1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
Commit graph

542 commits

Author SHA1 Message Date
Gergely Brautigam
c3dcd9adcd
fix: bitwarden API url to point to the correct default location (#3848)
* fix: bitwarden API url to point to the correct default location

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* explicitly remove trailing slashes to prevent not found error

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

---------

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-09-02 07:04:48 +02:00
Shlomo Zalman Heigh
a1722cbfaa
Use Conjur API's built in JWT functions (#3771)
* Use Conjur API's built in JWT functions

Signed-off-by: Shlomo Heigh <shlomo.heigh@cyberark.com>

* docs: clarify that all Conjur types are supported

Signed-off-by: Shlomo Heigh <shlomo.heigh@cyberark.com>

* docs: add link to Conjur blog post

Signed-off-by: Shlomo Heigh <shlomo.heigh@cyberark.com>

---------

Signed-off-by: Shlomo Heigh <shlomo.heigh@cyberark.com>
2024-08-28 21:54:04 +02:00
eso-service-account-app[bot]
3414bd6428
chore: update dependencies (#3815) 2024-08-19 17:07:20 +02:00
Gergely Brautigam
82d419e2ee
feat: add CAProvider to Bitwarden provider (#3699)
* feat: add CAProvider to bitwarden

This change introduces a refactor as well since CAProvider
was used by multiple providers with diverging implementations.
The following providers were affected:
- webhook
- akeyless
- vault
- conjur
- kubernetes

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* refactored the Kubernetes provider to use create ca

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* refactor webhook, vault and kubernetes provider

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* rename CreateCACert to FetchCACertFromSource

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* addressed comments and autodecoding base64 data

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* check if the decoded value is a valid certificate

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

---------

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-08-16 12:32:35 +02:00
Gustavo Fernandes de Carvalho
098d03792d
chore: update security best practice (#3794)
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
2024-08-15 21:31:01 +02:00
Kris
d230fd7e9f
chore: add minimal policy for fetching parameters from ssm (#3770)
Signed-off-by: Kris Johnstone <kris.johnstone@fostermoore.com>
2024-08-08 06:48:08 -03:00
btfhernandez
77f5d0ad91
feat: add beyondtrust provider (#3683)
* feat: add beyondtrust provider

Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>

* feat: edit go.mod and go.sum files

Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>

* feat: change test file name (provider_test.go)

Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>

* feat: solve PR comments

Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>

* feat: organize attributes in a higher hierarchy

Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>

* fix: fix sonar cloud issues and go.mod file conflicts

Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>

* fix: fix PR comments and apply table driven tests

Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>

* fix: fix PR comments

Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>

* fix: fix lint issues

Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>

* fix: fix lint issues on tests

Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>

* fix: run make fmt

Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>

* fix: apply camelCase to yaml attributes

Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>

* fix: solve go.mod file conflict

Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>

* fix: run make check-diff

Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>

---------

Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>
Signed-off-by: btfhernandez <133419363+btfhernandez@users.noreply.github.com>
2024-08-07 09:27:04 +02:00
Gergely Brautigam
6bab976275
doc: add maintainer of the bitwarden secret manager provider (#3762)
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-08-05 08:19:27 +02:00
Ketil
eae808d851
docs: document fullPemToPkcs12 functions (#3749)
Signed-off-by: Ketil Gjerde <477141+mysteq@users.noreply.github.com>
2024-08-02 10:21:31 +02:00
Gergely Brautigam
d5ca3161d6
feat: do not modify the secret in case of a NotModified (#3746)
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-07-31 12:29:21 +02:00
Gergely Brautigam
8c709cfa43
feat: add prefix definition to all secret keys for aws parameter store (#3718)
* feat: add prefix definition to all secret keys for aws parameter store

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* added a push secret test to verify called parameter has a prefix

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

---------

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-07-31 12:29:07 +02:00
Carlos Neto
d10a66ee68
docs: add more details in the externalsecret comments in the API section (creationPolicy + deletionPolicy) (#3725)
Signed-off-by: c-neto <carlos.neto.dev@gmail.com>
2024-07-29 22:47:48 +02:00
Tyler Renslow
a2c7923e35
docs: Remove references to pemCertificate and pemPrivateKey functions (#3744)
* Update docs

Fixes #3260 Removes old deprecated template function 

Signed-off-by: Tyler Renslow <tdrenslow@gmail.com>

* Update templating-v1.md

Signed-off-by: Tyler Renslow <tdrenslow@gmail.com>

---------

Signed-off-by: Tyler Renslow <tdrenslow@gmail.com>
2024-07-29 22:33:34 +02:00
Engin Diri
4f62fb3963
feat: add PushSecret support for Pulumi ESC (#3597)
Signed-off-by: Engin Diri <engin.diri@ediri.de>
2024-07-25 09:00:17 +02:00
Zaza
972f227002
Update bitwarden-secrets-manager.md (#3710)
Fixed typos in the bitwarden provider docs

Signed-off-by: Zaza <thomas.kyle6@gmail.com>
2024-07-22 11:33:00 +02:00
Mike Tougeron
7f71b4717a
Update docs for namespaceSelectors usage and namespaceSelector deprecation (#3695)
Signed-off-by: Mike Tougeron <tougeron@adobe.com>
2024-07-21 16:37:48 -03:00
Ali Nadir
fb020db6de
Added 2 articles I wrote on AWS secrets injection and ESO templating (#3707)
Signed-off-by: Ali Nadir <56518209+alinadir44@users.noreply.github.com>
2024-07-21 16:36:56 -03:00
abhinav1708
bdd0c7ec9a
support for adding headers in vault provider (#3677)
* support for vault headers

Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>

* changes in crds bases for headers support

Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>

* adding autogenerated files

Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>

* removing extra---

Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>

* adding headers before x-vault-Inconsistent

Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>

* changing for lint pass

Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>

---------

Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>
2024-07-15 11:27:06 +02:00
Arthur Kepler
14e6d78d25
namespacesRegexdocs: Fix namespaceRegexes in full-cluster-secret-store.yaml (#3681)
This fixes a typo on https://external-secrets.io/v0.9.20/api/clustersecretstore/, in which the property is incorrectly called `namespacesRegex`

Signed-off-by: Arthur Kepler <610274+excalq@users.noreply.github.com>
2024-07-11 07:09:30 -03:00
Jefferson Machado
03a2ee6ce0
Commenting secrets manifest from hashicorp vault integration (#3680)
Signed-off-by: Jefferson Machado <35748721+jeffmachado@users.noreply.github.com>
2024-07-11 07:08:33 -03:00
Bill Hamilton
1876ff88d7
Add support for Delinea Secret Server (#3468)
* implements secretserver

Signed-off-by: Bill Hamilton <bill.hamilton@delinea.com>

* bump to align e2e

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

* bump

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

---------

Signed-off-by: Bill Hamilton <bill.hamilton@delinea.com>
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
Co-authored-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
2024-07-10 14:32:17 -03:00
shazib
4e444ce150
docs: updated k8s support for ESO v0.9 (#3659) 2024-07-06 07:30:42 +03:00
Gustavo Fernandes de Carvalho
4aeba81f07
bump docs with e2e commands (#3648) 2024-07-02 07:09:35 -03:00
kaedwen
48cccaeded
add AuthRef to kubernetes provider fixes #3627 (#3628)
* add AuthRef to kubernetes provider fixes #3627

Signed-off-by: kaedwen <kaedwen@heinrich.blue>

* run make reviewable

Signed-off-by: kaedwen <kaedwen@heinrich.blue>

* fix validation for given authRef

Signed-off-by: kaedwen <kaedwen@heinrich.blue>

* refactor kubernetes provider auth

Signed-off-by: kaedwen <kaedwen@heinrich.blue>

* satisfy linter

Signed-off-by: kaedwen <kaedwen@heinrich.blue>

* add URL for kubernetes provider tests

Signed-off-by: kaedwen <kaedwen@heinrich.blue>

---------

Signed-off-by: kaedwen <kaedwen@heinrich.blue>
2024-07-01 23:31:10 +02:00
Sverre Boschman
00cf351548
docs: fix dataFrom.find in ExternalSecret api example (#3633)
Signed-off-by: Sverre Boschman <1142569+sboschman@users.noreply.github.com>
2024-06-29 19:21:16 +02:00
Gergely Brautigam
095537e6ad
feat: add bitwarden secret manager support (#3603) 2024-06-28 06:04:25 +02:00
Nathan Ellenfield
907e8ebc82
Fix ACR External Secret example (#3626)
* Fix ACR External Secret example

Signed-off-by: Nathan Ellenfield <nathan.ellenfield@allscripts.com>

* Fix typos in acr generator docs

Signed-off-by: Nathan Ellenfield <nathan.ellenfield@allscripts.com>

---------

Signed-off-by: Nathan Ellenfield <nathan.ellenfield@allscripts.com>
2024-06-26 19:50:24 +02:00
Idan Adar
e13e09413e
Fix typo privatKey in multiple files (#3578)
* Update generators.external-secrets.io_githubaccesstokens.yaml

Fixes https://github.com/external-secrets/external-secrets/issues/3556

Signed-off-by: Idan Adar <iadar@il.ibm.com>

* Update generator_github.go

Signed-off-by: Idan Adar <iadar@il.ibm.com>

* Update github.go

Signed-off-by: Idan Adar <iadar@il.ibm.com>

* Update generator-github.yaml

Signed-off-by: Idan Adar <iadar@il.ibm.com>

* Update github_test.go

Signed-off-by: Idan Adar <iadar@il.ibm.com>

* fix: rename property

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

---------

Signed-off-by: Idan Adar <iadar@il.ibm.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
2024-06-17 11:12:03 +02:00
Geoffrey MUSELLI
f74e08546c
Support glob for namespaces condition in ClusterSecretStore (#2920)
* feat(ClusterSecretStore): Support glob for conditions.namespaces

Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>

* feat(ClusterSecretStore): Fix diff

Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>

* feat(ClusterSecretStore): Fix code smell

Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>

* feat(ClusterSecretStore): First code review

Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>

* feat(ClusterSecretStore): Second code review

Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>

* feat(ClusterSecretStore): Generate

Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>

* feat(ClusterSecretStore): Fix Sonar method complexity

Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>

* addressed comments

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* renamed namedspacesregexes because it sounded funny

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

---------

Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-06-17 08:36:05 +02:00
smcavallo
d29c001d37
Add device42 provider (#3571) 2024-06-14 06:04:19 +02:00
Victor Santos
dd8c004f47
feat: add support to set Type for AWS parameter store (#3576)
Signed-off-by: Victor Santos <vsantos.py@gmail.com>
2024-06-12 10:24:52 +02:00
Akhil Mohan
ace1ff595f
Infisical provider (#3477)
* feat: added crds for infisical provider

Signed-off-by: = <akhilmhdh@gmail.com>

* feat: implemented infisical provider logic

Signed-off-by: = <akhilmhdh@gmail.com>

* fix: resolved broken doc building due to vault doc error

Signed-off-by: = <akhilmhdh@gmail.com>

* docs: added doc for infisical provider

Signed-off-by: = <akhilmhdh@gmail.com>

* docs: fixed a warning in mkdocs on link

Signed-off-by: = <akhilmhdh@gmail.com>

* feat: resolved all lint issues

Signed-off-by: = <akhilmhdh@gmail.com>

* doc: removed k8s auth release banner from infisical doc

Signed-off-by: = <akhilmhdh@gmail.com>

* feat: added support for property to infisical provider

Signed-off-by: = <akhilmhdh@gmail.com>

* feat: removed auth type and made implicit ordering of authentication based on feedback

Signed-off-by: = <akhilmhdh@gmail.com>

* feat: support for referent authentication

Signed-off-by: = <akhilmhdh@gmail.com>

* feat: added error for tag not supported in find

Signed-off-by: = <akhilmhdh@gmail.com>

* fix: resolved failing build

Signed-off-by: = <akhilmhdh@gmail.com>

* feat: updated doc and added stability matrix for infisical

Signed-off-by: = <akhilmhdh@gmail.com>

* feat: switched to less error prone use and revoke token strategy and added validate interface logic

Signed-off-by: = <akhilmhdh@gmail.com>

* feat: code lint issue fixes

Signed-off-by: = <akhilmhdh@gmail.com>

* feat: resolved review comments for infisical client

Signed-off-by: = <akhilmhdh@gmail.com>

* feat: improved test cases and resolved sonar issues

Signed-off-by: = <akhilmhdh@gmail.com>

* feat: resolved sonar suggestions

Signed-off-by: = <akhilmhdh@gmail.com>

* feat: resolved sonar suggestions for test const ids

Signed-off-by: = <akhilmhdh@gmail.com>

* feat: store changes to assertError

Signed-off-by: = <akhilmhdh@gmail.com>

---------

Signed-off-by: = <akhilmhdh@gmail.com>
2024-06-11 22:27:31 +02:00
AvivGuiser
c365cb4956
add log.level and log.encoding to all components (#3558)
* add log.level and log.encoding to all components

Signed-off-by: Aviv Guiser <avivguiser@gmail.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
2024-06-08 15:37:01 +02:00
Gergely Brautigam
94c9a33a11
feat: add location to GCP push secret (#3502)
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-06-07 09:46:29 +02:00
Anders Swanson
8fb0fec6ca
Oracle Vault Provider Documentation (#3551)
* Oracle Vault Provider Documentation

Signed-off-by: anders-swanson <anders.swanson@oracle.com>

* Oracle Vault Provider Documentation

Signed-off-by: anders-swanson <anders.swanson@oracle.com>

---------

Signed-off-by: anders-swanson <anders.swanson@oracle.com>
2024-06-06 21:20:45 +02:00
Andreas Lindhé
d7c0b55880
Fix typo: temaplate --> template (#3554)
Signed-off-by: Andreas Lindhé <7773090+lindhe@users.noreply.github.com>
2024-06-06 00:31:38 +03:00
Antoine Colombier
ef4fa28e0e
doc(BitWarden): extends the liveness timeout (#3542)
The liveness command perform a vault re-sync which usually takes a few second to perform. This commit replace the current value which is too low and lead to timeout and pod termination.

Signed-off-by: Antoine Colombier <7086688+acolombier@users.noreply.github.com>
2024-06-02 15:53:25 +02:00
Shuhei Kitagawa
b156e23743
Raise error when unknown key specified in template (#3480)
* Raise error when unknown key specified in template

Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>

* Update the template docs to clarify the new behavior with non-existing keys

Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>

---------

Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
2024-05-17 09:57:11 -03:00
Luis Schweigard
0abb3e9cc4
Add support for Authentication against Azure Key Vault using Client Certificate (#3469)
* Implementation of Certificate Based Authz against Azure Key Vault

Signed-off-by: Luis Schweigard <luis.schweigard@gmail.com>

* Add tests for new Azure certificate auth functionality

Signed-off-by: Luis Schweigard <luis.schweigard@gmail.com>

* Add documentation for Azure Cert based Auth

Signed-off-by: Luis Schweigard <luis.schweigard@gmail.com>

* Generate spec.md

Signed-off-by: Luis Schweigard <luis.schweigard@gmail.com>

* Add changes from code review

Signed-off-by: Luis Schweigard <luis.schweigard@gmail.com>

* Fix naming in test error case

Signed-off-by: Luis Schweigard <luis.schweigard@gmail.com>

---------

Signed-off-by: Luis Schweigard <luis.schweigard@gmail.com>
2024-05-13 08:40:50 -03:00
Bob Du
4b8b8788bf
Update getting-started.md (#3476)
Signed-off-by: Bob Du <i@bobdu.cc>
2024-05-11 11:03:08 -03:00
Michael Serchenia
34444280bb
GitHub token gen doc (#3463)
* added tempalte example for github token gen + doc

Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>

* added tempalte example for github token gen + doc

Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>

* build doc success, added github with template example

Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>

---------

Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>
2024-05-10 05:00:57 -03:00
Saverio Proto
bddca97cf2
Update getting-started.md (#3464)
* Update getting-started.md

Bump crds tag from v0.9.11 to v0.9.17

Signed-off-by: Saverio Proto <zioproto@gmail.com>

* Update docs/introduction/getting-started.md

Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Saverio Proto <zioproto@gmail.com>

---------

Signed-off-by: Saverio Proto <zioproto@gmail.com>
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
2024-05-07 17:05:24 -03:00
Parth Patel
6d08e679be
Fixed docs nav bar and a couple of broken links (#3445)
Signed-off-by: Parth Patel <p.patel81@yahoo.com>
2024-05-05 07:47:47 -03:00
Steven I
297e55d3af
Improve bitwarden example (#3435)
* Add bitwarden-attachment example

Signed-off-by: Steven I. <commits@imsteven.xyz>

* Fix nav list

Signed-off-by: Steven I. <commits@imsteven.xyz>

---------

Signed-off-by: Steven I. <commits@imsteven.xyz>
2024-04-30 15:04:14 -03:00
Tyki6
e32233f401
Update common-k8s-secret-types.md to fix get secret jsonpath (#3434)
Signed-off-by: Tyki6 <57527739+tyki6@users.noreply.github.com>
2024-04-30 14:15:10 -03:00
Shuhei Kitagawa
9d17e34942
Refactor the SecretStore client manager (#3419)
* Refactor the SecretStore client manager

Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>

* Fix ineffectual assignment to err

Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>

* Update docs

Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>

---------

Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
2024-04-29 05:15:21 -03:00
Shlomo Zalman Heigh
02c6f625bd
Add Conjur Support for FindByName, FindByTag (#3364) 2024-04-28 19:01:00 +02:00
Shuhei Kitagawa
43a7a16baf
Update Go and golangci-lint version (#3396)
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
2024-04-25 06:36:11 -03:00
Parth Patel
f893a246e7
Fix Azure Container Registry Generator invalid YAML (#3414)
Signed-off-by: Parth Patel <p.patel81@yahoo.com>
2024-04-25 06:11:29 -03:00
Katsuya Kawabe
cf15c9ba73
Fix typo in webhook.md (#3388) 2024-04-19 14:39:14 +03:00