mirrors/external-secrets
1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
Code Activity
2980 commits 135 branches 173 tags 201 MiB
Commit graph

542 commits

Author SHA1 Message Date
Mykhailo Zahlada
47cc50a9ed
Workloadidentity clientid from secret ref (#3367) 
* updates documentation: extends workloadIdentity auth configuration

Signed-off-by: Mykhailo Zahlada <myzahlad@microsoft.com>

* adds and updates tests

Signed-off-by: Mykhailo Zahlada <myzahlad@microsoft.com>

* extends provider configuration to accept clientId and tenantId as auth SecretRef

Signed-off-by: Mykhailo Zahlada <myzahlad@microsoft.com>

* updates service account example

Signed-off-by: Mykhailo Zahlada <myzahlad@microsoft.com>

* updates docs

Signed-off-by: Mykhailo Zahlada <myzahlad@microsoft.com>

---------

Signed-off-by: Mykhailo Zahlada <myzahlad@microsoft.com>
Co-authored-by: Mykhailo Zahlada <myzahlad@microsoft.com>
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
 2024-04-18 05:09:53 -03:00
Thorben Below
432c6bf9ab
Feat: Add Passbolt Provider (#3334) 
* add passbolt provider

Signed-off-by: Thorben Below <56894536+thorbenbelow@users.noreply.github.com>

* Fix: return err for unimplemented methods

Signed-off-by: Thorben Below <56894536+thorbenbelow@users.noreply.github.com>

---------

Signed-off-by: Thorben Below <56894536+thorbenbelow@users.noreply.github.com>
 2024-04-18 09:58:25 +02:00
David Recuenco
7602995a1c
Extract support for SDKMS provider (#3237) 
* ADD extract support for sdkms provider

Signed-off-by: Recuenco, David <david.recuenco@adidas-group.com>

* Apply suggestions from code review

Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Signed-off-by: David Recuenco <david.recuencogadea+github@gmail.com>

---------

Signed-off-by: Recuenco, David <david.recuenco@adidas-group.com>
Signed-off-by: David Recuenco <david.recuencogadea+github@gmail.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
 2024-04-09 08:20:37 +02:00
Shuhei Kitagawa
120fedf841
Add NamespaceSelectors field to ClusterExternalSecret (#3268) 
https://github.com/external-secrets/external-secrets/issues/3257

Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
 2024-04-05 08:35:08 +09:00
Rodrigo Fior Kuntzer
9ff2354213
fix: introducing support for conversion strategy for PushSecret. (#3292) 
* fix: introducing support for conversion strategy for PushSecret.

Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>

* fix: unit tests code quality.

Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>

---------

Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>
 2024-04-04 16:31:28 +02:00
Mohit Bishesh
ac6d53da54
Update all-keys-one-secret.md (#3320) 
* Update all-keys-one-secret.md

Signed-off-by: Mohit Bishesh mohitbishesh7@gmail.com

Signed-off-by: Mohit Bishesh  <74617917+MohitBishesh@users.noreply.github.com>
Signed-off-by: Mohit Bishesh <mohitbishesh7@gmail.com>

* Updating the grammar and surname

Signed-off-by: Mohit Bishesh <mohitbishesh7@gmail.com>
Signed-off-by: Mohit Bishesh <mohitbishesh7@gmail.com>

---------

Signed-off-by: Mohit Bishesh  <74617917+MohitBishesh@users.noreply.github.com>
Signed-off-by: Mohit Bishesh <mohitbishesh7@gmail.com>
 2024-04-04 08:10:57 +02:00
Michael Serchenia
84731616f4
GitHub provider (supersedes #3014) (#3115) 
* github provider signed, supersedes #3014

Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>

* tests pass, + crd + docs

Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>

* fix sonarLint alert

Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>

* refactoring, replace secretStore with generator

Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>

* cosmetics + tst + lint pass

Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>

* docs

Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>

* clean-up + lint + test

Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>

* small refactor, fix issues left in comments

Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>

---------

Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>
 2024-04-03 09:19:57 +02:00
Blair Drummond
731c0ed736
feat: add vault auth namespace option (#3157) 
* feat: add vault auth namespace option

Signed-off-by: Blair Drummond <blaird@liatrio.com>

* fix: appease the linter

Signed-off-by: Blair Drummond <blaird@liatrio.com>

* feat: add tests for auth namespace

Signed-off-by: Blair Drummond <blaird@liatrio.com>

* fix: add make reviewable output

Signed-off-by: Blair Drummond <blaird@liatrio.com>

---------

Signed-off-by: Blair Drummond <blaird@liatrio.com>
 2024-03-27 07:23:34 +01:00
Engin Diri
e0b668db70
docs: Change default refreshInterval to 5m (#3283) 
Signed-off-by: Engin Diri <engin.diri@ediri.de>
 2024-03-19 08:25:24 +09:00
Ben Skelker
47c0f6c759
Update the CyberArk Provider docs (#3261) 
* updates conjur provider doc

Signed-off-by: Ben Skelker <ben.skelker@cyberark.com>

* edits

Signed-off-by: Ben Skelker <ben.skelker@cyberark.com>

* more edits

Signed-off-by: Ben Skelker <ben.skelker@cyberark.com>

* more edits3

Signed-off-by: Ben Skelker <ben.skelker@cyberark.com>

* even more edits

Signed-off-by: Ben Skelker <ben.skelker@cyberark.com>

* Update docs/provider/conjur.md

Signed-off-by: Ben Skelker <54019610+benskelker@users.noreply.github.com>
Signed-off-by: Ben Skelker <ben.skelker@cyberark.com>

* and more edits

Signed-off-by: Ben Skelker <ben.skelker@cyberark.com>

---------

Signed-off-by: Ben Skelker <ben.skelker@cyberark.com>
Signed-off-by: Ben Skelker <54019610+benskelker@users.noreply.github.com>
Co-authored-by: Ben Skelker <ben.skelker@cyberark.com>
 2024-03-16 09:51:46 +09:00
Burgs Del
f4050ca93f
adjust position of principalType (#3252) 
Signed-off-by: Hayden-Chang <shenshuoyouguang@outlook.com>
 2024-03-13 08:43:26 +09:00
Sulfixx
e57e4b72ca
Integrate Passworddepot (#2799) 
* PLAT-1179 | updated to beta1

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* PLAT-1179 | Updating External Secrets fixes

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* PLAT-1179 | Fix to Passworddepots-crds-generation

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* PLAT-1179 | apiextensionsv1 removal

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* Update apis/externalsecrets/v1beta1/secretstore_passworddeport_types.go

Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Signed-off-by: Sulfixx <135371229+Sulfixx@users.noreply.github.com>

* Update apis/externalsecrets/v1beta1/secretstore_passworddeport_types.go

Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Signed-off-by: Sulfixx <135371229+Sulfixx@users.noreply.github.com>

* Update apis/externalsecrets/v1beta1/secretstore_types.go

Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Signed-off-by: Sulfixx <135371229+Sulfixx@users.noreply.github.com>

* PLAT-1179 | Removed insecureverify and other fixes

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* PLAT-1179 | Fixed Linter and Sonar Issues

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* PLAT-1179 | Fixed Typo in Passworddepot_api.go

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* PLAT-1179 | Resolved go.mod Conflict

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* PLAT-1179 | Resolved go.mod conflict typo

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* PLAT-1179 | admission.Warnings error fix

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* PLAT-1179 | Added nolint:bodyclose // linters bug

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* PLAT-1179 | Removed <= Head arrow from mkdocs.yml

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* PLAT-1179 | Added Make Check-Diff Changes

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* PLAT-1179 | Changed Error Package, Added Context, API Refactor

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* PLAT-1179 | Added const DoRequestError to reduce Codesmell

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* PLAT-1179 | Moved defer body close func into ReadAndUnmarshal

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* PLAT-1179 | Moved Status Check into ReadAndUnmarshal

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* PLAT-1179 | Removed Response.body from ReadAndUnmarshal

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* Update apis/externalsecrets/v1alpha1/secretstore_passworddepot_types.go

Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Signed-off-by: Sulfixx <135371229+Sulfixx@users.noreply.github.com>

* PLAT-1179 | Go mod tidy and Make generate

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* PLAT-1179 | Added empty SecretExists Method

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* PLAT-1179 | Renamed unsed ctx to _

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

---------

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
Signed-off-by: Sulfixx <135371229+Sulfixx@users.noreply.github.com>
Co-authored-by: Sören Rohweder <soeren.rohweder@fastleansmart.com>
Co-authored-by: Simon Becker <simon.becker@fastleansmart.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
 2024-03-12 13:33:08 +01:00
Gergely Brautigam
1d5177c8c7
feat: add secret push format to AWS secrets manager (#3189) 2024-03-10 08:12:50 +01:00
Carolin Dohmen
29e5f71d8b
Add PushSecret UpdatePolicy (to replace PR #3100) (#3117) 
* Add PushSecret UpdatePolicy

Signed-off-by: Carolin Dohmen <carodohmen@gmail.com>

* Adjust description of UpdatePolicy in PushSecret Spec

Signed-off-by: Carolin Dohmen <carodohmen@gmail.com>

* Restructure PushSecret Status

Signed-off-by: Carolin Dohmen <carodohmen@gmail.com>

* Refactor PushSecret controller method

Signed-off-by: Carolin Dohmen <carodohmen@gmail.com>

* Add missing methods for new providers

Signed-off-by: Carolin Dohmen <carodohmen@gmail.com>

* Add missing method to onboardbase client

Signed-off-by: Carolin Dohmen <carodohmen@gmail.com>

* Add docs on PushSecret UpdatePolicy

Signed-off-by: Carolin Dohmen <carodohmen@gmail.com>

* Use constant for error message

Signed-off-by: Carolin Dohmen <carodohmen@gmail.com>

---------

Signed-off-by: Carolin Dohmen <carodohmen@gmail.com>
 2024-03-08 11:17:31 +01:00
Lucas Severo Alves
6edd8d38dd
docs: adds note to Lifecycle creation policy owner docs (#3235) 
Signed-off-by: Lucas Severo Alves <lseveroa@redhat.com>
Co-authored-by: Lucas Pimentel Quintao <luk.2001@hotmail.com>
 2024-03-06 10:30:20 +01:00
Shlomo Zalman Heigh
1d3209da59
Conjur E2E Tests for K8s JWT Authentication (#3217) 
Signed-off-by: Shlomo Heigh <shlomo.heigh@cyberark.com>
 2024-03-01 17:36:19 +01:00
Gergely Brautigam
02f941b0a0
Revert "3012 - Probes for external-secrets (#3131)" (#3213) 
This reverts commit 7eebfa027c.

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
 2024-03-01 13:22:35 +01:00
Benjamin Walterscheid
7eebfa027c
3012 - Probes for external-secrets (#3131) 
* issue/3012 - introduced livenessProbe for core controller

Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>

* issue/3012 - updated livenessprobe for core controller

Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>

* issue/3012 - updated failing tests for controller_test.yaml

Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>

* issue/3012 - liveness probes with missing LivenessEndpointName and liveAddr flag

Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>

* issue/3012 - added missing live-addr core controller flag

Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>

* issue/3012 - removed obsolete align

Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>

* issue/3012 - added missing livenessProbe to README

Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>

* issue/3012 - updated docu for livenessProbes

Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>

* issue/3012 - corrected description within values.yaml for check-diff

Signed-off-by: Benjamin Walterscheid <git@berlking.io>

* issue/3012 - minor README corrections

Signed-off-by: Benjamin Walterscheid <git@berlking.io>

* issue/3012 - updated snapshots for fortanix and onboardbase

Signed-off-by: Benjamin Walterscheid <git@berlking.io>

---------

Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>
Signed-off-by: Benjamin Walterscheid <52604859+fdberlking@users.noreply.github.com>
Signed-off-by: Benjamin Walterscheid <git@berlking.io>
Co-authored-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>
 2024-03-01 08:57:45 +01:00
Aleem Isiaka
52f6655345
Onboardbase (#2697) 
* Commit and Save

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Pull secrets

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Integrate Onboardbase Into ESO

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Minor Fix And Cleanups

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Attend to review comments

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Commit and Save

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Pull secrets

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Integrate Onboardbase Into ESO

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Minor Fix And Cleanups

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Attend to review comments

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Commit and Save

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Pull secrets

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Integrate Onboardbase Into ESO

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Minor Fix And Cleanups

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Attend to review comments

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Commit and Save

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Pull secrets

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Integrate Onboardbase Into ESO

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Minor Fix And Cleanups

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Attend to review comments

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Run decrypt with error

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Commit and Save

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Pull secrets

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Integrate Onboardbase Into ESO

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Minor Fix And Cleanups

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Attend to review comments

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Commit and Save

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Pull secrets

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Integrate Onboardbase Into ESO

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Minor Fix And Cleanups

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Attend to review comments

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Commit and Save

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Pull secrets

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Integrate Onboardbase Into ESO

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Minor Fix And Cleanups

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Attend to review comments

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Commit and Save

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Pull secrets

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Integrate Onboardbase Into ESO

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Minor Fix And Cleanups

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Attend to review comments

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Install deps

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Improved docs

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Improved docs

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Update hack/crd.generate.sh

Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Aleem Isiaka <30846935+limistah@users.noreply.github.com>

* address issues with running the code

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* decrypt library into code

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* add docs to onboardbase provider

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* refactor duplicates

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Address Issues with tests

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Address issues with delete policy and json secrets

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Fix lint errors

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* error out when there is tags in the find field

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* execute delete request with the right data

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* ignore deletion policy

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* improve lint errors

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* remove cryptojs decrypt libs

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Get secret value if property is set

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* run obb operator

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* 👌 IMPROVE: supports request deadline, esv1beta1 api updates

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* use same timeout

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* fix sonar cloud issues

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* fix sonar cloud issues

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* fix sonar cloud issues

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* fix failing test

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* add improve docs

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* add improve docs

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

---------

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
Signed-off-by: Nasirudeen Olohundare <iamnasirudeen@gmail.com>
Signed-off-by: Aleem Isiaka <30846935+limistah@users.noreply.github.com>
Co-authored-by: Nasirudeen Olohundare <iamnasirudeen@gmail.com>
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
 2024-02-29 21:28:17 +01:00
Peter Stolz
0f6db5bd22
docs: Add logo and favicon to docs (#3206) 
Signed-off-by: Peter Stolz <50801264+PeterStolz@users.noreply.github.com>
 2024-02-28 15:37:53 +01:00
David Recuenco
af38fc68d5
ADD sdkms base implementation (#3180) 
* ADD sdkms base implementation

Signed-off-by: Recuenco, David <david.recuenco@adidas-group.com>

* FIX get secret object by name, unmarshalling error formatting

Signed-off-by: Recuenco, David <david.recuenco@adidas-group.com>

* ADD suport for fortanix secret security objects

Signed-off-by: Recuenco, David <david.recuenco@adidas-group.com>

* ADD more tests for opaque, secret, new client

Signed-off-by: Recuenco, David <david.recuenco@adidas-group.com>

* FIX changes required by make reviewable

Signed-off-by: Recuenco, David <david.recuenco@adidas-group.com>

* ADD missing provider registration

Signed-off-by: Recuenco, David <david.recuenco@adidas-group.com>

* FIX remove unused error string, add generated assets

Signed-off-by: Recuenco, David <david.recuenco@adidas-group.com>

---------

Signed-off-by: Recuenco, David <david.recuenco@adidas-group.com>
 2024-02-28 10:59:47 +01:00
Mathias Maes
74ed3facb7
Add PEM to PKCS12 template function (#3101) 
* Add PEM to PKCS12 template function

Signed-off-by: Mathias Maes <mathias.maes@aloxy.io>

* add docs

Signed-off-by: Mathias Maes <mathias.maes@aloxy.io>

* add pemToPkcs12Pass

Signed-off-by: Mathias Maes <mathias.maes@aloxy.io>

* fix formatting

Signed-off-by: Mathias Maes <mathias.maes@aloxy.io>

---------

Signed-off-by: Mathias Maes <mathias.maes@aloxy.io>
 2024-02-27 09:36:53 +01:00
Maxence Boutet
57967813d1
fix(docs): Fix indentation in vault-pushsecret.yaml (#3156) 
Signed-off-by: Maxence Boutet <52334444+mboutet@users.noreply.github.com>
 2024-02-17 07:06:02 -03:00
Gustavo Fernandes de Carvalho
1cf8f68276
Implements Webhook Generator (#3121) 
* adding webhook generators

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

* bumping bundle

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

* linting

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

* fixing copy-paste error

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

* common webhook functions

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

* removing duplicates. Adding tests for generator

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

* docs

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

---------

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
 2024-02-17 06:49:31 -03:00
Engin Diri
dc9b5b7207
feat: add support for Pulumi ESC (#2997) 
Signed-off-by: Engin Diri <engin.diri@ediri.de>
 2024-02-14 19:56:06 +01:00
Sourav Patnaik
a012f4829c
Implementation of Chef External Secrets Provider (#3127) 
* Adding the details for chef provider secret store.

Issue: https://github.com/external-secrets/external-secrets/issues/2905

This commit intends to add the chef provider structure to the existing list of external-secrets providers.
It defines the structure of the SecretStore and ClusterSecretStore for chef Provider.
The yaml resource will contain 3 important parts to identify and connect to chef server to reconcile secrets. They are:
1. serverurl: This is the URL to the chef server.
2. username: The username to connect to the chef server.
3. auth: The password to connect to the chef server. It is a reference to an already existing kubernetes secret containing the password.

This commit also contains the auto generated CRDs using the `make generate` command.

Signed-off-by: Subroto Roy <subrotoroy007@gmail.com>

* Implementation for Chef ESO provided

Signed-off-by: vardhanreddy13 <vvv.vardhanreddy@gmail.com>

* - implemented Chef eso, added required methods
- added unit test cases
- added sample documentation
Issue: https://github.com/external-secrets/external-secrets/issues/2905

Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com>

* Added Documentation for Authentication

Signed-off-by: Subroto Roy <subrotoroy007@gmail.com>

* added documentation for Chef eso
Issue: https://github.com/external-secrets/external-secrets/issues/2905

Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com>

* Updated chef ESO documentation

Signed-off-by: vardhanreddy13 <vvv.vardhanreddy@gmail.com>

* updated ValidateStore method signature
Issue: https://github.com/external-secrets/external-secrets/issues/2905

Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com>

* made changes in chef provider to satisfy 'make docs'

Issue: https://github.com/external-secrets/external-secrets/issues/2905

Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com>

* - updated code as per review comment, make reviewable suggestions
Issue: https://github.com/external-secrets/external-secrets/issues/2905

Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com>

* modified chef provider code as per review comment

Issue: https://github.com/external-secrets/external-secrets/issues/2905

Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com>

---------

Signed-off-by: Subroto Roy <subrotoroy007@gmail.com>
Signed-off-by: vardhanreddy13 <vvv.vardhanreddy@gmail.com>
Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com>
Co-authored-by: Subroto Roy <subrotoroy007@gmail.com>
Co-authored-by: vardhanreddy13 <vvv.vardhanreddy@gmail.com>
 2024-02-14 09:54:08 +01:00
Shanti G
5f8d24000a
IBM provider: remove deprecated code for fetching secret by name (#3078) 
* remove deprecated code for fetching secret by name

Signed-off-by: shanti.gundumalla@ibm.com <shanti.gundumalla@ibm.com>

* update the documentation

Signed-off-by: shanti.gundumalla@ibm.com <shanti.gundumalla@ibm.com>

* fix linting

Signed-off-by: shanti.gundumalla@ibm.com <shanti.gundumalla@ibm.com>

---------

Signed-off-by: shanti.gundumalla@ibm.com <shanti.gundumalla@ibm.com>
Co-authored-by: shanti.gundumalla@ibm.com <shanti.gundumalla@ibm.com>
 2024-01-26 17:46:24 +01:00
Moritz Johner
26f9c3f1f4
chore: refactor/centralise secretKeyRef usage (#3022) 
* chore: refactor/centralise secretKeyRef usage

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2024-01-21 08:19:57 +01:00
kyasbal
b6b4f12509
Fix wrong namespaceSelector configuration in snippet in document (#3054) 
The snippet[1] was not aligning with the schema defined in CRD.

[1] https://external-secrets.io/latest/guides/security-best-practices/

Signed-off-by: kyasbal <kyasbal1994@gmail.com>
 2024-01-20 22:26:12 +01:00
Rodrigo Fior Kuntzer
31cecaa62b
feat: add support for Hashicorp Vault mTLS (#3018) 
* feat: adding support for mTLS to the Vault provider

Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>
 2024-01-19 00:43:28 +01:00
Moritz Johner
00249f1d43
Create OSSF scorecard job (#3032) 
* Create scorecard.yml

Adds a scorecard workflow to regularly check the repo.
See docs: https://github.com/marketplace/actions/ossf-scorecard-action#scorecard-badge

Signed-off-by: Moritz Johner <moolen@users.noreply.github.com>
 2024-01-18 21:03:07 +01:00
Peter Stolz
1f665cea5d
docs: add command to install CRDs using kustomize (#3023) 
Signed-off-by: Peter Stolz <50801264+PeterStolz@users.noreply.github.com>
 2024-01-14 15:27:29 +01:00
aviadkray
04bccc5316
gramar2 - intuitive not intuative (#2992) 
Signed-off-by: aviadkray <108495983+aviadkray@users.noreply.github.com>
 2024-01-12 22:55:55 +01:00
aviadkray
92187cf2b9
fix grammar (#2991) 2024-01-12 22:47:41 +01:00
Charles Thomas
40ab707049
doc: update bitwarden-cli image & version (#2971) 
Signed-off-by: Charles Thomas <ch@rlesthom.as>
 2024-01-12 22:01:26 +01:00
Benjamin Walterscheid
ef19459914
Issue/2965 - Documentation does not reflect latest changes for datafrom for IBM Secret Manager (#3010) 
* 2963 - removed duplicated annotations

Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>

* 2963 - updated documentation to use kv secret types with v1beta1 apiVersion

Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>

* 2963 - minor yaml corrections

Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>

* added some example for v2 literal templating (#3007)

Signed-off-by: Robert Paschedag <robert.paschedag@sap.com>
Co-authored-by: Robert Paschedag <robert.paschedag@sap.com>
Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>

---------

Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>
Signed-off-by: Robert Paschedag <robert.paschedag@sap.com>
Co-authored-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>
Co-authored-by: Robert Paschedag <robert.paschedag@web.de>
Co-authored-by: Robert Paschedag <robert.paschedag@sap.com>
 2024-01-12 21:48:49 +01:00
Zadkiel Aharonian
551706c494
docs: update controller reconcile error rule (#3021) 
Signed-off-by: Zadkiel Aharonian <zadkiel.aharonian@gmail.com>
 2024-01-12 19:54:52 +01:00
Pedro Parra Ortega
ba8cf6bde5
Feat/allow keeper to work with complex types (#3016) 
* update dependencies (#3005)

Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>

* feat: allow keeper to work with complex types

Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>

---------

Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>
Co-authored-by: eso-service-account-app[bot] <85832941+eso-service-account-app[bot]@users.noreply.github.com>
Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
 2024-01-12 00:30:58 +01:00
Robert Paschedag
45e2bd3796
added some example for v2 literal templating (#3007) 
Signed-off-by: Robert Paschedag <robert.paschedag@sap.com>
Co-authored-by: Robert Paschedag <robert.paschedag@sap.com>
 2024-01-09 09:38:23 +01:00
Bryce Thuilot
0bb4feae4a
feat: add PushSecret and DeleteSecret to onepassword provider (#2646) 
* feat: add PushSecret and DeleteSecret to onepassword provider

Signed-off-by: Bryce Thuilot <bryce@thuilot.io>

* refactor: clean code based on suggestions

Signed-off-by: Bryce Thuilot <bryce@thuilot.io>

* refactor: make suggested sonar cube changes

Signed-off-by: Bryce Thuilot <bryce@thuilot.io>

---------

Signed-off-by: Bryce Thuilot <bryce@thuilot.io>
 2024-01-04 19:36:41 +01:00
Matúš Ferech
0ac250dd2d
Fix typo in pushsecrets docs (#2998) 2024-01-04 15:28:05 +01:00
Moritz Johner
a0c5f7eb51
fix: bump kubernetes version support (#2981) 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2023-12-25 13:53:10 +02:00
Gergely Brautigam
d6e24a82bd
feat: add templating to PushSecret (#2926) 
* feat: add templating to PushSecret

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* adding unit tests around templating basic concepts and verifying output

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* extracting some of the common functions of the parser

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* remove some more duplication

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* removed commented out code segment

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* added documentation for templating feature

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* simplified the templating for annotations and labels

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

---------

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
 2023-12-22 21:45:34 +01:00
Gergely Brautigam
0bbfb1b954
feat: introduce tilt into the development process (#2966) 
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
 2023-12-21 22:58:31 +01:00
Nitzan Nissim
b0bdef20b5
Add support for IBM Cloud Service Credentials secret type (#2950) 2023-12-21 08:21:02 +02:00
Rajath Reghunath
632071d954
docs: Update contact email (#2948) (#2949) 2023-12-14 13:35:39 +01:00
Victor Santos
96233b759a
docs(alibaba): add access key authentication (#2934) 
Signed-off-by: Victor Santos <vsantos.py@gmail.com>
 2023-12-07 17:43:03 +01:00
Kiyofumi Sano
2f043ecaed
Signed-off-by: Kiyo510 <miraishida00510@gmail.com> (#2919) 
typo: ref:#2917 Fix typo in ExtermalSecretRewriteTransform
 2023-12-02 14:53:11 +01:00
Victor Santos
3599384660
feat(fake): deprecate ValueMap to use Value instead (#2884) 2023-12-02 06:57:48 +09:00
Tal Asulin
2441ad547b
Feat/Adding support for PushSecret using HashiCorp Vault KV v1 (#2879) 
* feat: init pushsecret support for vault kv1

Signed-off-by: talasulin <tal.asulin@appsflyer.comn>

* feat: update delete secret to support vault kv1

Signed-off-by: talasulin <tal.asulin@appsflyer.comn>

* test: adding unit tests for deletesecret for vault v1 coverage

Signed-off-by: talasulin <tal.asulin@appsflyer.comn>

* docs: adding a note for describing the potential risk of using kv1 with pushsecret

Signed-off-by: talasulin <tal.asulin@appsflyer.comn>

* feat: removing white spaces

Signed-off-by: talasulin <tal.asulin@appsflyer.comn>

* feat: removing white spaces

Signed-off-by: talasulin <tal.asulin@appsflyer.comn>

* chore: reverting buildMetadataPath changes as they are not called from v1 logic

Signed-off-by: talasulin <tal.asulin@appsflyer.comn>

* feat: add custom metadata to vault v1 secrets

Signed-off-by: talasulin <tal.asulin@appsflyer.comn>

* docs: adjusting documentation for supporting vault kv v1

Signed-off-by: talasulin <tal.asulin@appsflyer.comn>

* docs: adjusting documentation for supporting vault kv v1

Signed-off-by: talasulin <tal.asulin@appsflyer.comn>

* Update docs/provider/hashicorp-vault.md

Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Tal Asulin <tallin900@gmail.com>
Signed-off-by: talasulin <tal.asulin@appsflyer.comn>

---------

Signed-off-by: talasulin <tal.asulin@appsflyer.comn>
Signed-off-by: Tal Asulin <tallin900@gmail.com>
Co-authored-by: talasulin <tal.asulin@appsflyer.comn>
Co-authored-by: tal-asulin <tal-asulin@users.noreply.github.com>
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
 2023-11-30 04:51:30 -03:00
Moritz Johner
2b2661ebc2
fix: use service management endpoint for ACR when using WI (#2913) 
The `scope` parameter used to be the ACR url foobar.azurecr.io, but
this stopped working. Turns out that you need to use the management
endpoint as `scope` in order to authenticate with ACR.

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2023-11-30 00:02:28 +01:00
Petter Abrahamsson
eea369578d
fix: Small typo in the 'templateFrom' guide (#2912) 
Signed-off-by: Petter Abrahamsson <pabraham@redhat.com>
 2023-11-29 21:48:08 +01:00
Ryan Arnold
8fd952c6e7
Docs: Add details on how to use FilterPEM function (#2893) 
* Docs - add note clarifying how to use filterpem for future readers

Signed-off-by: arnoldrw <arnold.rw@pg.com>

* Update docs/guides/templating.md

Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Signed-off-by: Ryan Arnold <51235300+arnoldrw@users.noreply.github.com>

---------

Signed-off-by: arnoldrw <arnold.rw@pg.com>
Signed-off-by: Ryan Arnold <51235300+arnoldrw@users.noreply.github.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
 2023-11-29 20:37:13 +01:00
Mateusz Łoskot
4acf82f23c
docs: Recommend use of Workload Identity for Azure Key Vault (#2906) 
* docs: Recommend use of Workload Identity for Azure Key Vault

Mentions AAD Pod Identity is deprecated and updates overview
of supported authentication modes for Azure Key Vault.

This removes "should use aad-pod-identity" wording, see
https://github.com/external-secrets/external-secrets/discussions/2901

Signed-off-by: Mateusz Łoskot <mateusz@loskot.net>

* docs: Fix missing link to Multi-Tenancy Guide

Signed-off-by: Mateusz Łoskot <mateusz@loskot.net>

* docs: Fix typos

Capitalise own names.

Signed-off-by: Mateusz Łoskot <mateusz@loskot.net>

---------

Signed-off-by: Mateusz Łoskot <mateusz@loskot.net>
 2023-11-27 14:15:05 -03:00
Gergely Brautigam
3fbe318582
feat: allow pushing the whole secret to the provider (#2862) 
* feat: allow pushing the whole secret to the provider

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* add documentation about pushing a whole secret

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* disabling this feature for the rest of the providers for now

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* added scenario for update with existing property

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

---------

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
 2023-11-21 22:00:21 +01:00
Victor Santos
6458048c62
docs: fix deprecation policy typo (#2875) 
Signed-off-by: Victor Santos <vsantos.py@gmail.com>
 2023-11-15 13:42:35 +01:00
visokoo
2e4067ed3f
docs: remove additional space in dockercreds example that causes the last curly brace to be removed (#2877) 
Signed-off-by: Vivian Ta <ta.vivian@gmail.com>
 2023-11-15 13:41:47 +01:00
Yonatan Koren
d42e19dc70
feat: AWS SecretsManager Config (allow ForceDeleteWithoutRecovery for PushSecret) (#2854) 
* Add secretsmanager config.

Signed-off-by: Yonatan Koren <10080107+korenyoni@users.noreply.github.com>

* Fix unit tests.

Signed-off-by: Yonatan Koren <10080107+korenyoni@users.noreply.github.com>

* Update docs, fix validation, tests.

Signed-off-by: Yonatan Koren <10080107+korenyoni@users.noreply.github.com>

* Fix grammatical error in attribute descriptions.

Signed-off-by: Yonatan Koren <10080107+korenyoni@users.noreply.github.com>

* Improve API docs for SecretsManager.

Signed-off-by: Yonatan Koren <10080107+korenyoni@users.noreply.github.com>

---------

Signed-off-by: Yonatan Koren <10080107+korenyoni@users.noreply.github.com>
 2023-11-14 18:44:22 -03:00
Lucas Pimentel Quintao
92d8210221
feat: update dataFrom with use of generator (#2793) 
* feat: adds example extract/find use case to dataFrom example

Signed-off-by: Lucas Pimentel Quintao <lucaspimentel123@users.noreply.github.com>
 2023-11-09 23:31:50 +01:00
Shuhei Kitagawa
c9b3f97425
Refactor the PushSecret interface (#2859) 
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
 2023-11-08 06:47:13 +09:00
Anders Swanson
f4a7c95b54
feat: Oracle PushSecret & find implementation (#2840) 
Signed-off-by: anders-swanson <anders.swanson@oracle.com>
 2023-11-03 21:42:27 +01:00
Charl Klein
06301854d0
docs: - Minor Note to assist future readers (#2839) 
Signed-off-by: CharlKlein <19486531+CharlKlein@users.noreply.github.com>
 2023-11-02 20:36:09 +01:00
Moritz Johner
9ff86eab51
fix: remove sourceRef.generatorRef from .data[] (#2735) 
fix: deprecate sourceRef.generatorRef from .data[]

A generator is supposed to be used via .dataFrom[]. Usage in .data[]
is not implemented and doesn't make sense, see #2720.

This commit splits the SourceRef into two types:
- one that only defines a secretStoreRef
- one that allows to define either secretStoreRef or generatorRef

The former is used in .data[] and the latter is used in .dataFrom[].

The Deprecated field is going to be removed with v1.

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2023-11-02 14:37:59 +01:00
Anders Swanson
8dd934ceed
feat: Oracle provider service account masquerade (#2817) 
* feat: Oracle provider service account masquerade

Signed-off-by: anders-swanson <anders.swanson@oracle.com>
 2023-11-02 08:34:18 +01:00
Shuhei Kitagawa
ff0ef2e6d9
Add validations for the enum values (#2819) 
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
 2023-10-30 13:30:04 +01:00
Moritz Johner
868c8ad2f1
chore: test e2e-managed & fixup docs (#2818) 
* fix: remove dead job
* chore: mention azure managed tests

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2023-10-29 22:38:20 +01:00
Nícolas Roberto
8a60df68f7
add missing commands to the getting started guide (#2751) 
* add missing commands to the getting started guide

Update "Create your first SecretStore" and "Create your first ExternalSecret" topics to be easy to understand

Signed-off-by: Nícolas Roberto <66215835+Nicolas-Roberto@users.noreply.github.com>
Signed-off-by: nicolas.queiroz <nicolas.roberto987@gmail.com>

* change nano command to echo command

Signed-off-by: Nícolas Roberto <66215835+Nicolas-Roberto@users.noreply.github.com>
Signed-off-by: nicolas.queiroz <nicolas.roberto987@gmail.com>

* fix changes in getting started file

Signed-off-by: nicolas.queiroz <nicolas.roberto987@gmail.com>

---------

Signed-off-by: Nícolas Roberto <66215835+Nicolas-Roberto@users.noreply.github.com>
Signed-off-by: nicolas.queiroz <nicolas.roberto987@gmail.com>
Signed-off-by: Shuhei Kitagawa <shuheiktgw@users.noreply.github.com>
Co-authored-by: Shuhei Kitagawa <shuheiktgw@users.noreply.github.com>
 2023-10-29 10:49:08 +09:00
Gergely Brautigam
7fbae000d6
feat: add namespace list selector to ClusterExternalSecrets (#2803) 
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
 2023-10-25 13:58:05 +02:00
Sonny Alves Dias
0a0fd050c0
add directive to apply template on secret names (#2802) 
Signed-off-by: Sonny Alves Dias <sonny.dias@superevilmegacorp.com>
 2023-10-25 13:45:38 +02:00
Anders Swanson
b1bad77eb3
Oracle: Workload Identity authentication (#2781) 
* Oracle: Workload Identity authentication

Signed-off-by: anders-swanson <anders.swanson@oracle.com>

* Merge main

Signed-off-by: anders-swanson <anders.swanson@oracle.com>

* Cleanup go.mod

Signed-off-by: anders-swanson <anders.swanson@oracle.com>

* Lint

Signed-off-by: anders-swanson <anders.swanson@oracle.com>

* Use mutex for environment variables

Signed-off-by: anders-swanson <anders.swanson@oracle.com>

---------

Signed-off-by: anders-swanson <anders.swanson@oracle.com>
Signed-off-by: Anders Swanson <91502735+anders-swanson@users.noreply.github.com>
 2023-10-24 21:48:25 +02:00
Moritz Johner
d42ccaaf78
docs: mention auth-delegator role in vault provider (#2734) 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2023-10-13 15:50:40 +02:00
Sebastián Gómez
f5a4107b3f
Updated docum of PushSecret (#2391) 
* Updated docum of PushSecret

Closes #2242

Signed-off-by: Sebastián Gómez <sebastiangomezcorrea@gmail.com>

* Updated image and completed diagram file

Signed-off-by: Sebastián Gómez <sebastiangomezcorrea@gmail.com>

---------

Signed-off-by: Sebastián Gómez <sebastiangomezcorrea@gmail.com>
 2023-10-11 21:20:50 +02:00
Shanti G
583b919cb7
leverage IBM provider's latest API to get the secret by name (#2750) 2023-10-11 07:35:53 +03:00
Gary Hodgson
bb63bad38c
add force flag to bitwarden sync (#2742) 
Whilst implementing integration with Vaultwarden I noticed that the local vault was not being updated.  I had to add  "force=true" to the sync api call for it to work as expected.

Signed-off-by: Gary Hodgson <gary.s.hodgson@gmail.com>
 2023-09-29 12:41:03 +02:00
Florent Viel
24f1a093e5
Scaleway secret path (#2737) 
* feat: add path support for scaleway provider

Signed-off-by: Florent Viel <fviel@scaleway.com>

* feat: update scaleway testcases for path support

Signed-off-by: Florent Viel <fviel@scaleway.com>

* docs: update scaleway doc to add path support

Signed-off-by: Florent Viel <fviel@scaleway.com>

* fix: change func signature to make linter pass

Signed-off-by: Florent Viel <fviel@scaleway.com>

---------

Signed-off-by: Florent Viel <fviel@scaleway.com>
 2023-09-28 21:00:16 +02:00
Adrian Rico
5fdcba0f14
doc: add remember note for clusterLocation (#2741) 
Signed-off-by: Adrian Rico <adrian.rico@ackstorm.com>
Co-authored-by: Adrian Rico <adrian.rico@ackstorm.com>
 2023-09-28 17:16:53 +02:00
antoniolago
1b48459951
Complement full-cluster-secret-store oracle example (#2731) 
Add namespace to secretRef.privatekey and secretRef.fingerprint in oracle provider example at full-cluster-secret-store.yaml to avoid confusion like in #2727

Signed-off-by: antoniolago <45375617+antoniolago@users.noreply.github.com>
 2023-09-25 21:23:55 +02:00
Kieran Bristow
d9eaeb40dc
Conjur JWT support (#2591) 
* Add JWT Auth to Conjur Provider

Signed-off-by: Kieran Bristow <kieran.bristow@absa.africa>

* Update docs for Cyberark Conjur Provider

Signed-off-by: Kieran Bristow <kieran.bristow@absa.africa>

* Update test suite to cover new functionality

Signed-off-by: Kieran Bristow <kieran.bristow@absa.africa>

* Run make reviewable

Signed-off-by: Kieran Bristow <kieran.bristow@absa.africa>

* Set MinVersion for tls.Config to satisfy linting

Signed-off-by: Kieran Bristow <kieran.bristow@absa.africa>

* Move ca bundle config example to a yaml snippet

Signed-off-by: Kieran Bristow <kieran.bristow@absa.africa>

* fix: consolidate naming

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* fix: consolidate naming

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* docs: make it a working example

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* Remove JWT expiration handling logic

Signed-off-by: Kieran Bristow <kieran.bristow@absa.africa>

* Run make fmt

Signed-off-by: Kieran Bristow <kieran.bristow@absa.africa>

---------

Signed-off-by: Kieran Bristow <kieran.bristow@absa.africa>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
 2023-09-25 10:05:17 +02:00
Moritz Johner
e56c9867f0
chore: bump version (#2725) 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2023-09-21 23:29:11 +02:00
rteeling
ddae00dd6d
Documentation: callout templating escapes for helm users (#2704) 
* callout templating escapes for helm users

Signed-off-by: rteeling <rteeling@users.noreply.github.com>

* quote the snippet file

Signed-off-by: rteeling <rteeling@users.noreply.github.com>

---------

Signed-off-by: rteeling <rteeling@users.noreply.github.com>
Co-authored-by: rteeling <rteeling@users.noreply.github.com>
 2023-09-20 21:20:14 +02:00
Joey Stout
c757319a09
docs(docs/snippets/gitops/deployment.yaml): updated the example doc to show 0.9.4 (#2715) 
Signed-off-by: apollorion <joey@apollorion.com>
 2023-09-20 00:00:19 +02:00
Joan Miquel Luque
bb26bf8ff3
Improve Hashicorp Vault PushSecret documentation (#2679) 
Signed-off-by: Joan Miquel Luque Oliver <joan.luque@dynatrace.com>
 2023-09-08 00:30:15 +02:00
Moritz Johner
2dcc360941
chore: bump kubernetes support version (#2659) 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2023-08-29 00:17:10 +02:00
Shuhei Kitagawa
005fb4d123
Report not ready when no namespace matches (#2582) 
* Report not ready when no namespace matches

Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>

* Fix flaky a test

Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>

* Simplify ClusterExternalSecret status

Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>

---------

Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
 2023-08-28 12:03:57 +02:00
Alexandre Gaudreault
21928a45b9
fix(externalsecret): infinite reconcile loop with Merge secret (#2525) 
* fix(externalsecret): infinite reconcile loop with Merge secret

Signed-off-by: Alexandre Gaudreault <alexandre.gaudreault@logmein.com>

* code review

Signed-off-by: Alexandre Gaudreault <alexandre.gaudreault@logmein.com>

* lint

Signed-off-by: Alexandre Gaudreault <alexandre.gaudreault@logmein.com>

* add unit tests

Signed-off-by: Alexandre Gaudreault <alexandre.gaudreault@logmein.com>

* lint

Signed-off-by: Alexandre Gaudreault <alexandre.gaudreault@logmein.com>

* Use objectHash instead of value

Signed-off-by: Alexandre Gaudreault <alexandre.gaudreault@logmein.com>

---------

Signed-off-by: Alexandre Gaudreault <alexandre.gaudreault@logmein.com>
 2023-08-28 11:46:38 +02:00
Andrea Stacchiotti
b50415edf0
Introduce RetrySettings support for Hashicorp Vault (#2528) 
* Ensure use of BuildKit in the Docker builds

The builds rely on `TARGETOS` and `TARGETARCH` being set, which is
automatically accomplished by the new builder.

Add the explicit envvar selector in the Makefile, until most users
update to docker 23+.

Signed-off-by: Andrea Stacchiotti <andreastacchiotti@gmail.com>

* Update docker build command in developer guide

Signed-off-by: Andrea Stacchiotti <andreastacchiotti@gmail.com>

* Introduce RetrySettings support for Hashicorp Vault

Leave default retries to 0 (not the default of the vault sdk of 2),
as this was decided in abec2a64cc .

Signed-off-by: Andrea Stacchiotti <andreastacchiotti@gmail.com>

---------

Signed-off-by: Andrea Stacchiotti <andreastacchiotti@gmail.com>
 2023-08-28 11:45:27 +02:00
Shuhei Kitagawa
d5271d0dab
Delete old ClusterExternalSecrets when name changed (#2601) 
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
 2023-08-25 20:44:01 +02:00
Alexander Schaber
0896105349
docs: add AWS IAM policy for usage with PushSecret (#2653) 
Signed-off-by: Alexander Schaber <a.schaber@cuegee.com>
 2023-08-24 20:45:06 +02:00
Moritz Johner
0334c2801c
fix: template funcs need to be wrapped in raw block (#2642) 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2023-08-23 11:08:40 +02:00
Laszlo Fogas
95bb5f9345
Using Bitwarden notes for multiline secrets (#2635) 
* Using Bitwarden notes for multiline secrets

Signed-off-by: Laszlo Fogas <laszlo@gimlet.io>

* Update docs/snippets/bitwarden-secret.yaml

Signed-off-by: Moritz Johner <moolen@users.noreply.github.com>

---------

Signed-off-by: Laszlo Fogas <laszlo@gimlet.io>
Signed-off-by: Moritz Johner <moolen@users.noreply.github.com>
Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
 2023-08-23 11:07:22 +02:00
Layer8Err
81c88209cf
Update common-k8s-secret-types.md (#2624) 
Add example for templating dockerconfigjson given:
* container registry name
* container registry host (e.g. ghcr.io)
* container registry password

Signed-off-by: Layer8Err <dwight.brenner@gmail.com>
 2023-08-23 10:04:47 +02:00
nikkie
a7d5bb56bf
docs: Fix (#2627) 
remove redundant pipe(`|`)

Signed-off-by: nikkie <takuyafjp+develop@gmail.com>
Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
 2023-08-23 09:45:20 +02:00
rakuge
11ef9667c7
updating refreshTime and adding lastTransitionTime in doc FAQ (#2640) 
Signed-off-by: rakuge <101624788+rakrueger@users.noreply.github.com>
 2023-08-23 07:44:20 +09:00
Shanti G
bccb12c8ff
handle special case for imported cert secret type (#2629) 
Signed-off-by: shanti.gundumalla@ibm.com <shanti.gundumalla@ibm.com>
Co-authored-by: shanti.gundumalla@ibm.com <shanti.gundumalla@ibm.com>
 2023-08-21 11:07:59 +03:00
Shuhei Kitagawa
2566798d08
Update the devguide (#2588) 
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
 2023-08-15 05:05:37 -03:00
Edvin N
bb68e04407
Fix grafana dashboard $datasource (#2594) 
Signed-off-by: Edvin Norling <edvin.norling@kognic.com>
 2023-08-14 21:08:57 -03:00
Moritz Johner
c327ca5685
docs: update release process (#2570) 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2023-08-03 07:18:58 +00:00
Ian Purton
0321657a69
Integrate Cloak Secrets (#2108) 
* Integrate Cloak Secrets

Signed-off-by: Ian Purton <ian.purton@gmail.com>

* Fix link

Signed-off-by: Ian Purton <36966+ianpurton@users.noreply.github.com>

---------

Signed-off-by: Ian Purton <ian.purton@gmail.com>
Signed-off-by: Ian Purton <36966+ianpurton@users.noreply.github.com>
 2023-08-03 08:54:45 +02:00
Martin Schuessler
f777a85156
added userPass authentication to the hashicorp vault provider (#2539) 
Signed-off-by: Martin Schuessler <1407812+c0ffee@users.noreply.github.com>
Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
 2023-08-01 14:16:19 +02:00
Evan
f44ef56646
IBM Provider: Fix documentation templating errors (#2564) 
* Move examples added in 3ab04767a5 to a snippet so they do not conflict with the mkdocs-macros plugin

Signed-off-by: Evan Bluhm <embluhm@uw.edu>
 2023-07-31 22:43:50 +02:00