logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets


			
				
					
						
						
							12345678910111213141516171819202122232425262728293031323334353637383940
							apiVersion: generators.external-secrets.io/v1alpha1
kind: STSSessionToken
metadata:
  name: sts-gen
spec:

  # specify aws region (mandatory)
  region: eu-west-1

  # assume role with the given authentication credentials
  role: "my-role"

  # choose an authentication strategy
  # if no auth strategy is defined it falls back to using
  # credentials from the environment of the controller.
  auth:

    # 1: static credentials
    # point to a secret that contains static credentials
    # like AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY
    secretRef:
      accessKeyIDSecretRef:
        name: "my-aws-creds"
        key: "key-id"
      secretAccessKeySecretRef:
        name: "my-aws-creds"
        key: "access-secret"

    # option 2: IAM Roles for Service Accounts
    # point to a service account that should be used
    # that is configured for IAM Roles for Service Accounts (IRSA)
    jwt:
      serviceAccountRef:
        name: "oci-token-sync"

  # optional request parameters for further fine-tuning the Token generation.
  requestParameters:
    serialNumber: arn:aws:iam::123456789012:mfa/user
    sessionDuration: 900
    tokenCode: "123456"