2020-11-30 20:56:51 +00:00
apiVersion : apiextensions.k8s.io/v1
2020-11-30 12:24:07 +00:00
kind : CustomResourceDefinition
metadata :
annotations :
2023-08-28 09:50:46 +00:00
controller-gen.kubebuilder.io/version : v0.13.0
2020-11-30 12:24:07 +00:00
name : externalsecrets.external-secrets.io
spec :
group : external-secrets.io
names :
2021-02-15 20:51:38 +00:00
categories :
- externalsecrets
2020-11-30 12:24:07 +00:00
kind : ExternalSecret
listKind : ExternalSecretList
plural : externalsecrets
2021-02-15 20:51:38 +00:00
shortNames :
- es
2020-11-30 12:24:07 +00:00
singular : externalsecret
scope : Namespaced
2020-11-30 20:56:51 +00:00
versions :
2021-03-05 22:58:08 +00:00
- additionalPrinterColumns :
- jsonPath : .spec.secretStoreRef.name
name : Store
type : string
- jsonPath : .spec.refreshInterval
name : Refresh Interval
type : string
2021-08-10 15:10:56 +00:00
- jsonPath : .status.conditions[?(@.type=="Ready")].reason
name : Status
type : string
2022-03-23 12:07:06 +00:00
deprecated : true
2021-03-05 22:58:08 +00:00
name : v1alpha1
2020-11-30 20:56:51 +00:00
schema :
openAPIV3Schema :
2020-12-29 20:50:43 +00:00
description : ExternalSecret is the Schema for the external-secrets API.
2020-11-30 20:56:51 +00:00
properties :
apiVersion :
description : 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info : https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type : string
kind :
description : 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info : https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type : string
metadata :
type : object
spec :
2020-12-21 19:31:28 +00:00
description : ExternalSecretSpec defines the desired state of ExternalSecret.
2020-11-30 20:56:51 +00:00
properties :
data :
description : Data defines the connection between the Kubernetes Secret
keys and the Provider data
items :
description : ExternalSecretData defines the connection between the
2020-12-21 19:31:28 +00:00
Kubernetes Secret key (spec.data.<key>) and the Provider data.
2020-11-30 20:56:51 +00:00
properties :
remoteRef :
description : ExternalSecretDataRemoteRef defines Provider data
2020-12-21 19:31:28 +00:00
location.
2020-11-30 20:56:51 +00:00
properties :
2022-03-09 09:48:25 +00:00
conversionStrategy :
default : Default
description : Used to define a conversion Strategy
2023-10-30 12:30:04 +00:00
enum :
- Default
- Unicode
2022-03-09 09:48:25 +00:00
type : string
2022-01-25 21:01:33 +00:00
key :
description : Key is the key used in the Provider, mandatory
type : string
property :
description : Used to select a specific property of the Provider
value (if a map), if supported
type : string
version :
description : Used to select a specific version of the Provider
value, if supported
type : string
required :
- key
2020-11-30 20:56:51 +00:00
type : object
secretKey :
type : string
required :
- remoteRef
- secretKey
type : object
type : array
dataFrom :
description : DataFrom is used to fetch all properties from a specific
Provider data If multiple entries are specified, the Secret keys
are merged in the specified order
items :
2022-02-01 15:52:18 +00:00
description : ExternalSecretDataRemoteRef defines Provider data location.
2020-11-30 20:56:51 +00:00
properties :
2022-03-09 09:48:25 +00:00
conversionStrategy :
default : Default
description : Used to define a conversion Strategy
2023-10-30 12:30:04 +00:00
enum :
- Default
- Unicode
2022-03-09 09:48:25 +00:00
type : string
2022-02-01 15:52:18 +00:00
key :
description : Key is the key used in the Provider, mandatory
type : string
property :
description : Used to select a specific property of the Provider
value (if a map), if supported
type : string
version :
description : Used to select a specific version of the Provider
value, if supported
type : string
required :
- key
2020-11-30 20:56:51 +00:00
type : object
type : array
refreshInterval :
2021-03-05 22:58:08 +00:00
default : 1h
description : RefreshInterval is the amount of time before the values
are read again from the SecretStore provider Valid time units are
"ns" , "us" (or "µs"), "ms", "s", "m", "h" May be set to zero to
fetch and create it once. Defaults to 1h.
2020-11-30 20:56:51 +00:00
type : string
secretStoreRef :
description : SecretStoreRef defines which SecretStore to fetch the
2020-12-21 19:31:28 +00:00
ExternalSecret data.
2020-11-30 12:24:07 +00:00
properties :
2020-11-30 20:56:51 +00:00
kind :
description : Kind of the SecretStore resource (SecretStore or
ClusterSecretStore) Defaults to `SecretStore`
2020-11-30 12:24:07 +00:00
type : string
2020-11-30 20:56:51 +00:00
name :
description : Name of the SecretStore resource
2020-11-30 12:24:07 +00:00
type : string
2022-02-08 17:07:34 +00:00
required :
- name
type : object
target :
description : ExternalSecretTarget defines the Kubernetes Secret to
be created There can be only one target per ExternalSecret.
properties :
creationPolicy :
default : Owner
description : CreationPolicy defines rules on how to create the
resulting Secret Defaults to 'Owner'
2023-10-30 12:30:04 +00:00
enum :
- Owner
- Merge
- None
2022-02-08 17:07:34 +00:00
type : string
immutable :
description : Immutable defines if the final secret will be immutable
type : boolean
name :
description : Name defines the name of the Secret resource to be
managed This field is immutable Defaults to the .metadata.name
of the ExternalSecret resource
type : string
template :
description : Template defines a blueprint for the created Secret
resource.
properties :
data :
additionalProperties :
type : string
type : object
2022-02-16 19:00:32 +00:00
engineVersion :
default : v1
description : EngineVersion specifies the template engine version
that should be used to compile/execute the template specified
in .data and .templateFrom[].
2023-10-30 12:30:04 +00:00
enum :
- v1
- v2
2022-02-16 19:00:32 +00:00
type : string
2022-02-08 17:07:34 +00:00
metadata :
description : ExternalSecretTemplateMetadata defines metadata
fields for the Secret blueprint.
properties :
annotations :
additionalProperties :
type : string
type : object
labels :
additionalProperties :
type : string
type : object
type : object
templateFrom :
items :
maxProperties : 1
minProperties : 1
properties :
configMap :
properties :
items :
items :
properties :
key :
type : string
required :
- key
type : object
type : array
name :
type : string
required :
- items
- name
type : object
secret :
properties :
items :
items :
properties :
key :
type : string
required :
- key
type : object
type : array
name :
type : string
required :
- items
- name
type : object
type : object
type : array
type :
type : string
type : object
type : object
required :
- secretStoreRef
- target
type : object
status :
properties :
2023-05-16 20:06:55 +00:00
binding :
description : Binding represents a servicebinding.io Provisioned Service
reference to the secret
properties :
name :
description: 'Name of the referent. More info : https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO : Add other useful fields. apiVersion, kind, uid?'
type : string
type : object
x-kubernetes-map-type : atomic
2022-02-08 17:07:34 +00:00
conditions :
items :
properties :
lastTransitionTime :
format : date-time
type : string
message :
type : string
reason :
type : string
status :
type : string
type :
type : string
required :
- status
- type
type : object
type : array
refreshTime :
description : refreshTime is the time and date the external secret
was fetched and the target secret updated
format : date-time
nullable : true
type : string
syncedResourceVersion :
description : SyncedResourceVersion keeps track of the last synced
version
type : string
type : object
type : object
served : true
storage : false
subresources :
status : {}
- additionalPrinterColumns :
- jsonPath : .spec.secretStoreRef.name
name : Store
type : string
- jsonPath : .spec.refreshInterval
name : Refresh Interval
type : string
- jsonPath : .status.conditions[?(@.type=="Ready")].reason
name : Status
type : string
2022-07-19 18:48:37 +00:00
- jsonPath : .status.conditions[?(@.type=="Ready")].status
name : Ready
type : string
2022-02-08 17:07:34 +00:00
name : v1beta1
schema :
openAPIV3Schema :
description : ExternalSecret is the Schema for the external-secrets API.
properties :
apiVersion :
description : 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info : https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type : string
kind :
description : 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info : https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type : string
metadata :
type : object
spec :
description : ExternalSecretSpec defines the desired state of ExternalSecret.
properties :
data :
description : Data defines the connection between the Kubernetes Secret
keys and the Provider data
items :
description : ExternalSecretData defines the connection between the
Kubernetes Secret key (spec.data.<key>) and the Provider data.
properties :
remoteRef :
2022-10-29 18:15:50 +00:00
description : RemoteRef points to the remote secret and defines
which secret (version/property/..) to fetch.
2022-02-08 17:07:34 +00:00
properties :
2022-03-09 09:48:25 +00:00
conversionStrategy :
default : Default
description : Used to define a conversion Strategy
2023-10-30 12:30:04 +00:00
enum :
- Default
- Unicode
2022-03-09 09:48:25 +00:00
type : string
2022-07-12 12:18:00 +00:00
decodingStrategy :
default : None
2022-08-04 18:24:02 +00:00
description : Used to define a decoding Strategy
2023-10-30 12:30:04 +00:00
enum :
- Auto
- Base64
- Base64URL
- None
2022-07-12 12:18:00 +00:00
type : string
2022-02-08 17:07:34 +00:00
key :
description : Key is the key used in the Provider, mandatory
type : string
2022-04-28 08:29:34 +00:00
metadataPolicy :
2023-10-30 12:30:04 +00:00
default : None
2022-04-28 08:29:34 +00:00
description : Policy for fetching tags/labels from provider
secrets, possible options are Fetch, None. Defaults to
None
2023-10-30 12:30:04 +00:00
enum :
- None
- Fetch
2022-04-28 08:29:34 +00:00
type : string
2022-02-08 17:07:34 +00:00
property :
description : Used to select a specific property of the Provider
value (if a map), if supported
type : string
version :
description : Used to select a specific version of the Provider
value, if supported
type : string
required :
- key
type : object
secretKey :
2022-10-29 18:15:50 +00:00
description : SecretKey defines the key in which the controller
stores the value. This is the key in the Kind=Secret
2022-02-08 17:07:34 +00:00
type : string
2022-10-29 18:15:50 +00:00
sourceRef :
description : SourceRef allows you to override the source from
which the value will pulled from.
maxProperties : 1
properties :
generatorRef :
2023-11-02 13:37:59 +00:00
description : "GeneratorRef points to a generator custom
resource. \n Deprecated : The generatorRef is not implemented
in .data[]. this will be removed with v1."
2022-10-29 18:15:50 +00:00
properties :
apiVersion :
default : generators.external-secrets.io/v1alpha1
description : Specify the apiVersion of the generator
resource
type : string
kind :
description : Specify the Kind of the resource, e.g.
Password, ACRAccessToken etc.
type : string
name :
description : Specify the name of the generator resource
type : string
required :
- kind
- name
type : object
storeRef :
description : SecretStoreRef defines which SecretStore to
fetch the ExternalSecret data.
properties :
kind :
description : Kind of the SecretStore resource (SecretStore
or ClusterSecretStore) Defaults to `SecretStore`
type : string
name :
description : Name of the SecretStore resource
type : string
required :
- name
type : object
type : object
2022-02-08 17:07:34 +00:00
required :
- remoteRef
- secretKey
type : object
type : array
dataFrom :
description : DataFrom is used to fetch all properties from a specific
Provider data If multiple entries are specified, the Secret keys
are merged in the specified order
items :
properties :
extract :
2022-10-29 18:15:50 +00:00
description : 'Used to extract multiple key/value pairs from
one secret Note : Extract does not support sourceRef.Generator
or sourceRef.GeneratorRef.'
2022-02-08 17:07:34 +00:00
properties :
2022-03-09 09:48:25 +00:00
conversionStrategy :
default : Default
description : Used to define a conversion Strategy
2023-10-30 12:30:04 +00:00
enum :
- Default
- Unicode
2022-03-09 09:48:25 +00:00
type : string
2022-07-12 12:18:00 +00:00
decodingStrategy :
default : None
2022-08-04 18:24:02 +00:00
description : Used to define a decoding Strategy
2023-10-30 12:30:04 +00:00
enum :
- Auto
- Base64
- Base64URL
- None
2022-07-12 12:18:00 +00:00
type : string
2022-02-08 17:07:34 +00:00
key :
description : Key is the key used in the Provider, mandatory
type : string
2022-04-28 08:29:34 +00:00
metadataPolicy :
2023-10-30 12:30:04 +00:00
default : None
2022-04-28 08:29:34 +00:00
description : Policy for fetching tags/labels from provider
secrets, possible options are Fetch, None. Defaults to
None
2023-10-30 12:30:04 +00:00
enum :
- None
- Fetch
2022-04-28 08:29:34 +00:00
type : string
2022-02-08 17:07:34 +00:00
property :
description : Used to select a specific property of the Provider
value (if a map), if supported
type : string
version :
description : Used to select a specific version of the Provider
value, if supported
type : string
required :
- key
type : object
find :
2022-10-29 18:15:50 +00:00
description : 'Used to find secrets based on tags or regular
expressions Note : Find does not support sourceRef.Generator
or sourceRef.GeneratorRef.'
2022-02-08 17:07:34 +00:00
properties :
2022-03-09 09:48:25 +00:00
conversionStrategy :
default : Default
description : Used to define a conversion Strategy
2023-10-30 12:30:04 +00:00
enum :
- Default
- Unicode
2022-03-09 09:48:25 +00:00
type : string
2022-07-12 12:18:00 +00:00
decodingStrategy :
default : None
2022-08-04 18:24:02 +00:00
description : Used to define a decoding Strategy
2023-10-30 12:30:04 +00:00
enum :
- Auto
- Base64
- Base64URL
- None
2022-07-12 12:18:00 +00:00
type : string
2022-02-08 17:07:34 +00:00
name :
2022-02-14 18:41:26 +00:00
description : Finds secrets based on the name.
2022-02-08 17:07:34 +00:00
properties :
regexp :
2022-02-14 18:41:26 +00:00
description : Finds secrets base
2022-02-08 17:07:34 +00:00
type : string
type : object
2022-03-02 13:09:22 +00:00
path :
description : A root path to start the find operations.
type : string
2022-02-08 17:07:34 +00:00
tags :
additionalProperties :
type : string
2022-02-14 18:41:26 +00:00
description : Find secrets based on tags.
2022-02-08 17:07:34 +00:00
type : object
type : object
2022-08-04 18:24:02 +00:00
rewrite :
description : Used to rewrite secret Keys after getting them
from the secret Provider Multiple Rewrite operations can be
provided. They are applied in a layered order (first to last)
items :
properties :
regexp :
description : Used to rewrite with regular expressions.
The resulting key will be the output of a regexp.ReplaceAll
operation.
properties :
source :
description : Used to define the regular expression
of a re.Compiler.
type : string
target :
description : Used to define the target pattern of
a ReplaceAll operation.
type : string
required :
- source
- target
type : object
2023-10-25 11:45:38 +00:00
transform :
description : Used to apply string transformation on the
secrets. The resulting key will be the output of the
template applied by the operation.
properties :
template :
description : Used to define the template to apply
on the secret name. `.value ` will specify the secret
name in the template.
type : string
required :
- template
type : object
2022-08-04 18:24:02 +00:00
type : object
type : array
2022-10-29 18:15:50 +00:00
sourceRef :
description : SourceRef points to a store or generator which
contains secret values ready to use. Use this in combination
with Extract or Find pull values out of a specific SecretStore.
When sourceRef points to a generator Extract or Find is not
supported. The generator returns a static map of values
maxProperties : 1
properties :
generatorRef :
2023-11-02 13:37:59 +00:00
description : GeneratorRef points to a generator custom resource.
2022-10-29 18:15:50 +00:00
properties :
apiVersion :
default : generators.external-secrets.io/v1alpha1
description : Specify the apiVersion of the generator
resource
type : string
kind :
description : Specify the Kind of the resource, e.g.
Password, ACRAccessToken etc.
type : string
name :
description : Specify the name of the generator resource
type : string
required :
- kind
- name
type : object
storeRef :
description : SecretStoreRef defines which SecretStore to
fetch the ExternalSecret data.
properties :
kind :
description : Kind of the SecretStore resource (SecretStore
or ClusterSecretStore) Defaults to `SecretStore`
type : string
name :
description : Name of the SecretStore resource
type : string
required :
- name
type : object
type : object
2022-02-08 17:07:34 +00:00
type : object
type : array
refreshInterval :
default : 1h
description : RefreshInterval is the amount of time before the values
are read again from the SecretStore provider Valid time units are
"ns" , "us" (or "µs"), "ms", "s", "m", "h" May be set to zero to
fetch and create it once. Defaults to 1h.
type : string
secretStoreRef :
description : SecretStoreRef defines which SecretStore to fetch the
ExternalSecret data.
properties :
kind :
description : Kind of the SecretStore resource (SecretStore or
ClusterSecretStore) Defaults to `SecretStore`
type : string
name :
description : Name of the SecretStore resource
type : string
2020-11-30 12:24:07 +00:00
required :
2020-11-30 20:56:51 +00:00
- name
2020-11-30 12:24:07 +00:00
type : object
2020-11-30 20:56:51 +00:00
target :
2022-08-08 19:27:13 +00:00
default :
creationPolicy : Owner
deletionPolicy : Retain
2020-11-30 20:56:51 +00:00
description : ExternalSecretTarget defines the Kubernetes Secret to
2020-12-21 19:31:28 +00:00
be created There can be only one target per ExternalSecret.
2020-11-30 12:24:07 +00:00
properties :
2020-11-30 20:56:51 +00:00
creationPolicy :
2021-07-10 19:07:09 +00:00
default : Owner
2020-11-30 20:56:51 +00:00
description : CreationPolicy defines rules on how to create the
resulting Secret Defaults to 'Owner'
2022-04-05 11:38:06 +00:00
enum :
- Owner
- Orphan
- Merge
- None
2020-11-30 12:24:07 +00:00
type : string
2022-02-16 19:00:32 +00:00
deletionPolicy :
2022-04-05 11:38:06 +00:00
default : Retain
2022-02-16 19:00:32 +00:00
description : DeletionPolicy defines rules on how to delete the
2022-04-05 11:38:06 +00:00
resulting Secret Defaults to 'Retain'
enum :
- Delete
- Merge
- Retain
2022-02-16 19:00:32 +00:00
type : string
2021-08-18 22:55:05 +00:00
immutable :
description : Immutable defines if the final secret will be immutable
type : boolean
2020-11-30 20:56:51 +00:00
name :
description : Name defines the name of the Secret resource to be
managed This field is immutable Defaults to the .metadata.name
of the ExternalSecret resource
2020-11-30 12:24:07 +00:00
type : string
2021-04-23 06:22:23 +00:00
template :
description : Template defines a blueprint for the created Secret
resource.
properties :
data :
additionalProperties :
type : string
type : object
2022-02-16 19:00:32 +00:00
engineVersion :
default : v2
2023-10-30 12:30:04 +00:00
description : EngineVersion specifies the template engine version
that should be used to compile/execute the template specified
in .data and .templateFrom[].
enum :
- v1
- v2
2022-02-16 19:00:32 +00:00
type : string
2023-03-20 22:22:30 +00:00
mergePolicy :
default : Replace
2023-10-30 12:30:04 +00:00
enum :
- Replace
- Merge
2023-03-20 22:22:30 +00:00
type : string
2021-04-23 06:22:23 +00:00
metadata :
description : ExternalSecretTemplateMetadata defines metadata
fields for the Secret blueprint.
properties :
annotations :
additionalProperties :
type : string
type : object
labels :
additionalProperties :
type : string
type : object
type : object
2021-06-25 23:56:42 +00:00
templateFrom :
items :
properties :
configMap :
properties :
items :
items :
properties :
key :
type : string
2023-01-03 22:02:43 +00:00
templateAs :
default : Values
2023-10-30 12:30:04 +00:00
enum :
- Values
- KeysAndValues
2023-01-03 22:02:43 +00:00
type : string
2021-06-25 23:56:42 +00:00
required :
- key
type : object
type : array
name :
type : string
required :
- items
- name
type : object
2023-01-03 22:02:43 +00:00
literal :
type : string
2021-06-25 23:56:42 +00:00
secret :
properties :
items :
items :
properties :
key :
type : string
2023-01-03 22:02:43 +00:00
templateAs :
default : Values
2023-10-30 12:30:04 +00:00
enum :
- Values
- KeysAndValues
2023-01-03 22:02:43 +00:00
type : string
2021-06-25 23:56:42 +00:00
required :
- key
type : object
type : array
name :
type : string
required :
- items
- name
type : object
2023-01-03 22:02:43 +00:00
target :
default : Data
2023-10-30 12:30:04 +00:00
enum :
- Data
- Annotations
- Labels
2023-01-03 22:02:43 +00:00
type : string
2021-06-25 23:56:42 +00:00
type : object
type : array
2021-04-23 06:22:23 +00:00
type :
type : string
type : object
2020-11-30 12:24:07 +00:00
type : object
2020-11-30 20:56:51 +00:00
type : object
status :
properties :
2023-05-16 20:06:55 +00:00
binding :
description : Binding represents a servicebinding.io Provisioned Service
reference to the secret
properties :
name :
description: 'Name of the referent. More info : https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO : Add other useful fields. apiVersion, kind, uid?'
type : string
type : object
x-kubernetes-map-type : atomic
2020-11-30 20:56:51 +00:00
conditions :
items :
properties :
lastTransitionTime :
format : date-time
type : string
message :
type : string
reason :
type : string
status :
type : string
type :
type : string
required :
- status
- type
type : object
type : array
2021-02-06 11:52:14 +00:00
refreshTime :
description : refreshTime is the time and date the external secret
was fetched and the target secret updated
format : date-time
2021-02-15 20:51:38 +00:00
nullable : true
2020-11-30 20:56:51 +00:00
type : string
2021-06-09 20:24:48 +00:00
syncedResourceVersion :
description : SyncedResourceVersion keeps track of the last synced
version
type : string
2020-11-30 20:56:51 +00:00
type : object
type : object
2020-11-30 12:24:07 +00:00
served : true
storage : true
2021-02-15 20:51:38 +00:00
subresources :
status : {}