required to access secrets.</p>
  1317. <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v1</span>
  1318. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Secret</span>
  1319. <span class="nt">metadata</span><span class="p">:</span>
  1320. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">gcpsm-secret</span>
  1321. <span class="w"> </span><span class="nt">labels</span><span class="p">:</span>
  1322. <span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">gcpsm</span>
  1323. <span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Opaque</span>
  1324. <span class="nt">stringData</span><span class="p">:</span>
  1325. <span class="w"> </span><span class="nt">secret-access-credentials</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">|-</span>
  1326. <span class="w"> </span><span class="no">{</span>
  1327. <span class="w"> </span><span class="no">&quot;type&quot;: &quot;service_account&quot;,</span>
  1328. <span class="w"> </span><span class="no">&quot;project_id&quot;: &quot;external-secrets-operator&quot;,</span>
  1329. <span class="w"> </span><span class="no">&quot;private_key_id&quot;: &quot;&quot;,</span>
  1330. <span class="w"> </span><span class="no">&quot;private_key&quot;: &quot;-----BEGIN PRIVATE KEY-----\nA key\n-----END PRIVATE KEY-----\n&quot;,</span>
  1331. <span class="w"> </span><span class="no">&quot;client_email&quot;: &quot;test-service-account@external-secrets-operator.iam.gserviceaccount.com&quot;,</span>
  1332. <span class="w"> </span><span class="no">&quot;client_id&quot;: &quot;client ID&quot;,</span>
  1333. <span class="w"> </span><span class="no">&quot;auth_uri&quot;: &quot;https://accounts.google.com/o/oauth2/auth&quot;,</span>
  1334. <span class="w"> </span><span class="no">&quot;token_uri&quot;: &quot;https://oauth2.googleapis.com/token&quot;,</span>
  1335. <span class="w"> </span><span class="no">&quot;auth_provider_x509_cert_url&quot;: &quot;https://www.googleapis.com/oauth2/v1/certs&quot;,</span>
  1336. <span class="w"> </span><span class="no">&quot;client_x509_cert_url&quot;: &quot;https://www.googleapis.com/robot/v1/metadata/x509/test-service-account%40external-secrets-operator.iam.gserviceaccount.com&quot;</span>
  1337. <span class="w"> </span><span class="no">}</span>
  1338. </code></pre></div>
  1339. <h4 id="update-secret-store">Update secret store</h4>
  1340. <p>Be sure the <code>gcpsm</code> provider is listed in the <code>Kind=SecretStore</code></p>
  1341. <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span>
  1342. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
  1343. <span class="nt">metadata</span><span class="p">:</span>
  1344. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">gcp-store</span>
  1345. <span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">example</span>
  1346. <span class="nt">spec</span><span class="p">:</span>
  1347. <span class="w"> </span><span class="nt">provider</span><span class="p">:</span>
  1348. <span class="w"> </span><span class="nt">gcpsm</span><span class="p">:</span><span class="w"> </span><span class="c1"># gcpsm provider</span>
  1349. <span class="w"> </span><span class="nt">auth</span><span class="p">:</span>
  1350. <span class="w"> </span><span class="nt">secretRef</span><span class="p">:</span>
  1351. <span class="w"> </span><span class="nt">secretAccessKeySecretRef</span><span class="p">:</span>
  1352. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">gcpsm-secret</span><span class="w"> </span><span class="c1"># secret name containing SA key</span>
  1353. <span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">secret-access-credentials</span><span class="w"> </span><span class="c1"># key name containing SA key</span>
  1354. <span class="w"> </span><span class="nt">projectID</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">alphabet-123</span><span class="w"> </span><span class="c1"># name of Google Cloud project</span>
  1355. </code></pre></div>
  1356. <p><strong>NOTE:</strong> In case of a <code>ClusterSecretStore</code>, Be sure to provide <code>namespace</code> for <code>SecretAccessKeyRef</code> with the namespace of the secret that we just created.</p>
  1357. <h4 id="creating-external-secret">Creating external secret</h4>
  1358. <p>To create a kubernetes secret from the GCP Secret Manager secret a <code>Kind=ExternalSecret</code> is needed.</p>
  1359. <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span>
  1360. <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
  1361. <span class="nt">metadata</span><span class="p">:</span>
  1362. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database-credentials</span>
  1363. <span class="nt">spec</span><span class="p">:</span>
  1364. <span class="w"> </span><span class="nt">refreshInterval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1h</span><span class="w"> </span><span class="c1"># rate SecretManager pulls GCPSM</span>
  1365. <span class="w"> </span><span class="nt">secretStoreRef</span><span class="p">:</span>
  1366. <span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
  1367. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">gcp-store</span><span class="w"> </span><span class="c1"># name of the SecretStore (or kind specified)</span>
  1368. <span class="w"> </span><span class="nt">target</span><span class="p">:</span>
  1369. <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database-credentials</span><span class="w"> </span><span class="c1"># name of the k8s Secret to be created</span>
  1370. <span class="w"> </span><span class="nt">creationPolicy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Owner</span>
  1371. <span class="w"> </span><span class="nt">data</span><span class="p">:</span>
  1372. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database_username</span>
  1373. <span class="w"> </span><span class="nt">remoteRef</span><span class="p">:</span>
  1374. <span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database_username</span><span class="w"> </span><span class="c1"># name of the GCPSM secret key</span>
  1375. <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">secretKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database_password</span>
  1376. <span class="w"> </span><span class="nt">remoteRef</span><span class="p">:</span>
  1377. <span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database_password</span><span class="w"> </span><span class="c1"># name of the GCPSM secret key</span>
  1378. </code></pre></div>
  1379. <p>The operator will fetch the GCP Secret Manager secret and inject it as a <code>Kind=Secret</code>
  1380. <div class="highlight"><pre><span></span><code>kubectl get secret secret-to-be-created -n &lt;namespace&gt; -o jsonpath=&#39;{.data.dev-secret-test}&#39; | base64 -d
  1381. </code></pre></div></p>
  1382. </article>
  1383. </div>
  1384. <script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
  1385. </div>
  1386. </main>
  1387. <img referrerpolicy="no-referrer-when-downgrade" src="https://static.scarf.sh/a.png?x-pxid=6658a9eb-067d-49f1-94f2-b8b00f21451e" />
  1388. <footer class="md-footer">
  1389. <div class="md-footer-meta md-typeset">
  1390. <div class="md-footer-meta__inner md-grid">
  1391. <div class="md-copyright">
  1392. <div class="md-copyright__highlight">
  1393. &copy; 2024 The external-secrets Authors.<br/>
  1394. &copy; 2024 The Linux Foundation. All rights reserved.<br/><br/>
  1395. The Linux Foundation has registered trademarks and uses trademarks.<br/>
  1396. For a list of trademarks of The Linux Foundation, please see our <a href="https://www.linuxfoundation.org/trademark-usage/">Trademark Usage page</a>.
  1397. </div>
  1398. Made with
  1399. <a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
  1400. Material for MkDocs
  1401. </a>
  1402. </div>
  1403. </div>
  1404. </div>
  1405. </footer>
  1406. </div>
  1407. <div class="md-dialog" data-md-component="dialog">
  1408. <div class="md-dialog__inner md-typeset"></div>
  1409. </div>
  1410. <script id="__config" type="application/json">{"base": "../..", "features": ["navigation.tabs", "navigation.indexes", "navigation.expand"], "search": "../../assets/javascripts/workers/search.6ce7567c.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}, "version": {"provider": "mike"}}</script>
  1411. <script src="../../assets/javascripts/bundle.83f73b43.min.js"></script>
  1412. </body>
  1413. </html>