* Ensure use of BuildKit in the Docker builds
The builds rely on `TARGETOS` and `TARGETARCH` being set, which is
automatically accomplished by the new builder.
Add the explicit envvar selector in the Makefile, until most users
update to docker 23+.
Signed-off-by: Andrea Stacchiotti <andreastacchiotti@gmail.com>
* Update docker build command in developer guide
Signed-off-by: Andrea Stacchiotti <andreastacchiotti@gmail.com>
* Introduce RetrySettings support for Hashicorp Vault
Leave default retries to 0 (not the default of the vault sdk of 2),
as this was decided in abec2a64cc .
Signed-off-by: Andrea Stacchiotti <andreastacchiotti@gmail.com>
---------
Signed-off-by: Andrea Stacchiotti <andreastacchiotti@gmail.com>
* Integrate Cloak Secrets
Signed-off-by: Ian Purton <ian.purton@gmail.com>
* Fix link
Signed-off-by: Ian Purton <36966+ianpurton@users.noreply.github.com>
---------
Signed-off-by: Ian Purton <ian.purton@gmail.com>
Signed-off-by: Ian Purton <36966+ianpurton@users.noreply.github.com>
* Add Conjur provider
Signed-off-by: David Hisel <David.Hisel@CyberArk.com>
* fix: lint
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: unit tests
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
---------
Signed-off-by: David Hisel <David.Hisel@CyberArk.com>
Signed-off-by: David Hisel <132942678+davidh-cyberark@users.noreply.github.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
* IBM Provider: enable ESO to pull secrets by name
Signed-off-by: tanishg6@gmail.com <tanishg6@gmail.com>
* document ESO's capability to pull by secret name for IBM provider
Signed-off-by: tanishg6@gmail.com <tanishg6@gmail.com>
* correct the metrics instrumentation
Signed-off-by: tanishg6@gmail.com <tanishg6@gmail.com>
---------
Signed-off-by: tanishg6@gmail.com <tanishg6@gmail.com>
I also thought it could be usefull to provide an External Secret that uses the Password from the example
Signed-off-by: Sebastián Gómez <sebastiangomezcorrea@gmail.com>
* fix: export grafana dashboard properly
The dashboard JSON must be exported via the share UI, instead of the
JSON Model from settings.
This allows a user to select the correct datasource when importing it
via UI.
see here: https://grafana.com/docs/grafana/latest/dashboards/manage-dashboards/#exporting-a-dashboard
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* chore: bump deps
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
---------
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* feat: add provider metrics
This adds a counter metric `provider_api_calls_count` that observes
the results of upstream secret provider api calls.
(1) Observability
It allows an user to break down issues by provider and api call by
observing the status=error|success label. More details around the error
can be found in the logs.
(2) Cost Management
Some providers charge by API calls issued. By providing observability
for the number of calls issued helps users to understand the impact of
deploying ESO and fine-tuning `spec.refreshInterval`.
(3) Rate Limiting
Some providers implement rate-limiting for their services. Having
metrics
for success/failure count helps to understand how many requests are
issued by a given ESO deployment per cluster.
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: add service monitor for cert-controller and add SLIs
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
---------
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* add keepersecurity provider
Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>
* 🧹chore: bumps (#1758)
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>
* ✨Feature/push secret (#1315)
Introduces Push Secret feature with implementations for the following providers:
* GCP Secret Manager
* AWS Secrets Manager
* AWS Parameter Store
* Hashicorp Vault KV
Signed-off-by: Dominic Meddick <dominic.meddick@engineerbetter.com>
Signed-off-by: Amr Fawzy <amr.fawzy@container-solutions.com>
Signed-off-by: William Young <will.young@engineerbetter.com>
Signed-off-by: James Cleveland <james.cleveland@engineerbetter.com>
Signed-off-by: Lilly Daniell <lilly.daniell@engineerbetter.com>
Signed-off-by: Adrienne Galloway <adrienne.galloway@engineerbetter.com>
Signed-off-by: Marcus Dantas <marcus.dantas@engineerbetter.com>
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Nick Ruffles <nick.ruffles@engineerbetter.com>
Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>
* Fixing release pipeline for boringssl (#1763)
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>
* chore: bump 0.7.0-rc1 (#1765)
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>
* added documentation
Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>
* added pushSecret first iteration
Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>
* added pushSecret and updated documentation
Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>
* refactor client
Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>
* update code and unit tests
Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>
* fix code smells
Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>
* fix code smells
Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>
* fix custom fields
Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>
* making it reviewable
Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>
* fix custom field on secret map
Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>
* Update docs/snippets/keepersecurity-push-secret.yaml
Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>
* fixed edge case, improved validation errors and updated docs
Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>
* fix logic retrieving secrets
Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>
* Update pkg/provider/keepersecurity/client.go
Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>
* lint code
Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>
* linting code
Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>
* go linter fixed
Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>
* fix crds and documentation
Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>
---------
Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Dominic Meddick <dominic.meddick@engineerbetter.com>
Signed-off-by: Amr Fawzy <amr.fawzy@container-solutions.com>
Signed-off-by: William Young <will.young@engineerbetter.com>
Signed-off-by: James Cleveland <james.cleveland@engineerbetter.com>
Signed-off-by: Lilly Daniell <lilly.daniell@engineerbetter.com>
Signed-off-by: Adrienne Galloway <adrienne.galloway@engineerbetter.com>
Signed-off-by: Marcus Dantas <marcus.dantas@engineerbetter.com>
Signed-off-by: Nick Ruffles <nick.ruffles@engineerbetter.com>
Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>
Co-authored-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
* gitlab: support for ci/cd group variables
Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>
* gitlab: support for ci/cd group variables (automatically discover project groups)
Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>
* gitlab: support for ci/cd group variables (documentation)
Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>
Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>
The indentation was incorrect on the website which is ultimately driven
by `1password-secret-store.yaml` so this fixes the file to have the
correct indentation
Signed-off-by: Jason Field <jason@avon-lea.co.uk>
Signed-off-by: Tony Worthit <868644+TonyLovesDevOps@users.noreply.github.com>
Signed-off-by: Tony Worthit <868644+TonyLovesDevOps@users.noreply.github.com>