* Fixed Keeper Security custom record type name in docs
Signed-off-by: Ivan Dimov <78815270+idimov-keeper@users.noreply.github.com>
* Fixed Keeper records lookup in PushSecret
Signed-off-by: Ivan Dimov <78815270+idimov-keeper@users.noreply.github.com>
* Improved Keeper record lookup to search only for records of the expected type
Improved PushSecret and DeleteSecret
Fixed "nil pointer dereference" errors
Signed-off-by: Ivan Dimov <78815270+idimov-keeper@users.noreply.github.com>
* Fixed tests
Signed-off-by: Ivan Dimov <78815270+idimov-keeper@users.noreply.github.com>
* chore(helm): Add extra labels to the validating webhooks (#4074)
It should add a bunch of app.kubernetes.io labels
Signed-off-by: Miguel Sacristán Izcue <miguel_tete17@hotmail.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Signed-off-by: Ivan Dimov <78815270+idimov-keeper@users.noreply.github.com>
* Added tests for secrets with multiple matches
Signed-off-by: Ivan Dimov <78815270+idimov-keeper@users.noreply.github.com>
---------
Signed-off-by: Ivan Dimov <78815270+idimov-keeper@users.noreply.github.com>
Signed-off-by: Miguel Sacristán Izcue <miguel_tete17@hotmail.com>
Co-authored-by: Tete17 <miguel_tete17@hotmail.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
The old example used a `refreshInterval` value of 12h for the ACR access token. This change reduces that to 3h instead, since that is the expiration time for Service Principal authentication tokens:
https://learn.microsoft.com/en-us/azure/container-registry/container-registry-authentication?tabs=azure-cli#service-principal
Service principals are not the only way to authenticate towards ACR. In fact, two other ways (`managedIdentity` and `workloadIdentity`) are also outlined in the docs. I was unable to find any documentation in Azure for the default expiration time for those tokens, so as far as I know it is always 3 hours. Thus I think we should reflect this in our examples.
Signed-off-by: Andreas Lindhé <7773090+lindhe@users.noreply.github.com>
* feat: add AWS STS Session token generator
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* version update for the generated CRD
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
---------
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* chore: upgrade beyondtrust go client library
Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>
* fix: fix attribute name in secret store file and push go.sum file
Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>
* fix: run go mod tidy and push changes
Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>
---------
Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>
This removes the need for an intermediary Kind=ExternalSecret and
Kind=Secret when using a generator.
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* Added Previder Vault Provider and tests
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
* Set go version back to 1.23
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
* Updates after "make reviewable"
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
* Fixed methods to naming convention
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
* Added Previder to stability support doc
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
* Added installation documentation and Previder logo
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
* Altered last test name for naming convention
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
* Adds Previder provider to api-docs/mkdocs.yml
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
* Ran make check-diff
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
* Updated Tiltfile to check for new default image used in helm chart
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
* Added optional tag to PreviderAuth struct
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
* Removed toolchain
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
* Updated to go 1.23.1 for CVE; Updated previder/vault-cli to 0.1.2 for CVE fix also
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
---------
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
Signed-off-by: Gijs Middelkamp <17021438+gkwmiddelkamp@users.noreply.github.com>
* feat(generator/uuid): initial version
Signed-off-by: Alexander Schaber <a.schaber@cuegee.com>
* fix(generator/uuid): rename symbols in compliance with lint
Signed-off-by: Alexander Schaber <a.schaber@cuegee.com>
* fix(generator/uuid): rename unused vars to `_` to fix lint
Signed-off-by: Alexander Schaber <a.schaber@cuegee.com>
* docs(generator/uuid): initial documentation for uuid generator
Signed-off-by: Alexander Schaber <a.schaber@cuegee.com>
---------
Signed-off-by: Alexander Schaber <a.schaber@cuegee.com>
* fix: bitwarden API url to point to the correct default location
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* explicitly remove trailing slashes to prevent not found error
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
---------
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* Use Conjur API's built in JWT functions
Signed-off-by: Shlomo Heigh <shlomo.heigh@cyberark.com>
* docs: clarify that all Conjur types are supported
Signed-off-by: Shlomo Heigh <shlomo.heigh@cyberark.com>
* docs: add link to Conjur blog post
Signed-off-by: Shlomo Heigh <shlomo.heigh@cyberark.com>
---------
Signed-off-by: Shlomo Heigh <shlomo.heigh@cyberark.com>
* feat: add CAProvider to bitwarden
This change introduces a refactor as well since CAProvider
was used by multiple providers with diverging implementations.
The following providers were affected:
- webhook
- akeyless
- vault
- conjur
- kubernetes
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* refactored the Kubernetes provider to use create ca
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* refactor webhook, vault and kubernetes provider
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* rename CreateCACert to FetchCACertFromSource
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* addressed comments and autodecoding base64 data
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* check if the decoded value is a valid certificate
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
---------
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* feat: add prefix definition to all secret keys for aws parameter store
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* added a push secret test to verify called parameter has a prefix
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
---------
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
