logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets


			
				
					
						
						
							123456789101112131415161718192021
							apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: require-secretstore-aws-provider
spec:
  validationFailureAction: Enforce
  rules:
  - name: require-secretstore-aws-provider
    match:
      any:
      - resources:
          kinds:
          - SecretStore
          - ClusterSecretStore
    validate:
      message: "You must only use AWS SecretsManager"
      pattern:
        spec:
          provider:
            aws:
              service: SecretsManager