mirrors/external-secrets
1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
Code Activity

docs(alibaba): add access key authentication (#2934)

Browse source 
Signed-off-by: Victor Santos <vsantos.py@gmail.com>
This commit is contained in:
Victor Santos 2023-12-07 13:43:03 -03:00 committed by GitHub
parent 14fb8597db
commit 96233b759a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 34 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
docs/provider/alibaba.md
View file

@ -9,6 +9,40 @@ We support Access key and RRSA authentication.
To use RRSA authentication, you should follow [Use RRSA to authorize pods to access different cloud services](https://www.alibabacloud.com/help/en/container-service-for-kubernetes/latest/use-rrsa-to-enforce-access-control/) to assign the RAM role to external-secrets operator.
#### Access Key authentication
To use `accessKeyID` and `accessKeySecrets`, simply create them as a regular `Kind: Secret` beforehand and associate it with the `SecretStore`:
```yaml
apiVersion: v1
kind: Secret
metadata:
name: secret-sample
data:
accessKeyID: bXlhd2Vzb21lYWNjZXNza2V5aWQ=
accessKeySecret: bXlhd2Vzb21lYWNjZXNza2V5c2VjcmV0
```
```yaml
apiVersion: external-secrets.io/v1beta1
kind: SecretStore
metadata:
name: secretstore-sample
spec:
provider:
alibaba:
regionID: ap-southeast-1
auth:
secretRef:
accessKeyIDSecretRef:
name: secret-sample
key: accessKeyID
accessKeySecretSecretRef:
name: secret-sample
key: accessKeySecret
```
#### RRSA authentication
When using RRSA authentication we manually project the OIDC token file to pod as volume