暫無描述

paul-the-alien[bot] d7ec1760d1 Merge pull request #191 from external-secrets/ok-to-test-workflow		5 年之前
.github	6e97e2211d feat: add ok-to-test workflow	5 年之前
apis	0e49b84f6d Rebase on master, and rework unit tests	5 年之前
assets	e0e824967d Tidy image	5 年之前
deploy	7a16d0bcf8 Release 0.2.0	5 年之前
design	c8559c1be7 docs: Fix documentation for externalsecret dataFrom	5 年之前
docs	a8adc874b7 add README docs and yaml snippets for azure keyvault provider	5 年之前
e2e	7beec56522 feat: add basic e2e test	5 年之前
hack	64f874e1a8 Bump versions to make analytics work	5 年之前
pkg	07254798ee Avoid using Env variables for authorization , fix lint errors	5 年之前
.editorconfig	987d499241 cleanup: add lint and editorconfig	5 年之前
.gitignore	add9c81932 chore: refactor parameterstore unit test (#164)	5 年之前
.golangci.yaml	8c8064e0e1 Draft: feat: implement template (#69)	5 年之前
CNAME	90286f37a4 Create CNAME	5 年之前
Dockerfile	b4b1f892c5 Improve primary CI pipeline and refactor Makefile	5 年之前
LICENSE	59a364e04d initial commit	5 年之前
Makefile	f0efb59f94 ci: add helm.docs target to helm generate	5 年之前
PROJECT	2e0a6effbe convert to multi-api	5 年之前
README.md	ada014ae42 Update Azure kv link	5 年之前
RELEASE.md	771334dee9 feat: helm release workflow	5 年之前
SECURITY.md	25b3f4dd83 feat: security policy & dependabot (#60)	5 年之前
changelog.json	771334dee9 feat: helm release workflow	5 年之前
go.mod	07254798ee Avoid using Env variables for authorization , fix lint errors	5 年之前
go.sum	07254798ee Avoid using Env variables for authorization , fix lint errors	5 年之前
main.go	6318811108 Cleanup and remove kustomize manifests in favor of Helm chart	5 年之前
tools.go	6318811108 Cleanup and remove kustomize manifests in favor of Helm chart	5 年之前

External Secrets

The External Secrets Operator reads information from a third party service like AWS Secrets Manager and automatically injects the values as Kubernetes Secrets.

Multiple people and organizations are joining efforts to create a single External Secrets solution based on existing projects. If you are curious about the origins of this project, check out this issue and this PR.

Supported Backends

ESO installation with an AWS example

If you want to use Helm:

helm repo add external-secrets https://charts.external-secrets.io

helm install external-secrets \
   external-secrets/external-secrets \
    -n external-secrets \
    --create-namespace \
  # --set installCRDs=true

If you want to run it locally against the active Kubernetes cluster context:

git clone https://github.com/external-secrets/external-secrets.git
make crds.install
make run

Create a secret containing your AWS credentials:

echo -n 'KEYID' > ./access-key
echo -n 'SECRETKEY' > ./secret-access-key
kubectl create secret generic awssm-secret --from-file=./access-key  --from-file=./secret-access-key

Create a secret inside AWS Secret Manager with name my-json-secret with the following data:

{
  "name": {"first": "Tom", "last": "Anderson"},
  "friends": [
    {"first": "Dale", "last": "Murphy"},
    {"first": "Roger", "last": "Craig"},
    {"first": "Jane", "last": "Murphy"}
  ]
}

Apply the sample resources (omitting role and controller keys here, you should not omit them in production):

# secretstore.yaml
apiVersion: external-secrets.io/v1alpha1
kind: SecretStore
metadata:
  name: secretstore-sample
spec:
  provider:
    aws:
      service: SecretsManager
      region: us-east-2
      auth:
        secretRef:
          accessKeyIDSecretRef:
            name: awssm-secret
            key: access-key
          secretAccessKeySecretRef:
            name: awssm-secret
            key: secret-access-key

# externalsecret.yaml
apiVersion: external-secrets.io/v1alpha1
kind: ExternalSecret
metadata:
  name: example
spec:
  refreshInterval: 1m
  secretStoreRef:
    name: secretstore-sample
    kind: SecretStore
  target:
    name: secret-to-be-created
    creationPolicy: Owner
  data:
  - secretKey: firstname
    remoteRef:
      key: my-json-secret
      property: name.first # Tom
  - secretKey: first_friend
    remoteRef:
      key: my-json-secret
      property: friends.1.first # Roger

kubectl apply -f secretstore.yaml
kubectl apply -f externalsecret.yaml

Running kubectl get secret secret-to-be-created should return a new secret created by the operator.

You can get one of its values with jsonpath (This should return Roger):

kubectl get secret secret-to-be-created   -o jsonpath='{.data.first_friend}' | base64 -d

We will add more documentation once we have the implementation for the different providers. You can find some here: https://external-secrets.io

Stability and Support Level

Internally maintained:

| Provider | Stability | Contact | | --------------- |:-------------:|-----------------------------------------------:| | AWS SM | alpha | ESO Org | | AWS PS | alpha | ESO Org | | Hashicorp Vault | alpha | ESO Org | | GCP SM | alpha | ESO Org |

Community maintained:

| Provider | Stability | Contact | | --------------- |:-------------:|:------------------------------------------:| | Azure KV | alpha | @ahmedmus-1A @asnowfix @ncourbet-1A @1A-mj |

Support

You can use GitHub's issues to report bugs/suggest features or use GitHub's discussions to ask for help and figure out problems.

Even though we have active maintainers and people assigned to this project, we kindly ask for patience when asking for support. We will try to get to priority issues as fast as possible, but there may be some delays.

Contributing

We welcome and encourage contributions to this project! Please read the Developer and Contribution process guides. Also make sure to check the Code of Conduct and adhere to its guidelines.

README.md