docs: ibm provider

README.md

@@ -16,6 +16,7 @@ Multiple people and organizations are joining efforts to create a single Externa
 - [Hashicorp Vault](https://www.vaultproject.io/)
 - [Google Cloud Secrets Manager](https://external-secrets.io/provider-google-secrets-manager/)
 - [Azure Key Vault](https://external-secrets.io/provider-azure-key-vault/)
+- [IBM Cloud Secrets Manager](https://external-secrets.io/provider-ibm-secrets-manager/)
 
 ## Stability and Support Level
 
@@ -30,9 +31,10 @@ Multiple people and organizations are joining efforts to create a single Externa
 
 ### Community maintained:
 
-| Provider                                                          | Stability |                  Contact                   |
-| ----------------------------------------------------------------- | :-------: | :----------------------------------------: |
-| [Azure KV](https://external-secrets.io/provider-azure-key-vault/) |   alpha   | @ahmedmus-1A @asnowfix @ncourbet-1A @1A-mj |
+| Provider                                                            | Stability |                  Contact                   |
+| ------------------------------------------------------------------- | :-------: | :----------------------------------------: |
+| [Azure KV](https://external-secrets.io/provider-azure-key-vault/)   |   alpha   | @ahmedmus-1A @asnowfix @ncourbet-1A @1A-mj |
+| [IBM SM](https://external-secrets.io/provider-ibm-secrets-manager/) |   alpha   |   @knelasevero @sebagomez @ricardoptcosta  |
 
 ## Documentation
 

docs/provider-ibm-secrets-manager.md

@@ -0,0 +1,64 @@
+## IBM Cloud Secret Manager
+
+External Secrets Operator integrates with [IBM Secret Manager](https://www.ibm.com/cloud/secrets-manager) for secret management.
+
+### Authentication
+
+At the moment, we only support API key authentication for this provider. To generate your key (for test purposes we are going to generate from your user), first got to your (Access IAM) page:
+
+![iam](./pictures/screenshot_api_keys_iam.png)
+
+On the left, click "IBM Cloud API Keys":
+
+![iam-left](./pictures/screenshot_api_keys_iam_left.png)
+
+Press "Create an IBM Cloud API Key":
+
+![iam-create-button](./pictures/screenshot_api_keys_create_button.png)
+
+Pick a name and description for your key:
+
+![iam-create-key](./pictures/screenshot_api_keys_create.png)
+
+You have created a key. Press the eyeball to show the key. Copy or save it because keys can't be displayed or downloaded twice.
+
+![iam-create-success](./pictures/screenshot_api_keys_create_successful.png)
+
+
+
+#### API key secret
+
+Create a secret containing your apiKey:
+
+```shell
+echo -n 'API_KEY_VALUE' > ./apiKey
+kubectl create secret generic ibm-secret --from-file=./apiKey 
+```
+
+### Update secret store
+Be sure the `ibm` provider is listed in the `Kind=SecretStore`
+
+```yaml
+{% include 'ibm-secret-store.yaml' %}
+```
+
+To find your serviceURL, under your Secrets Manager resource, go to "Endpoints" on the left:
+
+
+![iam-create-success](./pictures/screenshot_service_url.png)
+
+### Creating external secret
+
+To create a kubernetes secret from the IBM Secrets Manager, a `Kind=ExternalSecret` is needed.
+
+```yaml
+{% include 'ibm-external-secret.yaml' %}
+```
+
+Currently we can only get the secret by its id and not its name, so something like `565287ce-578f-8d96-a746-9409d531fe2a`.
+
+### Getting the Kubernetes secret
+The operator will fetch the IBM Secret Manager secret and inject it as a `Kind=Secret`
+```
+kubectl get secret secret-to-be-created -n <namespace> | -o jsonpath='{.data.test}' | base64 -d
+```

docs/snippets/ibm-external-secret.yaml

@@ -0,0 +1,16 @@
+apiVersion: external-secrets.io/v1alpha1
+kind: ExternalSecret
+metadata:
+  name: external-secret-sample
+spec:
+  refreshInterval: 1m
+  secretStoreRef:
+    name: secretstore-sample
+    kind: SecretStore
+  target:
+    name: secret-to-be-created
+    creationPolicy: Owner
+  data:
+  - secretKey: test
+    remoteRef:
+      key: xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

docs/snippets/ibm-secret-store.yaml

@@ -0,0 +1,13 @@
+apiVersion: external-secrets.io/v1alpha1
+kind: SecretStore
+metadata:
+  name: secretstore-sample
+spec:
+  provider:
+    ibm:
+      auth:
+        secretRef:
+          secretApiKeySecretRef:
+            name: ibm-secret
+            key: apiKey
+      serviceUrl: "https://SECRETS_MANAGER_ID.REGION.secrets-manager.appdomain.cloud"

docs/spec.md

@@ -1128,6 +1128,110 @@ string
 <p>GenericStore is a common interface for interacting with ClusterSecretStore
 or a namespaced SecretStore.</p>
 </p>
+<h3 id="external-secrets.io/v1alpha1.IBMAuth">IBMAuth
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#external-secrets.io/v1alpha1.IBMProvider">IBMProvider</a>)
+</p>
+<p>
+</p>
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>secretRef</code></br>
+<em>
+<a href="#external-secrets.io/v1alpha1.IBMAuthSecretRef">
+IBMAuthSecretRef
+</a>
+</em>
+</td>
+<td>
+</td>
+</tr>
+</tbody>
+</table>
+<h3 id="external-secrets.io/v1alpha1.IBMAuthSecretRef">IBMAuthSecretRef
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#external-secrets.io/v1alpha1.IBMAuth">IBMAuth</a>)
+</p>
+<p>
+</p>
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>secretApiKeySecretRef</code></br>
+<em>
+github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>The SecretAccessKey is used for authentication</p>
+</td>
+</tr>
+</tbody>
+</table>
+<h3 id="external-secrets.io/v1alpha1.IBMProvider">IBMProvider
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#external-secrets.io/v1alpha1.SecretStoreProvider">SecretStoreProvider</a>)
+</p>
+<p>
+<p>Configures an store to sync secrets using a IBM Cloud Secrets Manager
+backend.</p>
+</p>
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>auth</code></br>
+<em>
+<a href="#external-secrets.io/v1alpha1.IBMAuth">
+IBMAuth
+</a>
+</em>
+</td>
+<td>
+<p>Auth configures how secret-manager authenticates with the IBM secrets manager.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>serviceUrl</code></br>
+<em>
+string
+</em>
+</td>
+<td>
+<p>ServiceURL is the Endpoint URL that is specific to the Secrets Manager service instance</p>
+</td>
+</tr>
+</tbody>
+</table>
 <h3 id="external-secrets.io/v1alpha1.SecretStore">SecretStore
 </h3>
 <p>
@@ -1303,6 +1407,20 @@ GCPSMProvider
 <p>GCPSM configures this store to sync secrets using Google Cloud Platform Secret Manager provider</p>
 </td>
 </tr>
+<tr>
+<td>
+<code>ibm</code></br>
+<em>
+<a href="#external-secrets.io/v1alpha1.IBMProvider">
+IBMProvider
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>IBM configures this store to sync secrets using IBM Cloud provider</p>
+</td>
+</tr>
 </tbody>
 </table>
 <h3 id="external-secrets.io/v1alpha1.SecretStoreRef">SecretStoreRef

hack/api-docs/mkdocs.yml

@@ -41,6 +41,8 @@ nav:
       - Key Vault: provider-azure-key-vault.md
     - Google:
       - Secrets Manager: provider-google-secrets-manager.md
+    - IBM:
+      - Secrets Manager: provider-ibm-secrets-manager.md
     - HashiCorp Vault: provider-hashicorp-vault.md
   - References:
     - API specification: spec.md