1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
external-secrets/docs/provider-akeyless.md
Gustavo Carvalho 696a9e9c92 Adding notes on configuring ClusterSecretStores for every provider
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
2022-02-03 08:39:46 -03:00

2.7 KiB

Akeyless Vault

External Secrets Operator integrates with Akeyless API.

Authentication

The API requires an access-id, access-type and access-Type-param.

The supported auth-methods and their params are:

accessType accessTypeParam
api_key The access key.
k8s The k8s configuration name
aws_iam -
gcp The gcp audience
azure_ad azure object id (optional)

form more information about Akeyless Authentication Methods

Akeless credentials secret

Create a secret containing your credentials:

apiVersion: v1
kind: Secret
metadata:
  name: akeylss-secret-creds
type: Opaque
stringData:
  accessId: "p-XXXX"
  accessType:  # k8s/aws_iam/gcp/azure_ad/api_key
  accessTypeParam:  # can be one of the following: k8s-conf-name/gcp-audience/azure-obj-id/access-key

Update secret store

Be sure the akeyless provider is listed in the Kind=SecretStore and the akeylessGWApiURL is set (def: "https://api.akeless.io".

{% include 'akeyless-secret-store.yaml' %}

NOTE: In case of a ClusterSecretStore, Be sure to provide namespace for accessID, accessType and accessTypeParam with the namespaces where the secrets reside.

Creating external secret

To get a secret from Akeyless and secret it on the Kubernetes cluster, a Kind=ExternalSecret is needed.

{% include 'akeyless-external-secret.yaml' %}

Using DataFrom

DataFrom can be used to get a secret as a JSON string and attempt to parse it.

{% include 'akeyless-external-secret-json.yaml' %}

Getting the Kubernetes secret

The operator will fetch the secret and inject it as a Kind=Secret.

kubectl get secret akeyless-secret-to-create -o jsonpath='{.data.secretKey}' | base64 -d
kubectl get secret akeyless-secret-to-create-json -o jsonpath='{.data}'