#150 Update docs

2024-12-14 11:57:59 +00:00 · 2021-05-14 10:18:45 +03:00 · 2021-05-14 10:18:45 +03:00 · c52a54893f
commit c52a54893f
parent c900c8deb5
3 changed files with 64 additions and 0 deletions
--- a/docs/provider-hashicorp-vault.md
+++ b/docs/provider-hashicorp-vault.md
@ -44,3 +44,25 @@ options of optaining credentials for vault:
 ```yaml
 {% include 'vault-kubernetes-store.yaml' %}
 ```
+
+#### LDAP authentication
+
+[LDAP authentication](https://www.vaultproject.io/docs/auth/ldap) uses
+username/password pair to get an access token. Username is stored directly in
+a `Kind=SecretStore` or `Kind=ClusterSecretStore` resource, password is stored
+in a `Kind=Secret` referenced by the `secretRef`.
+
+```yaml
+{% include 'vault-ldap-store.yaml' %}
+```
+
+#### JWT/OIDC authentication
+
+[JWT/OIDC](https://www.vaultproject.io/docs/auth/jwt) uses a
+[JWT](https://jwt.io/) token stored in a `Kind=Secret` and referenced by the
+`secretRef`. Optionally a `role` field can be defined in a `Kind=SecretStore`
+or `Kind=ClusterSecretStore` resource.
+
+```yaml
+{% include 'vault-jwt-store.yaml' %}
+```
--- a/docs/snippets/vault-jwt-store.yaml
+++ b/docs/snippets/vault-jwt-store.yaml
@ -0,0 +1,21 @@
+apiVerson: external-secrets.io/v1alpha1
+kind: SecretStore
+metadata:
+  name: vault-backend
+  namespace: example
+spec:
+  provider:
+    vault:
+      server: "https://vault.acme.org"
+      path: "secret"
+      version: "v2"
+      auth:
+        # VaultJwt authenticates with Vault using the JWT/OIDC auth mechanism
+        # https://www.vaultproject.io/docs/auth/jwt
+        jwt:
+          # JWT role configured in a Vault server, optional.
+          role: "vault-jwt-role"
+          secretRef:
+            name: "my-secret"
+            namespace: "secret-admin"
+            key: "jwt-token"
--- a/docs/snippets/vault-ldap-store.yaml
+++ b/docs/snippets/vault-ldap-store.yaml
@ -0,0 +1,21 @@
+apiVerson: external-secrets.io/v1alpha1
+kind: SecretStore
+metadata:
+  name: vault-backend
+  namespace: example
+spec:
+  provider:
+    vault:
+      server: "https://vault.acme.org"
+      path: "secret"
+      version: "v2"
+      auth:
+        # VaultLdap authenticates with Vault using the LDAP auth mechanism
+        # https://www.vaultproject.io/docs/auth/ldap
+        ldap:
+          # LDAP username
+          username: "username"
+          secretRef:
+            name: "my-secret"
+            namespace: "secret-admin"
+            key: "ldap-password"