external-secrets/docs/api/generator/ecr.md

ECRAuthorizationTokenSpec uses the GetAuthorizationToken API to retrieve an authorization token.
The authorization token is valid for 12 hours. For more information, see [registry authentication](https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth) in the Amazon Elastic Container Registry User Guide.


## Output Keys and Values

| Key            | Description                                                                       |
| -------------- | --------------------------------------------------------------------------------- |
| username       | username for the `docker login` command.                                          |
| password       | password for the `docker login` command.                                          |
| proxy_endpoint | The registry URL to use for this authorization token in a `docker login` command. |
| expires_at     | time when token expires in UNIX time (seconds since January 1, 1970 UTC).         |

## Authentication

You can choose from three authentication mechanisms:

* static credentials using `spec.auth.secretRef`
* point to a IRSA Service Account with `spec.auth.jwt`
* use credentials from the [SDK default credentials chain](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html#credentials-default) from the controller environment

## Example Manifest

```yaml
{% include 'generator-ecr.yaml' %}
```

Example `ExternalSecret` that references the ECR generator:
```yaml
{% include 'generator-ecr-example.yaml' %}
```
Feature: initial generator implementation + Github Actions OIDC/AWS (#1539) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> 2022-10-29 18:15:50 +00:00			`ECRAuthorizationTokenSpec uses the GetAuthorizationToken API to retrieve an authorization token.`
			`The authorization token is valid for 12 hours. For more information, see [registry authentication](https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth) in the Amazon Elastic Container Registry User Guide.`


			`## Output Keys and Values`

			`\| Key \| Description \|`
			`\| -------------- \| --------------------------------------------------------------------------------- \|`
			\| username \| username for the `docker login` command. \|
			\| password \| password for the `docker login` command. \|
			\| proxy_endpoint \| The registry URL to use for this authorization token in a `docker login` command. \|
			`\| expires_at \| time when token expires in UNIX time (seconds since January 1, 1970 UTC). \|`

			`## Authentication`

			`You can choose from three authentication mechanisms:`

			* static credentials using `spec.auth.secretRef`
			* point to a IRSA Service Account with `spec.auth.jwt`
			`* use credentials from the [SDK default credentials chain](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html#credentials-default) from the controller environment`

			`## Example Manifest`

			```yaml
			`{% include 'generator-ecr.yaml' %}`
			```
Added examples for all the Generators in the docs. Fixes #2260 (#2261) Also, some generators's examples didn't have the `.metadata.name` property. Signed-off-by: Sebastián Gómez <sebastiangomezcorrea@gmail.com> 2023-04-26 20:00:14 +00:00
			Example `ExternalSecret` that references the ECR generator:
			```yaml
			`{% include 'generator-ecr-example.yaml' %}`
			```