* 2963 - removed duplicated annotations
Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>
* 2963 - updated documentation to use kv secret types with v1beta1 apiVersion
Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>
* 2963 - minor yaml corrections
Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>
* added some example for v2 literal templating (#3007)
Signed-off-by: Robert Paschedag <robert.paschedag@sap.com>
Co-authored-by: Robert Paschedag <robert.paschedag@sap.com>
Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>
---------
Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>
Signed-off-by: Robert Paschedag <robert.paschedag@sap.com>
Co-authored-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>
Co-authored-by: Robert Paschedag <robert.paschedag@web.de>
Co-authored-by: Robert Paschedag <robert.paschedag@sap.com>
* feat: add templating to PushSecret
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* adding unit tests around templating basic concepts and verifying output
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* extracting some of the common functions of the parser
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* remove some more duplication
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* removed commented out code segment
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* added documentation for templating feature
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* simplified the templating for annotations and labels
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
---------
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
The `scope` parameter used to be the ACR url foobar.azurecr.io, but
this stopped working. Turns out that you need to use the management
endpoint as `scope` in order to authenticate with ACR.
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* Docs - add note clarifying how to use filterpem for future readers
Signed-off-by: arnoldrw <arnold.rw@pg.com>
* Update docs/guides/templating.md
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Signed-off-by: Ryan Arnold <51235300+arnoldrw@users.noreply.github.com>
---------
Signed-off-by: arnoldrw <arnold.rw@pg.com>
Signed-off-by: Ryan Arnold <51235300+arnoldrw@users.noreply.github.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* docs: Recommend use of Workload Identity for Azure Key Vault
Mentions AAD Pod Identity is deprecated and updates overview
of supported authentication modes for Azure Key Vault.
This removes "should use aad-pod-identity" wording, see
https://github.com/external-secrets/external-secrets/discussions/2901
Signed-off-by: Mateusz Łoskot <mateusz@loskot.net>
* docs: Fix missing link to Multi-Tenancy Guide
Signed-off-by: Mateusz Łoskot <mateusz@loskot.net>
* docs: Fix typos
Capitalise own names.
Signed-off-by: Mateusz Łoskot <mateusz@loskot.net>
---------
Signed-off-by: Mateusz Łoskot <mateusz@loskot.net>
* feat: allow pushing the whole secret to the provider
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* add documentation about pushing a whole secret
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* disabling this feature for the rest of the providers for now
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* added scenario for update with existing property
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
---------
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
fix: deprecate sourceRef.generatorRef from .data[]
A generator is supposed to be used via .dataFrom[]. Usage in .data[]
is not implemented and doesn't make sense, see #2720.
This commit splits the SourceRef into two types:
- one that only defines a secretStoreRef
- one that allows to define either secretStoreRef or generatorRef
The former is used in .data[] and the latter is used in .dataFrom[].
The Deprecated field is going to be removed with v1.
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Whilst implementing integration with Vaultwarden I noticed that the local vault was not being updated. I had to add "force=true" to the sync api call for it to work as expected.
Signed-off-by: Gary Hodgson <gary.s.hodgson@gmail.com>
* feat: add path support for scaleway provider
Signed-off-by: Florent Viel <fviel@scaleway.com>
* feat: update scaleway testcases for path support
Signed-off-by: Florent Viel <fviel@scaleway.com>
* docs: update scaleway doc to add path support
Signed-off-by: Florent Viel <fviel@scaleway.com>
* fix: change func signature to make linter pass
Signed-off-by: Florent Viel <fviel@scaleway.com>
---------
Signed-off-by: Florent Viel <fviel@scaleway.com>
Add namespace to secretRef.privatekey and secretRef.fingerprint in oracle provider example at full-cluster-secret-store.yaml to avoid confusion like in #2727
Signed-off-by: antoniolago <45375617+antoniolago@users.noreply.github.com>
