external-secrets

mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00

Author	SHA1	Message	Date
Shanti G	00bc81c8c7	IBM Provider: enable ESO to pull secrets by name (#2326 ) * IBM Provider: enable ESO to pull secrets by name Signed-off-by: tanishg6@gmail.com <tanishg6@gmail.com> * document ESO's capability to pull by secret name for IBM provider Signed-off-by: tanishg6@gmail.com <tanishg6@gmail.com> * correct the metrics instrumentation Signed-off-by: tanishg6@gmail.com <tanishg6@gmail.com> --------- Signed-off-by: tanishg6@gmail.com <tanishg6@gmail.com>	2023-05-18 21:02:40 +02:00
Gaurav Dasson	7b8fef2c18	✨ Enabling Vault IAM auth (#2208 ) * Enabling Vault IAM auth Signed-off-by: Gaurav Dasson <gaurav.dasson@gmail.com> * Adding spec Signed-off-by: Gaurav Dasson <gaurav.dasson@gmail.com> * Adding test cases and decoupling vault provider from aws for iam auth Signed-off-by: Gaurav Dasson <gaurav.dasson@gmail.com> * Fixing comments Signed-off-by: Gaurav Dasson <gaurav.dasson@gmail.com> * Fixing linter issues Signed-off-by: Gaurav Dasson <gaurav.dasson@gmail.com> * Fixing the check-diff errors Signed-off-by: Gaurav Dasson <gaurav.dasson@gmail.com> * Adding support for assumeRole operations when using static creds Signed-off-by: Gaurav Dasson <gdasson@Gauravs-Mac-mini.local> * Bumping the dependencies to fix the go.mod/go.sum conflicts Signed-off-by: Gaurav Dasson <gdasson@Gauravs-Mac-mini.local> * Bumping up e2e go mod files Signed-off-by: Gaurav Dasson <gaurav.dasson@gmail.com> --------- Signed-off-by: Gaurav Dasson <gaurav.dasson@gmail.com>	2023-05-11 06:10:07 -03:00
Moritz Johner	f6475d63b0	feat: add security best practices doc, restructure guides section (#2290 ) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2023-05-11 08:21:30 +02:00
Sebastián Gómez	fc7281a39b	Added examples for all the Generators in the docs. Fixes #2260 (#2261 ) Also, some generators's examples didn't have the `.metadata.name` property. Signed-off-by: Sebastián Gómez <sebastiangomezcorrea@gmail.com>	2023-04-26 17:00:14 -03:00
Sebastián Gómez	81b9546e0f	Password yaml was missing the name (#2256 ) I also thought it could be usefull to provide an External Secret that uses the Password from the example Signed-off-by: Sebastián Gómez <sebastiangomezcorrea@gmail.com>	2023-04-25 21:05:22 +02:00
Moritz Johner	b2269ee3fb	✨ dashboard variable (#2153 ) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2023-03-22 22:32:31 +01:00
Moritz Johner	e7088937f4	✨ update deps & fix dashboard json (#2148 ) * fix: export grafana dashboard properly The dashboard JSON must be exported via the share UI, instead of the JSON Model from settings. This allows a user to select the correct datasource when importing it via UI. see here: https://grafana.com/docs/grafana/latest/dashboards/manage-dashboards/#exporting-a-dashboard Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * chore: bump deps Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> --------- Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2023-03-21 00:09:04 +01:00
Gustavo Fernandes de Carvalho	ad67363751	✨ Implements template MergePolicy. Fixes a few template merging bugs (#2115 ) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>	2023-03-20 19:22:30 -03:00
Thibault Cohen	6c070bb538	Add bitwarden example (#2139 ) * Add bitwarden example Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com> * Fix bitwarden docs Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com> * fix: punctuation, newline for bullet list Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> --------- Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>	2023-03-20 21:47:47 +01:00
Kristián Leško	be0c946b10	docs: add HashiCorp Vault Generator documentation (#2123 ) * docs: add HashiCorp Vault Generator documentation Document the Vault dynamic secrets Generator from #2074. Signed-off-by: Kristián Leško <kristian.lesko@gooddata.com> * fix: add vault generator to nav Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> --------- Signed-off-by: Kristián Leško <kristian.lesko@gooddata.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>	2023-03-13 21:22:00 +01:00
Sebastián Gómez	4f7683a239	Updating docs (#2122 ) Signed-off-by: Sebastián Gómez <sebastiangomezcorrea@gmail.com>	2023-03-13 21:18:53 +01:00
Šimon Mišenčík	fdf9bda1d5	Fix ExternalSecret key in documentation (#2105 ) * Fix ExternalSecret key in documentation Signed-off-by: Šimon Mišenčík <simon.misencik@gmail.com> * Add comment into snippsets Signed-off-by: Simon Misencik <simon.misencik@gmail.com> --------- Signed-off-by: Šimon Mišenčík <simon.misencik@gmail.com> Signed-off-by: Simon Misencik <simon.misencik@gmail.com>	2023-03-09 21:37:06 +01:00
renanaAkeyless	7e5fbb124b	✨ Add CABundle/CAProvider to Akeyless provider (#2092 ) * support adding CA Cert in Akeyless provider Signed-off-by: Docs <renana@akeyless.io> * update akeyless-go to v3 Signed-off-by: Docs <renana@akeyless.io> * update description Signed-off-by: Docs <renana@akeyless.io> * update description Signed-off-by: Docs <renana@akeyless.io> * update description Signed-off-by: Docs <renana@akeyless.io> * update description Signed-off-by: Docs <renana@akeyless.io> * fix comments Signed-off-by: Docs <renana@akeyless.io> --------- Signed-off-by: Docs <renana@akeyless.io>	2023-03-07 13:11:02 +01:00
Mubarak Jama	043db7e08a	docs: fix auth secretRef in API docs (#2077 ) Signed-off-by: Mubarak Jama <83465122+mubarak-j@users.noreply.github.com>	2023-03-02 22:30:18 +01:00
Pedro Parra Ortega	f44f366e05	🧹 remove hostname from keeper configuration (#2071 ) * remove hostname from keeper configuration Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>	2023-03-02 22:28:35 +01:00
Moritz Johner	7834401933	fix: docs build (#2068 ) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2023-02-28 20:12:34 +00:00
Pedro Parra Ortega	2766c6d5f5	refactor keeper auth configuration (#2052 ) Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>	2023-02-27 23:22:33 +01:00
Moritz Johner	6b576fadf1	feat: add provider metrics (#2024 ) * feat: add provider metrics This adds a counter metric `provider_api_calls_count` that observes the results of upstream secret provider api calls. (1) Observability It allows an user to break down issues by provider and api call by observing the status=error\|success label. More details around the error can be found in the logs. (2) Cost Management Some providers charge by API calls issued. By providing observability for the number of calls issued helps users to understand the impact of deploying ESO and fine-tuning `spec.refreshInterval`. (3) Rate Limiting Some providers implement rate-limiting for their services. Having metrics for success/failure count helps to understand how many requests are issued by a given ESO deployment per cluster. Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: add service monitor for cert-controller and add SLIs Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> --------- Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2023-02-27 22:56:36 +01:00
Matheus Tosta	39c8a49bfb	fix typo in the full-pushsecret.yaml (#2019 ) * fix typo in the full-pushsecret.yaml * change the array reference of the remoteKey from the full-pushsecret.yaml to a map reference	2023-02-17 19:29:59 +01:00
Pedro Parra Ortega	c2054cc1bf	✨ add-keeper-security-provider (#1768 ) * add keepersecurity provider Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * 🧹chore: bumps (#1758) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * ✨Feature/push secret (#1315) Introduces Push Secret feature with implementations for the following providers: * GCP Secret Manager * AWS Secrets Manager * AWS Parameter Store * Hashicorp Vault KV Signed-off-by: Dominic Meddick <dominic.meddick@engineerbetter.com> Signed-off-by: Amr Fawzy <amr.fawzy@container-solutions.com> Signed-off-by: William Young <will.young@engineerbetter.com> Signed-off-by: James Cleveland <james.cleveland@engineerbetter.com> Signed-off-by: Lilly Daniell <lilly.daniell@engineerbetter.com> Signed-off-by: Adrienne Galloway <adrienne.galloway@engineerbetter.com> Signed-off-by: Marcus Dantas <marcus.dantas@engineerbetter.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Nick Ruffles <nick.ruffles@engineerbetter.com> Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * Fixing release pipeline for boringssl (#1763) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * chore: bump 0.7.0-rc1 (#1765) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * added documentation Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * added pushSecret first iteration Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * added pushSecret and updated documentation Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * refactor client Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * update code and unit tests Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * fix code smells Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * fix code smells Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * fix custom fields Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * making it reviewable Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * fix custom field on secret map Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * Update docs/snippets/keepersecurity-push-secret.yaml Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * fixed edge case, improved validation errors and updated docs Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * fix logic retrieving secrets Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * Update pkg/provider/keepersecurity/client.go Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * lint code Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * linting code Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * go linter fixed Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * fix crds and documentation Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> --------- Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Dominic Meddick <dominic.meddick@engineerbetter.com> Signed-off-by: Amr Fawzy <amr.fawzy@container-solutions.com> Signed-off-by: William Young <will.young@engineerbetter.com> Signed-off-by: James Cleveland <james.cleveland@engineerbetter.com> Signed-off-by: Lilly Daniell <lilly.daniell@engineerbetter.com> Signed-off-by: Adrienne Galloway <adrienne.galloway@engineerbetter.com> Signed-off-by: Marcus Dantas <marcus.dantas@engineerbetter.com> Signed-off-by: Nick Ruffles <nick.ruffles@engineerbetter.com> Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> Co-authored-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>	2023-02-03 15:27:21 +01:00
Evert Ramos	fa3acc5fa4	Update full-cluster-secret-store.yaml (#1953 ) Add Oracle provider Signed-off-by: Evert Ramos <evert.ramos@gmail.com>	2023-02-02 00:55:47 +01:00
Gustavo Fernandes de Carvalho	833658699d	✨ Adds Keyvault PushSecret (#1883 ) * Adds Keyvault PushSecret Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>	2023-01-13 07:13:37 -03:00
Gustavo Fernandes de Carvalho	a051da82cf	🐛 Fixes vault PushSecret logic (#1866 ) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>	2023-01-06 13:17:18 -03:00
Gustavo Fernandes de Carvalho	0bd9ea4dbd	✨ Templates from string (#1748 ) * Adds templates from string Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>	2023-01-03 19:02:43 -03:00
DJΞRFY	55e0c50b30	📚 feat: improve docs (#1749 ) Signed-off-by: Djerfy <djerfy@gmail.com>	2022-12-04 08:08:12 -03:00
Moritz Johner	242a6ee1ef	chore: improve naming in examples, regenerate api doc spec (#1746 ) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2022-11-30 20:06:59 +01:00
Gustavo Fernandes de Carvalho	0cb799b5cf	✨Feature/push secret (#1315 ) Introduces Push Secret feature with implementations for the following providers: * GCP Secret Manager * AWS Secrets Manager * AWS Parameter Store * Hashicorp Vault KV Signed-off-by: Dominic Meddick <dominic.meddick@engineerbetter.com> Signed-off-by: Amr Fawzy <amr.fawzy@container-solutions.com> Signed-off-by: William Young <will.young@engineerbetter.com> Signed-off-by: James Cleveland <james.cleveland@engineerbetter.com> Signed-off-by: Lilly Daniell <lilly.daniell@engineerbetter.com> Signed-off-by: Adrienne Galloway <adrienne.galloway@engineerbetter.com> Signed-off-by: Marcus Dantas <marcus.dantas@engineerbetter.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Nick Ruffles <nick.ruffles@engineerbetter.com>	2022-11-29 16:04:46 -03:00
Dominik Zeiger	f38f40a2b4	gitlab: support for CI/CD group variables (#1692 ) * gitlab: support for ci/cd group variables Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> * gitlab: support for ci/cd group variables (automatically discover project groups) Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> * gitlab: support for ci/cd group variables (documentation) Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>	2022-11-21 22:26:34 +01:00
Moritz Johner	dabfa5a589	Feature: initial generator implementation + Github Actions OIDC/AWS (#1539 ) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>	2022-10-29 20:15:50 +02:00
Yannay Hammer	14f5ddf198	Added namespace condition to ClusterSecretStore (#1635 ) * Added namespace condition to ClusterSecretStore Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Added the new conditions field to the docs Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Added tests to ClusterSecretStore namespace conditions Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Added some comments to explain tests better Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Fixed a testcase Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Increased golangci timeout to 10m Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Fixed test to use fakeProvider correctly Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Removed hardcoded timeout from make lint Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Improved error message on non matching namespace Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Modified testCase to use GenericStore interface Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Attempt at generalizing the testcase and reducing code duplication Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Reduced some diff Signed-off-by: Yannay Hammer <yannayha@gmail.com> * fix: tidy e2e mod Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Yannay Hammer <yannayha@gmail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Docs <docs@external-secrets.io> Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>	2022-10-17 16:40:18 +02:00
Jason Field	fac939b79c	fix(1password): Resolve indentation issue in Store (#1617 ) The indentation was incorrect on the website which is ultimately driven by `1password-secret-store.yaml` so this fixes the file to have the correct indentation Signed-off-by: Jason Field <jason@avon-lea.co.uk>	2022-10-08 22:21:55 +02:00
Dominik Zeiger	fa38fe1e60	enable configuration of environment_scope for gitlab provider (#1565 ) * enable configuration of environment_scope for gitlab provider Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>	2022-09-27 22:08:38 +02:00
Ryan Blunden	f01e13f21b	Add Doppler provider (#1573 ) * Add Doppler provider Signed-off-by: Ryan Blunden <ryan.blunden@doppler.com>	2022-09-23 22:47:25 +02:00
renanaAkeyless	ed59520674	added akeyless k8s auth option (#1531 ) * added akeyless k8s auth option Signed-off-by: Docs <renana@akeyless.io>	2022-09-11 13:25:29 +02:00
Moritz Johner	3d3edcc8af	feat: add support matrix, refactor docs (#1508 ) Signed-off-by: Moritz Johner <Moritz.Johner@form3.tech>	2022-09-01 09:53:22 +02:00
Tony DevOps	3522780cfe	📚Fix comment specifying the default engineVersion. (#1450 ) Signed-off-by: Tony Worthit <868644+TonyLovesDevOps@users.noreply.github.com> Signed-off-by: Tony Worthit <868644+TonyLovesDevOps@users.noreply.github.com>	2022-08-12 14:42:40 -03:00
Gustavo Fernandes de Carvalho	b4e7acfaa9	✨Implements dataFrom key rewrite (#1381 ) * Implements dataFrom key rewrite Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * docs: add example to remove invalid characters Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>	2022-08-04 15:24:02 -03:00
Mike	fdf1f9ce6f	feat: Add support for container auth to IBM provider. (#1177 )	2022-07-26 22:48:07 +02:00
Carlos Miguel Bustillo Rodríguez	d9dc3181c8	docs: add Azure KV PKCS12 example (#1358 ) (#1387 )	2022-07-25 21:24:59 +02:00
Stanislaw Scherban	eb8e614755	retryer implementation to handle throttling exceptions on AWS (#1331 ) * awsretryer implemented for AWS providers	2022-07-19 20:00:46 +02:00
Rodrigo Martinez	b18e320bf6	docs: Adds k8s provider example to ClusterSecretStore (#1368 ) * Adds k8s provider example to ClusterSecretStore * remove namespace from SecretStore example Co-authored-by: Docs <docs@external-secrets.io>	2022-07-19 16:34:58 +02:00
Gustavo Fernandes de Carvalho	fa91ba0f6c	✨ Adds DecodingStrategy to ExternalSecrets (#1294 ) Fixes #920 Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>	2022-07-12 09:18:00 -03:00
Nicolas Sadin	530d40c685	[Documentation] - fix aws ParamaterStore typo (#1324 )	2022-07-05 05:48:04 -03:00
cebidhem	284ea9e0f8	Adds Helm docs for dockerconfigjson template (#1307 )	2022-06-29 10:24:59 -03:00
Alberto Llamas	3b5ea401c9	Fix keys for secretRef in CRD ClusterSecretStore While testing I have found that the documentation was referencing to wrong key names: `provider.aws.auth.secretRef.accessKeyIDSecretRef` `provider.aws.auth.secretRef.secretAccessKeySecretRef`	2022-06-04 14:09:21 +02:00
Nitzan Nissim	97126d9798	Add support for IBM Secrets Manager's Private Certificate (#1160 ) * Use gsed on macos. Signed-off-by: Marcin Kubica <marcin.kubica@engineerbetter.com> * Add private_cert support * Add private_cert support Co-authored-by: Marcin Kubica <marcin.kubica@engineerbetter.com>	2022-05-21 22:53:31 +02:00
paul-the-alien[bot]	1a6579b876	Merge pull request #1062 from dreadful-dragon/feature/azkv-tags-sync azkv tag feature	2022-05-20 15:51:50 +00:00
Cristina DE DIOS GONZÁLEZ	3256bc4b82	azkv tag feature	2022-05-16 16:49:34 +02:00
david amick	435aefc7ac	Add 1Password support	2022-05-08 17:01:26 -07:00
Docs	c73206b29c	Add senhasegura DSM provider	2022-05-02 13:28:18 -03:00

1 2 3

137 commits