* docs: Recommend use of Workload Identity for Azure Key Vault
Mentions AAD Pod Identity is deprecated and updates overview
of supported authentication modes for Azure Key Vault.
This removes "should use aad-pod-identity" wording, see
https://github.com/external-secrets/external-secrets/discussions/2901
Signed-off-by: Mateusz Łoskot <mateusz@loskot.net>
* docs: Fix missing link to Multi-Tenancy Guide
Signed-off-by: Mateusz Łoskot <mateusz@loskot.net>
* docs: Fix typos
Capitalise own names.
Signed-off-by: Mateusz Łoskot <mateusz@loskot.net>
---------
Signed-off-by: Mateusz Łoskot <mateusz@loskot.net>
* feat: add path support for scaleway provider
Signed-off-by: Florent Viel <fviel@scaleway.com>
* feat: update scaleway testcases for path support
Signed-off-by: Florent Viel <fviel@scaleway.com>
* docs: update scaleway doc to add path support
Signed-off-by: Florent Viel <fviel@scaleway.com>
* fix: change func signature to make linter pass
Signed-off-by: Florent Viel <fviel@scaleway.com>
---------
Signed-off-by: Florent Viel <fviel@scaleway.com>
* Add JWT Auth to Conjur Provider
Signed-off-by: Kieran Bristow <kieran.bristow@absa.africa>
* Update docs for Cyberark Conjur Provider
Signed-off-by: Kieran Bristow <kieran.bristow@absa.africa>
* Update test suite to cover new functionality
Signed-off-by: Kieran Bristow <kieran.bristow@absa.africa>
* Run make reviewable
Signed-off-by: Kieran Bristow <kieran.bristow@absa.africa>
* Set MinVersion for tls.Config to satisfy linting
Signed-off-by: Kieran Bristow <kieran.bristow@absa.africa>
* Move ca bundle config example to a yaml snippet
Signed-off-by: Kieran Bristow <kieran.bristow@absa.africa>
* fix: consolidate naming
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: consolidate naming
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* docs: make it a working example
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* Remove JWT expiration handling logic
Signed-off-by: Kieran Bristow <kieran.bristow@absa.africa>
* Run make fmt
Signed-off-by: Kieran Bristow <kieran.bristow@absa.africa>
---------
Signed-off-by: Kieran Bristow <kieran.bristow@absa.africa>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
* Integrate Cloak Secrets
Signed-off-by: Ian Purton <ian.purton@gmail.com>
* Fix link
Signed-off-by: Ian Purton <36966+ianpurton@users.noreply.github.com>
---------
Signed-off-by: Ian Purton <ian.purton@gmail.com>
Signed-off-by: Ian Purton <36966+ianpurton@users.noreply.github.com>
* Adding documentation for populating Kubernetes Secret with metadata from IBM Cloud Secrets Manager
Signed-off-by: Vishal Singha Roy <vishal.singha.roy@ibm.com>
* Rephrasing a few lines
Signed-off-by: Vishal Singha Roy <vishal.singha.roy@ibm.com>
---------
Signed-off-by: Vishal Singha Roy <vishal.singha.roy@ibm.com>
Co-authored-by: Vishal Singha Roy <vishal.singha.roy@ibm.com>
* Add Conjur provider
Signed-off-by: David Hisel <David.Hisel@CyberArk.com>
* fix: lint
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: unit tests
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
---------
Signed-off-by: David Hisel <David.Hisel@CyberArk.com>
Signed-off-by: David Hisel <132942678+davidh-cyberark@users.noreply.github.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
* update documentation
Signed-off-by: Luke Arntz <luke@blue42.net>
* default to GetParametersByPathWithContext
Add GetParametersByPathWithContext. To maintain backward compatibility moved the original `findByname` function to `fallbackFindByName` and created a new `findByName` function that uses the `GetParametersByPathWithContext` API call.
In function `findByName`, if we receive an `AccessDeniedException` when calling GetParametersByPathWithContext `return pm.fallbackFindByName(ctx, ref)`.
Signed-off-by: Luke Arntz <luke@blue42.net>
* feat: notify users about ssm permission improvements
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: get parameters recursively and decrypt them
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
---------
Signed-off-by: Luke Arntz <luke@blue42.net>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
* IBM Provider: enable ESO to pull secrets by name
Signed-off-by: tanishg6@gmail.com <tanishg6@gmail.com>
* document ESO's capability to pull by secret name for IBM provider
Signed-off-by: tanishg6@gmail.com <tanishg6@gmail.com>
* correct the metrics instrumentation
Signed-off-by: tanishg6@gmail.com <tanishg6@gmail.com>
---------
Signed-off-by: tanishg6@gmail.com <tanishg6@gmail.com>
* Add API changes for push secret to k8s
- Property field similar to ExternalSecret
Signed-off-by: Stephan Discher <stephan.discher@sap.com>
* rebase: merge commits
Signed-off-by: Stephan Discher <stephan.discher@sap.com>
* New Test cases for existing PushSecret Logic
Signed-off-by: Stephan Discher <stephan.discher@sap.com>
* feat: replace property if it exists, but differs
Signed-off-by: Stephan Discher <stephan.discher@sap.com>
* feat: restrict usage to having a property always
Signed-off-by: Stephan Discher <stephan.discher@sap.com>
* chore: refactor delete to work with property only and cleanup whole secret only if it would be empty otherwise
Signed-off-by: Stephan Discher <stephan.discher@sap.com>
* feat: refuse to work without property in spec
Signed-off-by: Stephan Discher <stephan.discher@sap.com>
* chore: cleanup code, make it more readable
Signed-off-by: Stephan Discher <stephan.discher@sap.com>
* feat: add metric calls for kubernetes
Signed-off-by: Stephan Discher <stephan.discher@sap.com>
* chore: reorder test cases
Signed-off-by: Stephan Discher <stephan.discher@sap.com>
* feat: make property optional to not break compatibility
Signed-off-by: Stephan Discher <stephan.discher@sap.com>
* fix: adapt fake impls to include new method to fix tests
Signed-off-by: Stephan Discher <stephan.discher@sap.com>
* feat: change status-ref to include property to allow multi property deletes
Signed-off-by: Stephan Discher <stephan.discher@sap.com>
* chore: fix make reviewable complains
Signed-off-by: Stephan Discher <stephan.discher@sap.com>
* fix: fix imports from merge conflict
Signed-off-by: Stephan Discher <stephan.discher@sap.com>
* chore: adapt latest make reviewable suggestions
Signed-off-by: Stephan Discher <stephan.discher@sap.com>
* docs: update push secret support for k8s provider
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* docs: add Kubernetes PushSecret docs
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
---------
Signed-off-by: Stephan Discher <stephan.discher@sap.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
support alibaba oidc assume role
---------
Signed-off-by: Maxim Rubchinsky <maxim.rubchinsky@wiz.io>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
* wip: basic structure of scaleway provider
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* test: add some tests for GetAllSecrets
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: implement PushSecret
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* test: improved test fixtures
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: allow finding secrets by project using the path property
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: add delete secret method
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* Delete dupplicate of push remote ref test implem
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: add capability to use a secret for configuring access token
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: implement GetSecretMap
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: filtering by name and projetc id
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* test: add test for finding secret by name regexp
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: config validation
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* fix: handle situation where no namespace is specified and we cannot provide a default
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: reference secrets by id or name
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* fix: invalid request caused by pagination handling
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: log the error when failing to access secret version
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* fix: pass context to sdk where missing
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: add a cache for reducing AccessSecretVersion() calls
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* refacto: use GetSecret with name instead of ListSecrets
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: allow using secret name in ExternalSecrets
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: use latest_enabled instead of latest
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* refacto: optimized PushSecret and improved its test coverage
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* fix: doesConfigDependOnNamespace was always true
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: use new api with refactored name-based endpoints
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* remove useless todo
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* fix: use secret names as key for GetAllSecrets
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: support gjson propery lookup
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: e2e tests
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* test: e2e test using secret to store api key
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* test: cleanup left over resources on the secret manager before each e2e run
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* doc: add doc for scaleway provider
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* refacto: fix lint issues
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* test: cleanup code in e2e was commented
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: the previous version is disabled when we push to a secret
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* doc: add comments to ScalewayProvider struct to point to console and doc
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: add missing e2e env vars for scaleway
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* docs: add scaleway to support/stability table
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
---------
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
* add keepersecurity provider
Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>
* 🧹chore: bumps (#1758)
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>
* ✨Feature/push secret (#1315)
Introduces Push Secret feature with implementations for the following providers:
* GCP Secret Manager
* AWS Secrets Manager
* AWS Parameter Store
* Hashicorp Vault KV
Signed-off-by: Dominic Meddick <dominic.meddick@engineerbetter.com>
Signed-off-by: Amr Fawzy <amr.fawzy@container-solutions.com>
Signed-off-by: William Young <will.young@engineerbetter.com>
Signed-off-by: James Cleveland <james.cleveland@engineerbetter.com>
Signed-off-by: Lilly Daniell <lilly.daniell@engineerbetter.com>
Signed-off-by: Adrienne Galloway <adrienne.galloway@engineerbetter.com>
Signed-off-by: Marcus Dantas <marcus.dantas@engineerbetter.com>
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Nick Ruffles <nick.ruffles@engineerbetter.com>
Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>
* Fixing release pipeline for boringssl (#1763)
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>
* chore: bump 0.7.0-rc1 (#1765)
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>
* added documentation
Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>
* added pushSecret first iteration
Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>
* added pushSecret and updated documentation
Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>
* refactor client
Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>
* update code and unit tests
Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>
* fix code smells
Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>
* fix code smells
Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>
* fix custom fields
Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>
* making it reviewable
Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>
* fix custom field on secret map
Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>
* Update docs/snippets/keepersecurity-push-secret.yaml
Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>
* fixed edge case, improved validation errors and updated docs
Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>
* fix logic retrieving secrets
Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>
* Update pkg/provider/keepersecurity/client.go
Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>
* lint code
Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>
* linting code
Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>
* go linter fixed
Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>
* fix crds and documentation
Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>
---------
Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Dominic Meddick <dominic.meddick@engineerbetter.com>
Signed-off-by: Amr Fawzy <amr.fawzy@container-solutions.com>
Signed-off-by: William Young <will.young@engineerbetter.com>
Signed-off-by: James Cleveland <james.cleveland@engineerbetter.com>
Signed-off-by: Lilly Daniell <lilly.daniell@engineerbetter.com>
Signed-off-by: Adrienne Galloway <adrienne.galloway@engineerbetter.com>
Signed-off-by: Marcus Dantas <marcus.dantas@engineerbetter.com>
Signed-off-by: Nick Ruffles <nick.ruffles@engineerbetter.com>
Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>
Co-authored-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
