feat: support Azure KeyVault as provider (#5)

* Introduce the proposed CRD change before we code it * Use clientId & tenantId as found in Azure native JSON rather than clientID & tenantID looking nore AWS-like. * Native field name in Azure CLI is "vaultUri" * Use `servicePrincipalSecretRef` instead of `secretRef` to open AZ KV
2024-12-14 11:57:59 +00:00 · 2021-02-26 19:21:27 +01:00 · 2021-02-26 19:21:27 +01:00 · 4de3d766c6
commit 4de3d766c6
parent a67d45db09
1 changed files with 39 additions and 9 deletions
--- a/Spec.md
+++ b/Spec.md
@ -13,15 +13,25 @@ status: draft
 ## Table of Contents

 <!-- toc -->
- [Summary](#summary)
- [Motivation](#motivation)
-  - [Goals](#goals)
-  - [Non-Goals](#non-goals)
- [Terminology](#terminology)
- [Use-Cases](#use-cases)
- [Proposal](#proposal)
-  - [API](#api)
- [Alternatives](#alternatives)
+- [External Secrets Operator CRD](#external-secrets-operator-crd)
+  - [Table of Contents](#table-of-contents)
+  - [Summary](#summary)
+  - [Motivation](#motivation)
+    - [Goals](#goals)
+    - [Non-Goals](#non-goals)
+  - [Terminology](#terminology)
+  - [Use-Cases](#use-cases)
+    - [User Definitions](#user-definitions)
+    - [User Stories](#user-stories)
+    - [Providers](#providers)
+    - [Frontends](#frontends)
+  - [Proposal](#proposal)
+    - [API](#api)
+    - [External Secret](#external-secret)
+      - [Behavior](#behavior)
+    - [Secret Store](#secret-store)
+  - [Workflow in a ESO instance](#workflow-in-a-eso-instance)
+  - [Backlog](#backlog)
 <!-- /toc -->

 ## Summary
@ -246,6 +256,26 @@ spec:
      # AWS Region to be used for the provider
      region: eu-central-1

+    # AzureKV configures this store to sync secrets using Azure Key-Vault provider
+    azurekv:
+      # Auth defines the information necessary to authenticate against Azure
+      auth:
+        # The Azure Tenant to send requests to.
+        tenantId: 4be10619-c5d4-4032-bd6a-a697cb365a4a
+
+        # The Service-Princpal's clientID and clientSecret from an already created Kubernetes Secret
+        servicePrincipalSecretRef:
+          clientId:
+            name: azurekv-sp-secret
+            key: client-id
+
+          clientSecret:
+            name: azurekv-sp-secret
+            key: client-secret
+
+      # The URI to that KeyVault instance, as found in the Azure Portal & the az CLI output
+      vaultUri: https://my-vault09.vault.azure.net/
+
 status:
  # Standard condition schema
  conditions: