1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
External Secrets Operator reads information from a third-party service like AWS Secrets Manager and automatically injects the values as Kubernetes Secrets.
Find a file
2021-06-22 12:08:25 +02:00
.github fix: no need to export secret 2021-06-22 12:08:25 +02:00
apis Rebase on master, and rework unit tests 2021-06-02 17:14:58 +02:00
assets Tidy image 2021-02-10 15:29:46 +01:00
deploy Release 0.2.0 2021-06-09 18:28:00 +02:00
design docs: Fix documentation for externalsecret dataFrom 2021-05-28 16:12:12 +02:00
docs add README docs and yaml snippets for azure keyvault provider 2021-06-08 17:48:46 +02:00
e2e add deleteGCPSecretsManagerSecret for GCP test 2021-06-18 12:09:22 +02:00
hack Bump versions to make analytics work 2021-06-15 11:23:05 +02:00
pkg test: Add e2e initial test for gcp 2021-06-18 12:09:22 +02:00
.editorconfig cleanup: add lint and editorconfig 2020-12-21 14:38:48 -05:00
.gitignore chore: refactor parameterstore unit test (#164) 2021-05-28 07:17:54 +02:00
.golangci.yaml Draft: feat: implement template (#69) 2021-04-23 08:22:23 +02:00
changelog.json feat: helm release workflow 2021-05-03 22:12:39 +02:00
CNAME Create CNAME 2021-03-05 18:26:07 +01:00
Dockerfile chore(deps): bump alpine from 3.13 to 3.14.0 2021-06-21 08:04:35 +00:00
go.mod Avoid using Env variables for authorization , fix lint errors 2021-06-07 10:54:50 +02:00
go.sum add deleteGCPSecretsManagerSecret for GCP test 2021-06-18 12:09:22 +02:00
LICENSE initial commit 2020-11-19 16:34:16 +01:00
main.go Cleanup and remove kustomize manifests in favor of Helm chart 2021-04-08 13:56:11 -05:00
Makefile ci: add helm.docs target to helm generate 2021-05-27 13:36:08 -05:00
PROJECT convert to multi-api 2020-12-29 12:25:08 -05:00
README.md Update Azure kv link 2021-06-09 10:29:42 +02:00
RELEASE.md feat: helm release workflow 2021-05-03 22:12:39 +02:00
SECURITY.md feat: security policy & dependabot (#60) 2021-03-17 08:32:32 +01:00
tools.go Cleanup and remove kustomize manifests in favor of Helm chart 2021-04-08 13:56:11 -05:00

External Secrets


The External Secrets Operator reads information from a third party service like AWS Secrets Manager and automatically injects the values as Kubernetes Secrets.

Multiple people and organizations are joining efforts to create a single External Secrets solution based on existing projects. If you are curious about the origins of this project, check out this issue and this PR.

Supported Backends

ESO installation with an AWS example

If you want to use Helm:

helm repo add external-secrets https://charts.external-secrets.io

helm install external-secrets \
   external-secrets/external-secrets \
    -n external-secrets \
    --create-namespace \
  # --set installCRDs=true

If you want to run it locally against the active Kubernetes cluster context:

git clone https://github.com/external-secrets/external-secrets.git
make crds.install
make run

Create a secret containing your AWS credentials:

echo -n 'KEYID' > ./access-key
echo -n 'SECRETKEY' > ./secret-access-key
kubectl create secret generic awssm-secret --from-file=./access-key  --from-file=./secret-access-key

Create a secret inside AWS Secret Manager with name my-json-secret with the following data:

{
  "name": {"first": "Tom", "last": "Anderson"},
  "friends": [
    {"first": "Dale", "last": "Murphy"},
    {"first": "Roger", "last": "Craig"},
    {"first": "Jane", "last": "Murphy"}
  ]
}

Apply the sample resources (omitting role and controller keys here, you should not omit them in production):

# secretstore.yaml
apiVersion: external-secrets.io/v1alpha1
kind: SecretStore
metadata:
  name: secretstore-sample
spec:
  provider:
    aws:
      service: SecretsManager
      region: us-east-2
      auth:
        secretRef:
          accessKeyIDSecretRef:
            name: awssm-secret
            key: access-key
          secretAccessKeySecretRef:
            name: awssm-secret
            key: secret-access-key
# externalsecret.yaml
apiVersion: external-secrets.io/v1alpha1
kind: ExternalSecret
metadata:
  name: example
spec:
  refreshInterval: 1m
  secretStoreRef:
    name: secretstore-sample
    kind: SecretStore
  target:
    name: secret-to-be-created
    creationPolicy: Owner
  data:
  - secretKey: firstname
    remoteRef:
      key: my-json-secret
      property: name.first # Tom
  - secretKey: first_friend
    remoteRef:
      key: my-json-secret
      property: friends.1.first # Roger
kubectl apply -f secretstore.yaml
kubectl apply -f externalsecret.yaml

Running kubectl get secret secret-to-be-created should return a new secret created by the operator.

You can get one of its values with jsonpath (This should return Roger):

kubectl get secret secret-to-be-created   -o jsonpath='{.data.first_friend}' | base64 -d

We will add more documentation once we have the implementation for the different providers. You can find some here: https://external-secrets.io

Stability and Support Level

Internally maintained:

Provider Stability Contact
AWS SM alpha ESO Org
AWS PS alpha ESO Org
Hashicorp Vault alpha ESO Org
GCP SM alpha ESO Org

Community maintained:

Provider Stability Contact
Azure KV alpha @ahmedmus-1A @asnowfix @ncourbet-1A @1A-mj

Support

You can use GitHub's issues to report bugs/suggest features or use GitHub's discussions to ask for help and figure out problems.

Even though we have active maintainers and people assigned to this project, we kindly ask for patience when asking for support. We will try to get to priority issues as fast as possible, but there may be some delays.

Contributing

We welcome and encourage contributions to this project! Please read the Developer and Contribution process guides. Also make sure to check the Code of Conduct and adhere to its guidelines.

Kicked off by