1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
external-secrets/docs/guides/generator.md
Moritz Johner dabfa5a589
Feature: initial generator implementation + Github Actions OIDC/AWS (#1539)
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
2022-10-29 20:15:50 +02:00

1.2 KiB

Generators allow you to generate values. They are used through a ExternalSecret spec.DataFrom. They are referenced from a custom resource using sourceRef.generatorRef.

If the External Secret should be refreshed via spec.refreshInterval the generator produces a map of values with the generator.spec as input. The generator does not keep track of the produced values. Every invocation produces a new set of values.

These values can be used with the other features like rewrite or template. I.e. you can modify, encode, decode, pack the values as needed.

Reference Custom Resource

Generators can be defined as a custom resource and re-used across different ExternalSecrets. Every invocation creates a new set of values. I.e. you can not share the same value produced by a generator across different ExternalSecrets or spec.dataFrom[] entries.

apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: "ecr-token"
spec:
  refreshInterval: "30m"
  target:
    name: ecr-token
  dataFrom:
  - sourceRef:
      generatorRef:
        apiVersion: generators.external-secrets.io/v1alpha1
        kind: ECRAuthorizationToken
        name: "my-ecr"