| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791279227932794279527962797279827992800280128022803280428052806280728082809281028112812281328142815281628172818281928202821282228232824282528262827282828292830283128322833283428352836283728382839284028412842284328442845284628472848284928502851285228532854285528562857285828592860286128622863286428652866286728682869287028712872287328742875287628772878287928802881288228832884288528862887288828892890289128922893289428952896289728982899290029012902290329042905290629072908290929102911291229132914291529162917291829192920292129222923292429252926292729282929293029312932293329342935293629372938293929402941294229432944294529462947294829492950295129522953295429552956295729582959296029612962296329642965296629672968296929702971297229732974297529762977297829792980298129822983298429852986298729882989299029912992299329942995299629972998299930003001300230033004300530063007300830093010301130123013301430153016301730183019302030213022302330243025302630273028302930303031303230333034303530363037303830393040304130423043304430453046304730483049305030513052305330543055305630573058305930603061306230633064306530663067306830693070307130723073307430753076307730783079308030813082308330843085308630873088308930903091309230933094309530963097309830993100310131023103310431053106310731083109311031113112311331143115311631173118311931203121312231233124312531263127312831293130313131323133313431353136313731383139314031413142314331443145314631473148314931503151315231533154315531563157315831593160316131623163316431653166316731683169317031713172317331743175317631773178317931803181318231833184318531863187318831893190319131923193319431953196319731983199320032013202320332043205320632073208320932103211321232133214321532163217321832193220322132223223322432253226322732283229323032313232323332343235323632373238323932403241324232433244324532463247324832493250325132523253325432553256325732583259326032613262326332643265326632673268326932703271327232733274327532763277327832793280328132823283328432853286328732883289329032913292329332943295329632973298329933003301330233033304330533063307330833093310331133123313331433153316331733183319332033213322332333243325332633273328332933303331333233333334333533363337333833393340334133423343334433453346334733483349335033513352335333543355335633573358335933603361336233633364336533663367336833693370337133723373337433753376337733783379338033813382338333843385338633873388338933903391339233933394339533963397339833993400340134023403340434053406340734083409341034113412341334143415341634173418341934203421342234233424342534263427342834293430343134323433343434353436343734383439344034413442344334443445344634473448344934503451345234533454345534563457345834593460346134623463346434653466346734683469347034713472347334743475347634773478347934803481348234833484348534863487348834893490349134923493349434953496349734983499350035013502350335043505350635073508350935103511351235133514351535163517351835193520352135223523352435253526352735283529353035313532353335343535353635373538353935403541354235433544354535463547354835493550355135523553355435553556355735583559356035613562356335643565356635673568356935703571357235733574357535763577357835793580358135823583358435853586358735883589359035913592359335943595359635973598359936003601360236033604360536063607360836093610361136123613361436153616361736183619362036213622362336243625362636273628362936303631363236333634363536363637363836393640364136423643364436453646364736483649365036513652365336543655365636573658365936603661366236633664366536663667366836693670367136723673367436753676367736783679368036813682368336843685368636873688368936903691369236933694369536963697369836993700370137023703370437053706370737083709371037113712371337143715371637173718371937203721372237233724372537263727372837293730373137323733373437353736373737383739374037413742374337443745374637473748374937503751375237533754375537563757375837593760376137623763376437653766376737683769377037713772377337743775377637773778377937803781378237833784378537863787378837893790379137923793379437953796379737983799380038013802380338043805380638073808380938103811381238133814381538163817381838193820382138223823382438253826382738283829383038313832383338343835383638373838383938403841384238433844384538463847384838493850385138523853385438553856385738583859386038613862386338643865386638673868386938703871387238733874387538763877387838793880388138823883388438853886388738883889389038913892389338943895389638973898389939003901390239033904390539063907390839093910391139123913391439153916391739183919392039213922392339243925392639273928392939303931393239333934393539363937393839393940394139423943394439453946394739483949395039513952395339543955395639573958395939603961396239633964396539663967396839693970397139723973397439753976397739783979398039813982398339843985398639873988398939903991399239933994399539963997399839994000400140024003400440054006400740084009401040114012401340144015401640174018401940204021402240234024402540264027402840294030403140324033403440354036403740384039404040414042404340444045404640474048404940504051405240534054405540564057405840594060406140624063406440654066406740684069407040714072407340744075407640774078407940804081408240834084408540864087408840894090409140924093409440954096409740984099410041014102410341044105410641074108410941104111411241134114411541164117411841194120412141224123412441254126412741284129413041314132413341344135413641374138413941404141414241434144414541464147414841494150415141524153415441554156415741584159416041614162416341644165416641674168416941704171417241734174417541764177417841794180418141824183418441854186418741884189419041914192419341944195419641974198419942004201420242034204420542064207420842094210421142124213421442154216421742184219422042214222422342244225422642274228422942304231423242334234423542364237423842394240424142424243424442454246424742484249425042514252425342544255425642574258425942604261426242634264426542664267426842694270427142724273427442754276427742784279428042814282428342844285428642874288428942904291429242934294429542964297429842994300430143024303430443054306430743084309431043114312431343144315431643174318431943204321432243234324432543264327432843294330433143324333433443354336433743384339434043414342434343444345434643474348434943504351435243534354435543564357435843594360436143624363436443654366436743684369437043714372437343744375437643774378437943804381438243834384438543864387438843894390439143924393439443954396439743984399440044014402440344044405440644074408440944104411441244134414441544164417441844194420442144224423442444254426442744284429443044314432443344344435443644374438443944404441444244434444444544464447444844494450445144524453445444554456445744584459446044614462446344644465446644674468446944704471447244734474447544764477447844794480448144824483448444854486448744884489449044914492449344944495449644974498449945004501450245034504450545064507450845094510451145124513451445154516451745184519452045214522452345244525452645274528452945304531453245334534453545364537453845394540454145424543454445454546454745484549455045514552455345544555455645574558455945604561456245634564456545664567456845694570457145724573457445754576457745784579458045814582458345844585458645874588458945904591459245934594459545964597459845994600460146024603460446054606460746084609461046114612461346144615461646174618461946204621462246234624462546264627462846294630463146324633463446354636463746384639464046414642464346444645464646474648464946504651465246534654465546564657465846594660466146624663466446654666466746684669467046714672467346744675467646774678467946804681468246834684468546864687468846894690469146924693469446954696469746984699470047014702470347044705470647074708470947104711471247134714471547164717471847194720472147224723472447254726472747284729473047314732473347344735473647374738473947404741474247434744474547464747474847494750475147524753475447554756475747584759476047614762476347644765476647674768476947704771477247734774477547764777477847794780478147824783478447854786478747884789479047914792479347944795479647974798479948004801480248034804480548064807480848094810481148124813481448154816481748184819482048214822482348244825482648274828482948304831483248334834483548364837483848394840484148424843484448454846484748484849485048514852485348544855485648574858485948604861486248634864486548664867486848694870487148724873487448754876487748784879488048814882488348844885488648874888488948904891489248934894489548964897489848994900490149024903490449054906490749084909491049114912491349144915491649174918491949204921492249234924492549264927492849294930493149324933493449354936493749384939494049414942494349444945494649474948494949504951495249534954495549564957495849594960496149624963496449654966496749684969497049714972497349744975497649774978497949804981498249834984498549864987498849894990499149924993499449954996499749984999500050015002500350045005500650075008500950105011501250135014501550165017501850195020502150225023502450255026502750285029503050315032503350345035503650375038503950405041504250435044504550465047504850495050505150525053505450555056505750585059506050615062506350645065506650675068506950705071507250735074507550765077507850795080508150825083508450855086508750885089509050915092509350945095509650975098509951005101510251035104510551065107510851095110511151125113511451155116511751185119512051215122512351245125512651275128512951305131513251335134513551365137513851395140514151425143514451455146514751485149515051515152515351545155515651575158515951605161516251635164516551665167516851695170517151725173517451755176517751785179518051815182518351845185518651875188518951905191519251935194519551965197519851995200520152025203520452055206520752085209521052115212521352145215521652175218521952205221522252235224522552265227522852295230523152325233523452355236523752385239524052415242524352445245524652475248524952505251525252535254525552565257525852595260526152625263526452655266526752685269527052715272527352745275527652775278527952805281528252835284528552865287528852895290529152925293529452955296529752985299530053015302530353045305530653075308530953105311531253135314531553165317531853195320532153225323532453255326532753285329533053315332533353345335533653375338533953405341534253435344534553465347534853495350535153525353535453555356535753585359536053615362536353645365536653675368536953705371537253735374537553765377537853795380538153825383538453855386538753885389539053915392539353945395539653975398539954005401540254035404540554065407540854095410541154125413541454155416541754185419542054215422542354245425542654275428542954305431 |
- <!doctype html>
- <html lang="en" class="no-js">
- <head>
-
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width,initial-scale=1">
-
-
-
-
-
-
-
-
-
- <link rel="icon" href="../../../pictures/eso-round-logo.svg">
- <meta name="generator" content="mkdocs-1.6.1, mkdocs-material-9.7.6">
-
-
-
- <title>Beyondtrustworkloadcredentials - External Secrets Operator</title>
-
-
-
- <link rel="stylesheet" href="../../../assets/stylesheets/main.484c7ddc.min.css">
-
-
- <link rel="stylesheet" href="../../../assets/stylesheets/palette.ab4e12ef.min.css">
-
-
-
-
-
-
-
-
-
-
- <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
- <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
- <style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
-
-
-
- <script>__md_scope=new URL("../../..",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
-
-
-
-
-
- <script id="__analytics">function __md_analytics(){function e(){dataLayer.push(arguments)}window.dataLayer=window.dataLayer||[],e("js",new Date),e("config","G-QP38TD8K7V"),document.addEventListener("DOMContentLoaded",(function(){document.forms.search&&document.forms.search.query.addEventListener("blur",(function(){this.value&&e("event","search",{search_term:this.value})}));document$.subscribe((function(){var t=document.forms.feedback;if(void 0!==t)for(var a of t.querySelectorAll("[type=submit]"))a.addEventListener("click",(function(a){a.preventDefault();var n=document.location.pathname,d=this.getAttribute("data-md-value");e("event","feedback",{page:n,data:d}),t.firstElementChild.disabled=!0;var r=t.querySelector(".md-feedback__note [data-md-value='"+d+"']");r&&(r.hidden=!1)})),t.hidden=!1})),location$.subscribe((function(t){e("config","G-QP38TD8K7V",{page_path:t.pathname})}))}));var t=document.createElement("script");t.async=!0,t.src="https://www.googletagmanager.com/gtag/js?id=G-QP38TD8K7V",document.getElementById("__analytics").insertAdjacentElement("afterEnd",t)}</script>
-
- <script>"undefined"!=typeof __md_analytics&&__md_analytics()</script>
-
-
-
- </head>
-
-
-
-
-
-
-
-
-
- <body dir="ltr" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo">
-
-
- <input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
- <input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
- <label class="md-overlay" for="__drawer"></label>
- <div data-md-component="skip">
-
-
- <a href="#example-manifest" class="md-skip">
- Skip to content
- </a>
-
- </div>
- <div data-md-component="announce">
-
- </div>
-
- <div data-md-color-scheme="default" data-md-component="outdated" hidden>
-
- <aside class="md-banner md-banner--warning">
- <div class="md-banner__inner md-grid md-typeset">
-
- You're not viewing the latest version.
- <a href="../../../..">
- <strong>Click here to go to latest.</strong>
- </a>
- </div>
- <script>var el=document.querySelector("[data-md-component=outdated]"),base=new URL("../../.."),outdated=__md_get("__outdated",sessionStorage,base);!0===outdated&&el&&(el.hidden=!1)</script>
- </aside>
-
- </div>
-
-
-
- <header class="md-header" data-md-component="header">
- <nav class="md-header__inner md-grid" aria-label="Header">
- <a href="../../.." title="External Secrets Operator" class="md-header__button md-logo" aria-label="External Secrets Operator" data-md-component="logo">
-
- <img src="../../../pictures/eso-round-logo.svg" alt="logo">
- </a>
- <label class="md-header__button md-icon" for="__drawer">
-
- <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg>
- </label>
- <div class="md-header__title" data-md-component="header-title">
- <div class="md-header__ellipsis">
- <div class="md-header__topic">
- <span class="md-ellipsis">
- External Secrets Operator
- </span>
- </div>
- <div class="md-header__topic" data-md-component="header-topic">
- <span class="md-ellipsis">
-
- Beyondtrustworkloadcredentials
-
- </span>
- </div>
- </div>
- </div>
-
-
- <form class="md-header__option" data-md-component="palette">
-
-
-
-
- <input class="md-option" data-md-color-media="(prefers-color-scheme: light)" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo" aria-label="Switch to dark mode" type="radio" name="__palette" id="__palette_0">
-
- <label class="md-header__button md-icon" title="Switch to dark mode" for="__palette_1" hidden>
- <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a4 4 0 0 0-4 4 4 4 0 0 0 4 4 4 4 0 0 0 4-4 4 4 0 0 0-4-4m0 10a6 6 0 0 1-6-6 6 6 0 0 1 6-6 6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12z"/></svg>
- </label>
-
-
-
-
-
- <input class="md-option" data-md-color-media="(prefers-color-scheme: dark)" data-md-color-scheme="slate" data-md-color-primary="indigo" data-md-color-accent="indigo" aria-label="Switch to light mode" type="radio" name="__palette" id="__palette_1">
-
- <label class="md-header__button md-icon" title="Switch to light mode" for="__palette_0" hidden>
- <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 18c-.89 0-1.74-.2-2.5-.55C11.56 16.5 13 14.42 13 12s-1.44-4.5-3.5-5.45C10.26 6.2 11.11 6 12 6a6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12z"/></svg>
- </label>
-
-
- </form>
-
-
-
- <script>var palette=__md_get("__palette");if(palette&&palette.color){if("(prefers-color-scheme)"===palette.color.media){var media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']");palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent")}for(var[key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script>
-
-
-
-
-
- <label class="md-header__button md-icon" for="__search">
-
- <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
- </label>
- <div class="md-search" data-md-component="search" role="dialog">
- <label class="md-search__overlay" for="__search"></label>
- <div class="md-search__inner" role="search">
- <form class="md-search__form" name="search">
- <input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
- <label class="md-search__icon md-icon" for="__search">
-
- <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
-
- <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg>
- </label>
- <nav class="md-search__options" aria-label="Search">
-
- <button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
-
- <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/></svg>
- </button>
- </nav>
-
- </form>
- <div class="md-search__output">
- <div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix>
- <div class="md-search-result" data-md-component="search-result">
- <div class="md-search-result__meta">
- Initializing search
- </div>
- <ol class="md-search-result__list" role="presentation"></ol>
- </div>
- </div>
- </div>
- </div>
- </div>
-
-
-
- <div class="md-header__source">
- <a href="https://github.com/external-secrets/external-secrets" title="Go to repository" class="md-source" data-md-component="source">
- <div class="md-source__icon md-icon">
-
- <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M439.6 236.1 244 40.5c-5.4-5.5-12.8-8.5-20.4-8.5s-15 3-20.4 8.4L162.5 81l51.5 51.5c27.1-9.1 52.7 16.8 43.4 43.7l49.7 49.7c34.2-11.8 61.2 31 35.5 56.7-26.5 26.5-70.2-2.9-56-37.3L240.3 199v121.9c25.3 12.5 22.3 41.8 9.1 55-6.4 6.4-15.2 10.1-24.3 10.1s-17.8-3.6-24.3-10.1c-17.6-17.6-11.1-46.9 11.2-56v-123c-20.8-8.5-24.6-30.7-18.6-45L142.6 101 8.5 235.1C3 240.6 0 247.9 0 255.5s3 15 8.5 20.4l195.6 195.7c5.4 5.4 12.7 8.4 20.4 8.4s15-3 20.4-8.4l194.7-194.7c5.4-5.4 8.4-12.8 8.4-20.4s-3-15-8.4-20.4"/></svg>
- </div>
- <div class="md-source__repository">
- External Secrets Operator
- </div>
- </a>
- </div>
-
- </nav>
-
- </header>
-
- <div class="md-container" data-md-component="container">
-
-
-
-
-
- <nav class="md-tabs" aria-label="Tabs" data-md-component="tabs">
- <div class="md-grid">
- <ul class="md-tabs__list">
-
-
-
-
-
-
-
-
- <li class="md-tabs__item">
- <a href="../../.." class="md-tabs__link">
-
-
-
-
-
- Introduction
- </a>
- </li>
-
-
-
-
-
-
-
-
-
-
- <li class="md-tabs__item">
- <a href="../../components/" class="md-tabs__link">
-
-
-
-
-
- API
- </a>
- </li>
-
-
-
-
-
-
-
-
-
-
- <li class="md-tabs__item">
- <a href="../../../guides/introduction/" class="md-tabs__link">
-
-
-
-
-
- Guides
- </a>
- </li>
-
-
-
-
-
-
-
-
-
-
- <li class="md-tabs__item">
- <a href="../../../provider/aws-secrets-manager/" class="md-tabs__link">
-
-
-
-
-
- Provider
- </a>
- </li>
-
-
-
-
-
-
-
-
-
-
- <li class="md-tabs__item">
- <a href="../../../examples/gitops-using-fluxcd/" class="md-tabs__link">
-
-
-
-
-
- Examples
- </a>
- </li>
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- <li class="md-tabs__item">
- <a href="../../../contributing/devguide/" class="md-tabs__link">
-
-
-
-
-
- Community
- </a>
- </li>
-
-
-
-
-
- </ul>
- </div>
- </nav>
-
-
-
- <main class="md-main" data-md-component="main">
- <div class="md-main__inner md-grid">
-
-
-
- <div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
- <div class="md-sidebar__scrollwrap">
- <div class="md-sidebar__inner">
-
-
- <nav class="md-nav md-nav--primary md-nav--lifted" aria-label="Navigation" data-md-level="0">
- <label class="md-nav__title" for="__drawer">
- <a href="../../.." title="External Secrets Operator" class="md-nav__button md-logo" aria-label="External Secrets Operator" data-md-component="logo">
-
- <img src="../../../pictures/eso-round-logo.svg" alt="logo">
- </a>
- External Secrets Operator
- </label>
-
- <div class="md-nav__source">
- <a href="https://github.com/external-secrets/external-secrets" title="Go to repository" class="md-source" data-md-component="source">
- <div class="md-source__icon md-icon">
-
- <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M439.6 236.1 244 40.5c-5.4-5.5-12.8-8.5-20.4-8.5s-15 3-20.4 8.4L162.5 81l51.5 51.5c27.1-9.1 52.7 16.8 43.4 43.7l49.7 49.7c34.2-11.8 61.2 31 35.5 56.7-26.5 26.5-70.2-2.9-56-37.3L240.3 199v121.9c25.3 12.5 22.3 41.8 9.1 55-6.4 6.4-15.2 10.1-24.3 10.1s-17.8-3.6-24.3-10.1c-17.6-17.6-11.1-46.9 11.2-56v-123c-20.8-8.5-24.6-30.7-18.6-45L142.6 101 8.5 235.1C3 240.6 0 247.9 0 255.5s3 15 8.5 20.4l195.6 195.7c5.4 5.4 12.7 8.4 20.4 8.4s15-3 20.4-8.4l194.7-194.7c5.4-5.4 8.4-12.8 8.4-20.4s-3-15-8.4-20.4"/></svg>
- </div>
- <div class="md-source__repository">
- External Secrets Operator
- </div>
- </a>
- </div>
-
- <ul class="md-nav__list" data-md-scrollfix>
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item md-nav__item--nested">
-
-
-
-
-
- <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_1" >
-
-
- <div class="md-nav__link md-nav__container">
- <a href="../../.." class="md-nav__link ">
-
-
-
- <span class="md-ellipsis">
-
-
- Introduction
-
-
- </span>
-
-
- </a>
-
-
- <label class="md-nav__link " for="__nav_1" id="__nav_1_label" tabindex="0">
- <span class="md-nav__icon md-icon"></span>
- </label>
-
- </div>
-
- <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_1_label" aria-expanded="false">
- <label class="md-nav__title" for="__nav_1">
- <span class="md-nav__icon md-icon"></span>
-
-
- Introduction
-
- </label>
- <ul class="md-nav__list" data-md-scrollfix>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../introduction/overview/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Overview
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../introduction/glossary/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Glossary
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../introduction/prerequisites/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Prerequisites
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../introduction/getting-started/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Getting started
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../introduction/faq/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- FAQ
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../introduction/stability-support/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Stability and Support
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../introduction/deprecation-policy/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Deprecation Policy
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
- </ul>
- </nav>
-
- </li>
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item md-nav__item--nested">
-
-
-
-
-
- <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_2" >
-
-
- <label class="md-nav__link" for="__nav_2" id="__nav_2_label" tabindex="0">
-
-
-
- <span class="md-ellipsis">
-
-
- API
-
-
- </span>
-
-
- <span class="md-nav__icon md-icon"></span>
- </label>
-
- <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_2_label" aria-expanded="false">
- <label class="md-nav__title" for="__nav_2">
- <span class="md-nav__icon md-icon"></span>
-
-
- API
-
- </label>
- <ul class="md-nav__list" data-md-scrollfix>
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../components/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Components
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item md-nav__item--nested">
-
-
-
-
-
- <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_2_2" >
-
-
- <label class="md-nav__link" for="__nav_2_2" id="__nav_2_2_label" tabindex="0">
-
-
-
- <span class="md-ellipsis">
-
-
- Core Resources
-
-
- </span>
-
-
- <span class="md-nav__icon md-icon"></span>
- </label>
-
- <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_2_2_label" aria-expanded="false">
- <label class="md-nav__title" for="__nav_2_2">
- <span class="md-nav__icon md-icon"></span>
-
-
- Core Resources
-
- </label>
- <ul class="md-nav__list" data-md-scrollfix>
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../externalsecret/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- ExternalSecret
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../secretstore/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- SecretStore
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../clustersecretstore/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- ClusterSecretStore
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../clusterexternalsecret/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- ClusterExternalSecret
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../clusterpushsecret/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- ClusterPushSecret
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../pushsecret/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- PushSecret
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
- </ul>
- </nav>
-
- </li>
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item md-nav__item--nested">
-
-
-
-
-
- <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_2_3" >
-
-
- <div class="md-nav__link md-nav__container">
- <a href="../" class="md-nav__link ">
-
-
-
- <span class="md-ellipsis">
-
-
- Generators
-
-
- </span>
-
-
- </a>
-
-
- <label class="md-nav__link " for="__nav_2_3" id="__nav_2_3_label" tabindex="0">
- <span class="md-nav__icon md-icon"></span>
- </label>
-
- </div>
-
- <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_2_3_label" aria-expanded="false">
- <label class="md-nav__title" for="__nav_2_3">
- <span class="md-nav__icon md-icon"></span>
-
-
- Generators
-
- </label>
- <ul class="md-nav__list" data-md-scrollfix>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../acr/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Azure Container Registry
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../ecr/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- AWS Elastic Container Registry
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../sts/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- AWS STS Session Token
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../cloudsmith/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Cloudsmith
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../cluster/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Cluster Generator
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../gcr/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Google Container Registry
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../grafana/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Grafana
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../quay/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Quay
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../vault/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Vault Dynamic Secret
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../password/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Password
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../fake/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Fake
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../webhook/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Webhook
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../github/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Github
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../uuid/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- UUID
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../mfa/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- MFA
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../sshkey/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- SSHKey
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
- </ul>
- </nav>
-
- </li>
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item md-nav__item--nested">
-
-
-
-
-
- <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_2_4" >
-
-
- <label class="md-nav__link" for="__nav_2_4" id="__nav_2_4_label" tabindex="0">
-
-
-
- <span class="md-ellipsis">
-
-
- Reference Docs
-
-
- </span>
-
-
- <span class="md-nav__icon md-icon"></span>
- </label>
-
- <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_2_4_label" aria-expanded="false">
- <label class="md-nav__title" for="__nav_2_4">
- <span class="md-nav__icon md-icon"></span>
-
-
- Reference Docs
-
- </label>
- <ul class="md-nav__list" data-md-scrollfix>
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../spec/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- API specification
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../controller-options/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Controller Options
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../metrics/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Metrics
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../selectable-fields/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Selectable Fields
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
- </ul>
- </nav>
-
- </li>
-
-
-
- </ul>
- </nav>
-
- </li>
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item md-nav__item--nested">
-
-
-
-
-
- <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_3" >
-
-
- <label class="md-nav__link" for="__nav_3" id="__nav_3_label" tabindex="0">
-
-
-
- <span class="md-ellipsis">
-
-
- Guides
-
-
- </span>
-
-
- <span class="md-nav__icon md-icon"></span>
- </label>
-
- <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_3_label" aria-expanded="false">
- <label class="md-nav__title" for="__nav_3">
- <span class="md-nav__icon md-icon"></span>
-
-
- Guides
-
- </label>
- <ul class="md-nav__list" data-md-scrollfix>
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../guides/introduction/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Introduction
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item md-nav__item--nested">
-
-
-
-
-
- <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_3_2" >
-
-
- <label class="md-nav__link" for="__nav_3_2" id="__nav_3_2_label" tabindex="0">
-
-
-
- <span class="md-ellipsis">
-
-
- External Secrets
-
-
- </span>
-
-
- <span class="md-nav__icon md-icon"></span>
- </label>
-
- <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_2_label" aria-expanded="false">
- <label class="md-nav__title" for="__nav_3_2">
- <span class="md-nav__icon md-icon"></span>
-
-
- External Secrets
-
- </label>
- <ul class="md-nav__list" data-md-scrollfix>
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../guides/all-keys-one-secret/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Extract structured data
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../guides/getallsecrets/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Find Secrets by Name or Metadata
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../guides/datafrom-rewrite/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Rewriting Keys
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item md-nav__item--nested">
-
-
-
-
-
- <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_3_2_4" >
-
-
- <label class="md-nav__link" for="__nav_3_2_4" id="__nav_3_2_4_label" tabindex="0">
-
-
-
- <span class="md-ellipsis">
-
-
- Advanced Templating
-
-
- </span>
-
-
- <span class="md-nav__icon md-icon"></span>
- </label>
-
- <nav class="md-nav" data-md-level="3" aria-labelledby="__nav_3_2_4_label" aria-expanded="false">
- <label class="md-nav__title" for="__nav_3_2_4">
- <span class="md-nav__icon md-icon"></span>
-
-
- Advanced Templating
-
- </label>
- <ul class="md-nav__list" data-md-scrollfix>
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../guides/templating/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- v2
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../guides/templating-v1/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- v1
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
- </ul>
- </nav>
-
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../guides/common-k8s-secret-types/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Kubernetes Secret Types
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../guides/ownership-deletion-policy/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Lifecycle: ownership & deletion
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../guides/decoding-strategy/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Decoding Strategies
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../guides/controller-class/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Controller Classes
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
- </ul>
- </nav>
-
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../guides/targeting-custom-resources/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Targeting Custom Resources
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../guides/generator/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Generators
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../guides/pushsecrets/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Push Secrets
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item md-nav__item--nested">
-
-
-
-
-
- <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_3_6" >
-
-
- <label class="md-nav__link" for="__nav_3_6" id="__nav_3_6_label" tabindex="0">
-
-
-
- <span class="md-ellipsis">
-
-
- Operations
-
-
- </span>
-
-
- <span class="md-nav__icon md-icon"></span>
- </label>
-
- <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_6_label" aria-expanded="false">
- <label class="md-nav__title" for="__nav_3_6">
- <span class="md-nav__icon md-icon"></span>
-
-
- Operations
-
- </label>
- <ul class="md-nav__list" data-md-scrollfix>
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../guides/multi-tenancy/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Multi Tenancy
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../guides/security-best-practices/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Security Best Practices
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../guides/threat-model/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Threat Model
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../guides/v1beta1/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Upgrading to v1beta1
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../guides/using-latest-image/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Using Latest Image
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../guides/disable-cluster-features/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Disable Cluster Features
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
- </ul>
- </nav>
-
- </li>
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item md-nav__item--nested">
-
-
-
-
-
- <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_3_7" >
-
-
- <label class="md-nav__link" for="__nav_3_7" id="__nav_3_7_label" tabindex="0">
-
-
-
- <span class="md-ellipsis">
-
-
- Tooling
-
-
- </span>
-
-
- <span class="md-nav__icon md-icon"></span>
- </label>
-
- <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_7_label" aria-expanded="false">
- <label class="md-nav__title" for="__nav_3_7">
- <span class="md-nav__icon md-icon"></span>
-
-
- Tooling
-
- </label>
- <ul class="md-nav__list" data-md-scrollfix>
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../guides/using-esoctl-tool/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Using the esoctl tool
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
- </ul>
- </nav>
-
- </li>
-
-
-
- </ul>
- </nav>
-
- </li>
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item md-nav__item--nested">
-
-
-
-
-
- <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_4" >
-
-
- <label class="md-nav__link" for="__nav_4" id="__nav_4_label" tabindex="0">
-
-
-
- <span class="md-ellipsis">
-
-
- Provider
-
-
- </span>
-
-
- <span class="md-nav__icon md-icon"></span>
- </label>
-
- <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_4_label" aria-expanded="false">
- <label class="md-nav__title" for="__nav_4">
- <span class="md-nav__icon md-icon"></span>
-
-
- Provider
-
- </label>
- <ul class="md-nav__list" data-md-scrollfix>
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/aws-secrets-manager/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- AWS Secrets Manager
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/aws-parameter-store/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- AWS Parameter Store
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/aws-access/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- AWS Access
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/azure-key-vault/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Azure Key Vault
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/barbican/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Barbican
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/beyondtrust/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- BeyondTrust
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/bitwarden-secrets-manager/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Bitwarden Secrets Manager
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/chef/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Chef
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/cloudru/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Cloud.ru Secret Manager
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/conjur/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- CyberArk Conjur
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/google-secrets-manager/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Google Cloud Secret Manager
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/hashicorp-vault/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- HashiCorp Vault
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/kubernetes/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Kubernetes
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/ibm-secrets-manager/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- IBM Secrets Manager
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/akeyless/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Akeyless
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/yandex-certificate-manager/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Yandex Certificate Manager
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/yandex-lockbox/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Yandex Lockbox
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/gitlab-variables/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- GitLab Variables
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/github/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Github Actions Secrets
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/oracle-vault/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Oracle Vault
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/ovhcloud/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- OVHcloud
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/1password-automation/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- 1Password Connect Server
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/1password-sdk/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- 1Password SDK
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/webhook/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Webhook
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/fake/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Fake
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/senhasegura-dsm/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- senhasegura DevOps Secrets Management (DSM)
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/doppler/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Doppler
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/keeper-security/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Keeper Security
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/cloak/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Cloak End 2 End Encrypted Secrets
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/scaleway/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Scaleway
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/delinea/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Delinea
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/secretserver/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Secret Server
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/passbolt/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Passbolt
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/pulumi/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Pulumi ESC
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/onboardbase/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Onboardbase
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider-passworddepot/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Password Depot
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/fortanix/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Fortanix
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/infisical/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Infisical
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/previder/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Previder
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/openbao/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- OpenBao
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/volcengine/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Volcengine
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/ngrok/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- ngrok
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/devolutions-server/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Devolutions Server
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../provider/nebius-mysterybox/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Nebius MysteryBox
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
- </ul>
- </nav>
-
- </li>
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item md-nav__item--nested">
-
-
-
-
-
- <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_5" >
-
-
- <label class="md-nav__link" for="__nav_5" id="__nav_5_label" tabindex="0">
-
-
-
- <span class="md-ellipsis">
-
-
- Examples
-
-
- </span>
-
-
- <span class="md-nav__icon md-icon"></span>
- </label>
-
- <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_5_label" aria-expanded="false">
- <label class="md-nav__title" for="__nav_5">
- <span class="md-nav__icon md-icon"></span>
-
-
- Examples
-
- </label>
- <ul class="md-nav__list" data-md-scrollfix>
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../examples/gitops-using-fluxcd/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- FluxCD
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../examples/anchore-engine-credentials/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Anchore Engine
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../examples/jenkins-kubernetes-credentials/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Jenkins
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../examples/bitwarden/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Bitwarden
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
- </ul>
- </nav>
-
- </li>
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item md-nav__item--nested">
-
-
-
-
-
- <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_6" >
-
-
- <label class="md-nav__link" for="__nav_6" id="__nav_6_label" tabindex="0">
-
-
-
- <span class="md-ellipsis">
-
-
- Community
-
-
- </span>
-
-
- <span class="md-nav__icon md-icon"></span>
- </label>
-
- <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_6_label" aria-expanded="false">
- <label class="md-nav__title" for="__nav_6">
- <span class="md-nav__icon md-icon"></span>
-
-
- Community
-
- </label>
- <ul class="md-nav__list" data-md-scrollfix>
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item md-nav__item--nested">
-
-
-
-
-
- <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_6_1" >
-
-
- <label class="md-nav__link" for="__nav_6_1" id="__nav_6_1_label" tabindex="0">
-
-
-
- <span class="md-ellipsis">
-
-
- Contributing
-
-
- </span>
-
-
- <span class="md-nav__icon md-icon"></span>
- </label>
-
- <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_6_1_label" aria-expanded="false">
- <label class="md-nav__title" for="__nav_6_1">
- <span class="md-nav__icon md-icon"></span>
-
-
- Contributing
-
- </label>
- <ul class="md-nav__list" data-md-scrollfix>
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../contributing/devguide/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Developer guide
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../contributing/process/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Contributing Process
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../contributing/release/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Release Process
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../contributing/coc/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Code of Conduct
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../contributing/calendar/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Community meetings calendar
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../contributing/roadmap/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Roadmap
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../contributing/burnout-mitigation/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Burnout Prevention
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../contributing/llm-policy/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- LLM Policy
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
- </ul>
- </nav>
-
- </li>
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item md-nav__item--nested">
-
-
-
-
-
- <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_6_2" >
-
-
- <label class="md-nav__link" for="__nav_6_2" id="__nav_6_2_label" tabindex="0">
-
-
-
- <span class="md-ellipsis">
-
-
- External Resources
-
-
- </span>
-
-
- <span class="md-nav__icon md-icon"></span>
- </label>
-
- <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_6_2_label" aria-expanded="false">
- <label class="md-nav__title" for="__nav_6_2">
- <span class="md-nav__icon md-icon"></span>
-
-
- External Resources
-
- </label>
- <ul class="md-nav__list" data-md-scrollfix>
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../eso-talks/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Talks
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../eso-demos/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Demos
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../eso-blogs/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Blogs
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
-
-
-
-
-
-
- <li class="md-nav__item">
- <a href="../../../eso-tools/" class="md-nav__link">
-
-
-
- <span class="md-ellipsis">
-
-
- Tools
-
-
- </span>
-
-
- </a>
- </li>
-
-
-
- </ul>
- </nav>
-
- </li>
-
-
-
- </ul>
- </nav>
-
- </li>
-
-
- </ul>
- </nav>
- </div>
- </div>
- </div>
-
-
-
- <div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
- <div class="md-sidebar__scrollwrap">
- <div class="md-sidebar__inner">
-
- <nav class="md-nav md-nav--secondary" aria-label="Table of contents">
-
-
-
-
- <label class="md-nav__title" for="__toc">
- <span class="md-nav__icon md-icon"></span>
- Table of contents
- </label>
- <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
-
- <li class="md-nav__item">
- <a href="#example-manifest" class="md-nav__link">
- <span class="md-ellipsis">
-
- Example manifest
-
- </span>
- </a>
-
- </li>
-
- <li class="md-nav__item">
- <a href="#configuration" class="md-nav__link">
- <span class="md-ellipsis">
-
- Configuration
-
- </span>
- </a>
-
- <nav class="md-nav" aria-label="Configuration">
- <ul class="md-nav__list">
-
- <li class="md-nav__item">
- <a href="#folder-path" class="md-nav__link">
- <span class="md-ellipsis">
-
- Folder Path
-
- </span>
- </a>
-
- </li>
-
- <li class="md-nav__item">
- <a href="#generated-secret-fields" class="md-nav__link">
- <span class="md-ellipsis">
-
- Generated Secret Fields
-
- </span>
- </a>
-
- <nav class="md-nav" aria-label="Generated Secret Fields">
- <ul class="md-nav__list">
-
- <li class="md-nav__item">
- <a href="#aws-dynamic-secrets" class="md-nav__link">
- <span class="md-ellipsis">
-
- AWS Dynamic Secrets
-
- </span>
- </a>
-
- </li>
-
- </ul>
- </nav>
-
- </li>
-
- <li class="md-nav__item">
- <a href="#credential-refresh-and-expiration" class="md-nav__link">
- <span class="md-ellipsis">
-
- Credential Refresh and Expiration
-
- </span>
- </a>
-
- <nav class="md-nav" aria-label="Credential Refresh and Expiration">
- <ul class="md-nav__list">
-
- <li class="md-nav__item">
- <a href="#setting-refresh-interval" class="md-nav__link">
- <span class="md-ellipsis">
-
- Setting Refresh Interval
-
- </span>
- </a>
-
- </li>
-
- <li class="md-nav__item">
- <a href="#what-happens-if-refreshinterval-credential-expiration" class="md-nav__link">
- <span class="md-ellipsis">
-
- What happens if refreshInterval > credential expiration?
-
- </span>
- </a>
-
- </li>
-
- <li class="md-nav__item">
- <a href="#what-happens-if-refreshinterval-credential-expiration_1" class="md-nav__link">
- <span class="md-ellipsis">
-
- What happens if refreshInterval << credential expiration?
-
- </span>
- </a>
-
- </li>
-
- </ul>
- </nav>
-
- </li>
-
- <li class="md-nav__item">
- <a href="#generator-reusability" class="md-nav__link">
- <span class="md-ellipsis">
-
- Generator Reusability
-
- </span>
- </a>
-
- </li>
-
- <li class="md-nav__item">
- <a href="#authentication" class="md-nav__link">
- <span class="md-ellipsis">
-
- Authentication
-
- </span>
- </a>
-
- </li>
-
- <li class="md-nav__item">
- <a href="#certificate-trust" class="md-nav__link">
- <span class="md-ellipsis">
-
- Certificate Trust
-
- </span>
- </a>
-
- </li>
-
- <li class="md-nav__item">
- <a href="#server-configuration" class="md-nav__link">
- <span class="md-ellipsis">
-
- Server Configuration
-
- </span>
- </a>
-
- </li>
-
- <li class="md-nav__item">
- <a href="#complete-example" class="md-nav__link">
- <span class="md-ellipsis">
-
- Complete Example
-
- </span>
- </a>
-
- </li>
-
- <li class="md-nav__item">
- <a href="#troubleshooting" class="md-nav__link">
- <span class="md-ellipsis">
-
- Troubleshooting
-
- </span>
- </a>
-
- <nav class="md-nav" aria-label="Troubleshooting">
- <ul class="md-nav__list">
-
- <li class="md-nav__item">
- <a href="#empty-credential-fields" class="md-nav__link">
- <span class="md-ellipsis">
-
- Empty Credential Fields
-
- </span>
- </a>
-
- </li>
-
- <li class="md-nav__item">
- <a href="#authentication-errors" class="md-nav__link">
- <span class="md-ellipsis">
-
- Authentication Errors
-
- </span>
- </a>
-
- </li>
-
- <li class="md-nav__item">
- <a href="#timeout-errors" class="md-nav__link">
- <span class="md-ellipsis">
-
- Timeout Errors
-
- </span>
- </a>
-
- </li>
-
- <li class="md-nav__item">
- <a href="#credential-expiration-issues" class="md-nav__link">
- <span class="md-ellipsis">
-
- Credential Expiration Issues
-
- </span>
- </a>
-
- </li>
-
- </ul>
- </nav>
-
- </li>
-
- </ul>
- </nav>
-
- </li>
-
- </ul>
-
- </nav>
- </div>
- </div>
- </div>
-
-
-
- <div class="md-content" data-md-component="content">
-
- <article class="md-content__inner md-typeset">
-
-
-
-
- <h1>Beyondtrustworkloadcredentials</h1>
- <p>The <code>BeyondtrustWorkloadCredentialsDynamicSecret</code> Generator provides an interface to BeyondTrust Workload Credentials's
- dynamic secret generation capabilities. This enables obtaining temporary, short-lived credentials.</p>
- <p>Dynamic secret definitions must be created in BeyondTrust Workload Credentials before they can be
- referenced by the generator. The generator calls the generation endpoint to produce fresh credentials
- each time it is invoked.</p>
- <p>For complete BeyondTrust Workload Credentials API documentation, see: <a href="https://docs.beyondtrust.com/bt-docs/docs/secrets-api">https://docs.beyondtrust.com/bt-docs/docs/secrets-api</a></p>
- <p>Any authentication method supported by the BeyondTrust Workload Credentials provider can be used here
- (<code>provider</code> block of the spec).</p>
- <h2 id="example-manifest">Example manifest</h2>
- <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">generators.external-secrets.io/v1alpha1</span>
- <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">BeyondtrustWorkloadCredentialsDynamicSecret</span>
- <span class="nt">metadata</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">aws-dynamic-generator</span>
- <span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets</span>
- <span class="nt">spec</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">provider</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">auth</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">apikey</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">token</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">bts-api-token</span>
- <span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">token</span>
- <span class="w"> </span><span class="nt">server</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">apiUrl</span><span class="p">:</span><span class="w"> </span><span class="s">"https://api.beyondtrust.io/site"</span>
- <span class="w"> </span><span class="nt">siteId</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain"><SITE_ID></span>
- <span class="w"> </span><span class="nt">folderPath</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain"><FOLDER_PATH></span>
- </code></pre></div>
- <p>Example <code>ExternalSecret</code> that references the BeyondTrust Workload Credentials generator:
- <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1</span>
- <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
- <span class="nt">metadata</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">app-aws-credentials</span>
- <span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets</span>
- <span class="nt">spec</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">refreshInterval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">5m</span>
- <span class="w"> </span><span class="nt">refreshPolicy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Periodic</span>
- <span class="w"> </span><span class="nt">target</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">app-aws-credentials</span>
- <span class="w"> </span><span class="nt">dataFrom</span><span class="p">:</span>
- <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">sourceRef</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">generatorRef</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">generators.external-secrets.io/v1alpha1</span>
- <span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">BeyondtrustWorkloadCredentialsDynamicSecret</span>
- <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">aws-dynamic-generator</span>
- </code></pre></div></p>
- <h2 id="configuration">Configuration</h2>
- <h3 id="folder-path">Folder Path</h3>
- <p>The <code>folderPath</code> in the generator spec uses the format <code>{folder}/{secretName}</code>:
- - <code>folder</code>: The folder containing the dynamic secret definition (e.g., <code>eso</code>)
- - <code>secretName</code>: The name of the dynamic secret definition (e.g., <code>dynamic</code>)</p>
- <p>For example, if your dynamic secret is stored at path <code>my/dynamic</code> in BeyondTrust Workload Credentials:</p>
- <div class="highlight"><pre><span></span><code><span class="nt">spec</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">provider</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">folderPath</span><span class="p">:</span><span class="w"> </span><span class="s">"my/dynamic"</span>
- </code></pre></div>
- <h3 id="generated-secret-fields">Generated Secret Fields</h3>
- <p>The generator returns different fields depending on the type of dynamic secret:</p>
- <h4 id="aws-dynamic-secrets">AWS Dynamic Secrets</h4>
- <p><div class="highlight"><pre><span></span><code><span class="nt">stringData</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">accessKeyId</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ASIAIOSFODNN7EXAMPLE</span>
- <span class="w"> </span><span class="nt">secretAccessKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">wJal...YEKY</span>
- <span class="w"> </span><span class="nt">sessionToken</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">IQoJ...Ek8=</span>
- <span class="w"> </span><span class="nt">leaseId</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">84038398-ec0f-417d-9a0f-02494fd7d22c</span>
- <span class="w"> </span><span class="nt">expiration</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2025-12-29T22:35:29Z</span>
- </code></pre></div>
- All fields are automatically populated in the target Kubernetes secret.</p>
- <h3 id="credential-refresh-and-expiration">Credential Refresh and Expiration</h3>
- <p><strong>Important:</strong> External Secrets Operator does NOT automatically handle credential expiration/TTL from BeyondTrust Workload Credentials. The refresh is controlled solely by the <code>refreshInterval</code> specified in the ExternalSecret spec.</p>
- <h4 id="setting-refresh-interval">Setting Refresh Interval</h4>
- <p>You should set <code>refreshInterval</code> to <strong>less than</strong> the credential lifetime to ensure credentials are refreshed before expiration:</p>
- <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1</span>
- <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
- <span class="nt">metadata</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">aws-credentials</span>
- <span class="nt">spec</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">refreshInterval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">45m</span><span class="w"> </span><span class="c1"># If credentials expire in 1 hour</span>
- <span class="w"> </span><span class="nt">target</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">aws-temp-creds</span>
- <span class="w"> </span><span class="nt">dataFrom</span><span class="p">:</span>
- <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">sourceRef</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">generatorRef</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">generators.external-secrets.io/v1alpha1</span>
- <span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">BeyondtrustWorkloadCredentialsDynamicSecret</span>
- <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">beyondtrustworkloadcredentials-ds</span>
- </code></pre></div>
- <h4 id="what-happens-if-refreshinterval-credential-expiration">What happens if refreshInterval > credential expiration?</h4>
- <p>Credentials will expire before being refreshed. Users will see:
- - ExternalSecret status: <code>SecretSyncError</code>
- - Logs/events: Authorization errors when the application tries to use expired credentials
- - The application will fail to authenticate with the target service</p>
- <h4 id="what-happens-if-refreshinterval-credential-expiration_1">What happens if refreshInterval << credential expiration?</h4>
- <p>For example, if credentials expire in 1 hour but <code>refreshInterval: 1m</code>:
- - New credentials are generated every minute
- - Old credentials remain valid until their expiration time
- - Multiple valid credential sets may exist simultaneously
- - <strong>These credentials expire automatically at their TTL in AWS</strong> (for AssumeRole credentials).</p>
- <p><strong>Recommendation:</strong> Set <code>refreshInterval</code> to 75-80% of the credential lifetime. For example:
- - 1-hour credentials → <code>refreshInterval: 45m</code>
- - 12-hour credentials → <code>refreshInterval: 9h</code>
- - 24-hour credentials → <code>refreshInterval: 18h</code></p>
- <h3 id="generator-reusability">Generator Reusability</h3>
- <p>Generators are reusable Custom Resources. You can reference the same generator from multiple ExternalSecrets:</p>
- <div class="highlight"><pre><span></span><code><span class="nn">---</span>
- <span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1</span>
- <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
- <span class="nt">metadata</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">app-1-aws-creds</span>
- <span class="nt">spec</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">refreshInterval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">45m</span>
- <span class="w"> </span><span class="nt">target</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">app-1-aws-credentials</span>
- <span class="w"> </span><span class="nt">dataFrom</span><span class="p">:</span>
- <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">sourceRef</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">generatorRef</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">BeyondtrustWorkloadCredentialsDynamicSecret</span>
- <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">beyondtrustworkloadcredentials-ds</span>
- <span class="nn">---</span>
- <span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1</span>
- <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
- <span class="nt">metadata</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">app-2-aws-creds</span>
- <span class="nt">spec</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">refreshInterval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">45m</span>
- <span class="w"> </span><span class="nt">target</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">app-2-aws-credentials</span>
- <span class="w"> </span><span class="nt">dataFrom</span><span class="p">:</span>
- <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">sourceRef</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">generatorRef</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">BeyondtrustWorkloadCredentialsDynamicSecret</span>
- <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">beyondtrustworkloadcredentials-ds</span>
- </code></pre></div>
- <p><strong>Important:</strong> Each reference triggers a <strong>new credential generation</strong>. In the example above, <code>app-1</code> and <code>app-2</code> will receive different, independent sets of credentials.</p>
- <h3 id="authentication">Authentication</h3>
- <p>The generator uses the same authentication mechanism as the BeyondTrust Workload Credentials provider (API key authentication):</p>
- <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">generators.external-secrets.io/v1alpha1</span>
- <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">BeyondtrustWorkloadCredentialsDynamicSecret</span>
- <span class="nt">metadata</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">beyondtrustworkloadcredentials-ds</span>
- <span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets</span>
- <span class="nt">spec</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">provider</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">auth</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">apikey</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">token</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">api-token</span>
- <span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">token</span>
- </code></pre></div>
- <p>Create the API token secret:
- <div class="highlight"><pre><span></span><code>kubectl<span class="w"> </span>create<span class="w"> </span>secret<span class="w"> </span>generic<span class="w"> </span>api-token<span class="w"> </span><span class="se">\</span>
- <span class="w"> </span>--from-literal<span class="o">=</span><span class="nv">token</span><span class="o">=</span><YOUR_API_TOKEN><span class="w"> </span><span class="se">\</span>
- <span class="w"> </span>-n<span class="w"> </span>external-secrets
- </code></pre></div></p>
- <h3 id="certificate-trust">Certificate Trust</h3>
- <p>If using self-signed certificates, configure trust using <code>caProvider</code>:</p>
- <div class="highlight"><pre><span></span><code><span class="nt">spec</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">provider</span><span class="p">:</span>
- <span class="w"> </span><span class="c1"># ... other config ...</span>
- <span class="w"> </span><span class="nt">caProvider</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Secret</span>
- <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-ca-bundle</span>
- <span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ca.crt</span>
- </code></pre></div>
- <p>Create the CA bundle secret:
- <div class="highlight"><pre><span></span><code>kubectl<span class="w"> </span>create<span class="w"> </span>secret<span class="w"> </span>generic<span class="w"> </span>my-ca-bundle<span class="w"> </span><span class="se">\</span>
- <span class="w"> </span>--from-file<span class="o">=</span>ca.crt<span class="o">=</span><span class="s2">"/path/to/ca.crt"</span><span class="w"> </span><span class="se">\</span>
- <span class="w"> </span>-n<span class="w"> </span>external-secrets
- </code></pre></div></p>
- <h3 id="server-configuration">Server Configuration</h3>
- <p>Configure the BeyondTrust Workload Credentials API endpoint:</p>
- <div class="highlight"><pre><span></span><code><span class="nt">spec</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">provider</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">server</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">apiUrl</span><span class="p">:</span><span class="w"> </span><span class="s">"https://api.beyondtrust.io/site"</span>
- <span class="w"> </span><span class="nt">siteId</span><span class="p">:</span><span class="w"> </span><span class="s">"a1b2c3d4-e5f6-7890-abcd-ef1234567890"</span>
- </code></pre></div>
- <ul>
- <li><code>apiUrl</code>: The base URL of your BeyondTrust Workload Credentials API</li>
- <li><code>siteId</code>: Your BeyondTrust site identifier (UUID format)</li>
- </ul>
- <h3 id="complete-example">Complete Example</h3>
- <p>Here's a complete example for AWS dynamic credentials:</p>
- <ol>
- <li>
- <p>Create the API token and CA bundle secrets:
- <div class="highlight"><pre><span></span><code>kubectl<span class="w"> </span>create<span class="w"> </span>secret<span class="w"> </span>generic<span class="w"> </span>api-token<span class="w"> </span><span class="se">\</span>
- <span class="w"> </span>--from-literal<span class="o">=</span><span class="nv">token</span><span class="o">=</span><YOUR_API_TOKEN><span class="w"> </span><span class="se">\</span>
- <span class="w"> </span>-n<span class="w"> </span>external-secrets
- kubectl<span class="w"> </span>create<span class="w"> </span>secret<span class="w"> </span>generic<span class="w"> </span>my-ca-bundle<span class="w"> </span><span class="se">\</span>
- <span class="w"> </span>--from-file<span class="o">=</span>ca.crt<span class="o">=</span><span class="s2">"/path/to/ca.crt"</span><span class="w"> </span><span class="se">\</span>
- <span class="w"> </span>-n<span class="w"> </span>external-secrets
- </code></pre></div></p>
- </li>
- <li>
- <p>Create the generator:
- <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">generators.external-secrets.io/v1alpha1</span>
- <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">BeyondtrustWorkloadCredentialsDynamicSecret</span>
- <span class="nt">metadata</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">aws-dynamic-generator</span>
- <span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets</span>
- <span class="nt">spec</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">provider</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">auth</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">apikey</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">token</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">api-token</span>
- <span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">token</span>
- <span class="w"> </span><span class="nt">server</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">apiUrl</span><span class="p">:</span><span class="w"> </span><span class="s">"https://api.beyondtrust.io/site"</span>
- <span class="w"> </span><span class="nt">siteId</span><span class="p">:</span><span class="w"> </span><span class="s">"a1b2c3d4-e5f6-7890-abcd-ef1234567890"</span>
- <span class="w"> </span><span class="nt">folderPath</span><span class="p">:</span><span class="w"> </span><span class="s">"production/aws-temp"</span>
- </code></pre></div></p>
- </li>
- <li>
- <p>Create an ExternalSecret that uses the generator:
- <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1</span>
- <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ExternalSecret</span>
- <span class="nt">metadata</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">app-aws-credentials</span>
- <span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets</span>
- <span class="nt">spec</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">refreshInterval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">45m</span><span class="w"> </span><span class="c1"># Refresh before 1-hour expiration</span>
- <span class="w"> </span><span class="nt">target</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">aws-temp-credentials</span>
- <span class="w"> </span><span class="nt">creationPolicy</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Owner</span>
- <span class="w"> </span><span class="nt">dataFrom</span><span class="p">:</span>
- <span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">sourceRef</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">generatorRef</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">generators.external-secrets.io/v1alpha1</span>
- <span class="w"> </span><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">BeyondtrustWorkloadCredentialsDynamicSecret</span>
- <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">aws-dynamic-generator</span>
- </code></pre></div></p>
- </li>
- <li>
- <p>The resulting Kubernetes secret will contain:
- <div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v1</span>
- <span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Secret</span>
- <span class="nt">metadata</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">aws-temp-credentials</span>
- <span class="w"> </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets</span>
- <span class="nt">data</span><span class="p">:</span>
- <span class="w"> </span><span class="nt">accessKeyId</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">QVNJ...R04=</span>
- <span class="w"> </span><span class="nt">secretAccessKey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Z3dk...WFk=</span>
- <span class="w"> </span><span class="nt">sessionToken</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SVFv...Ek8=</span>
- <span class="w"> </span><span class="nt">leaseId</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">NTdk...Nm1j</span>
- <span class="w"> </span><span class="nt">expiration</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">MjAy...OVo=</span>
- </code></pre></div></p>
- </li>
- </ol>
- <h3 id="troubleshooting">Troubleshooting</h3>
- <h4 id="empty-credential-fields">Empty Credential Fields</h4>
- <p>If the generated secret has empty values:
- 1. Verify the dynamic secret exists in BeyondTrust Workload Credentials at the specified path
- 2. Check the API token has permissions to generate credentials
- 3. Verify the <code>folderPath</code> format is correct (<code>folder/secretName</code>)
- 4. Check controller logs: <code>kubectl logs -l app.kubernetes.io/name=external-secrets -n external-secrets</code></p>
- <h4 id="authentication-errors">Authentication Errors</h4>
- <p>If you see 403/401 errors:
- 1. Verify the API token is valid and not expired
- 2. Check the token has <code>generate</code> permissions for the dynamic secret
- 3. Ensure the <code>caProvider</code> or <code>caBundle</code> is configured correctly if using self-signed certificates</p>
- <h4 id="timeout-errors">Timeout Errors</h4>
- <p>If credential generation times out:
- 1. Check network connectivity from the cluster to BeyondTrust Workload Credentials API
- 2. Verify the API endpoint is responsive
- 3. Check if there are firewall rules blocking the connection</p>
- <h4 id="credential-expiration-issues">Credential Expiration Issues</h4>
- <p>If applications report authentication failures:
- 1. Check if <code>refreshInterval</code> is greater than credential lifetime
- 2. Review the <code>expiration</code> field in the secret to see when credentials expire
- 3. Adjust <code>refreshInterval</code> to be 75-80% of the credential lifetime
- 4. Check ExternalSecret status: <code>kubectl describe externalsecret <name> -n <namespace></code></p>
-
-
- </article>
- </div>
-
-
- <script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
- </div>
-
- </main>
-
- <img referrerpolicy="no-referrer-when-downgrade"
- src="https://static.scarf.sh/a.png?x-pxid=6658a9eb-067d-49f1-94f2-b8b00f21451e" alt=""
- hidden />
-
- <footer class="md-footer">
-
- <div class="md-footer-meta md-typeset">
- <div class="md-footer-meta__inner md-grid">
- <div class="md-copyright">
-
- <div class="md-copyright__highlight">
- © 2025 The external-secrets Authors.<br/>
- © 2025 The Linux Foundation. All rights reserved.<br/><br/>
- The Linux Foundation has registered trademarks and uses trademarks.<br/>
- For a list of trademarks of The Linux Foundation, please see our <a href="https://www.linuxfoundation.org/trademark-usage/">Trademark Usage page</a>.
- </div>
-
-
- Made with
- <a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
- Material for MkDocs
- </a>
-
- </div>
-
- </div>
- </div>
- </footer>
-
- </div>
- <div class="md-dialog" data-md-component="dialog">
- <div class="md-dialog__inner md-typeset"></div>
- </div>
-
-
-
-
-
- <script id="__config" type="application/json">{"annotate": null, "base": "../../..", "features": ["navigation.tabs", "navigation.indexes", "navigation.expand"], "search": "../../../assets/javascripts/workers/search.2c215733.min.js", "tags": null, "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}, "version": {"provider": "mike"}}</script>
-
-
- <script src="../../../assets/javascripts/bundle.79ae519e.min.js"></script>
-
-
- </body>
- </html>
|
