mirrors/external-secrets
1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
Code Activity
external-secrets/docs/snippets/azkv-workload-identity-secretref.yaml

29 lines
687 B
YAML
Raw Normal View History

Workloadidentity clientid from secret ref (#3367) * updates documentation: extends workloadIdentity auth configuration Signed-off-by: Mykhailo Zahlada <myzahlad@microsoft.com> * adds and updates tests Signed-off-by: Mykhailo Zahlada <myzahlad@microsoft.com> * extends provider configuration to accept clientId and tenantId as auth SecretRef Signed-off-by: Mykhailo Zahlada <myzahlad@microsoft.com> * updates service account example Signed-off-by: Mykhailo Zahlada <myzahlad@microsoft.com> * updates docs Signed-off-by: Mykhailo Zahlada <myzahlad@microsoft.com> --------- Signed-off-by: Mykhailo Zahlada <myzahlad@microsoft.com> Co-authored-by: Mykhailo Zahlada <myzahlad@microsoft.com> Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
2024-04-18 08:09:53 +00:00
apiVersion: v1
kind: ServiceAccount
metadata:
# this service account was created by azwi
name: workload-identity-sa
annotations: {}
---
apiVersion: external-secrets.io/v1beta1
kind: SecretStore
metadata:
name: azure-store
spec:
provider:
azurekv:
# tenantId spec option #1
tenantId: "5a02a20e-xxxx-xxxx-xxxx-0ad5b634c5d8"
authType: WorkloadIdentity
vaultUrl: "https://xx-xxxx-xx.vault.azure.net"
serviceAccountRef:
name: workload-identity-sa
authSecretRef:
clientId:
name: umi-secret
key: clientId
# tenantId spec option #2
tenantId:
name: umi-secret
key: tenantId
Copy permalink