mirror of
https://github.com/external-secrets/external-secrets.git
synced 2024-12-15 17:51:01 +00:00
7602995a1c
* ADD extract support for sdkms provider Signed-off-by: Recuenco, David <david.recuenco@adidas-group.com> * Apply suggestions from code review Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Signed-off-by: David Recuenco <david.recuencogadea+github@gmail.com> --------- Signed-off-by: Recuenco, David <david.recuenco@adidas-group.com> Signed-off-by: David Recuenco <david.recuencogadea+github@gmail.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
1.5 KiB
1.5 KiB
Fortanix DSM / SDKMS
Populate kubernetes secrets from OPAQUE or SECRET security objects in Fortanix.
Authentication
SDKMS Application API Key
Creating a SecretStore
apiVersion: external-secrets.io/v1beta1
kind: SecretStore
metadata:
name: secret-store
spec:
provider:
fortanix:
apiUrl: <HOST_OF_SDKMS_API>
apiKey:
secretRef:
name: <NAME_OF_KUBE_SECRET>
key: <KEY_IN_KUBE_SECRET>
Referencing Secrets
# Raw stored value
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: secret
spec:
refreshInterval: 1h
secretStoreRef:
kind: SecretStore
name: secret-store
data:
- secretKey: <KEY_IN_KUBE_SECRET>
remoteRef:
key: <SDKMS_SECURITY_OBJECT_NAME>
---
# From stored key-value JSON
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: secret-from-property
spec:
refreshInterval: 1h
secretStoreRef:
kind: SecretStore
name: secret-store
data:
- secretKey: <KEY_IN_KUBE_SECRET>
remoteRef:
key: <SDKMS_SECURITY_OBJECT_NAME>
property: <SECURITY_OBJECT_VALUE_INNER_PROPERTY>
---
# Extract all keys from stored key-value JSON
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: secret-from-extract
spec:
refreshInterval: 1h
secretStoreRef:
kind: SecretStore
name: secret-store
dataFrom:
- extract:
key: <SDKMS_SECURITY_OBJECT_NAME>