mirror of
https://github.com/external-secrets/external-secrets.git
synced 2024-12-14 11:57:59 +00:00
0321657a69
* Integrate Cloak Secrets Signed-off-by: Ian Purton <ian.purton@gmail.com> * Fix link Signed-off-by: Ian Purton <36966+ianpurton@users.noreply.github.com> --------- Signed-off-by: Ian Purton <ian.purton@gmail.com> Signed-off-by: Ian Purton <36966+ianpurton@users.noreply.github.com>
1.4 KiB
1.4 KiB
Cloak
Sync secrets from the Cloak Encrypted Secrets Platform to Kubernetes using the External Secrets Operator.
Cloak uses the webhook provider built into the External Secrets Operator but also required a proxy service to handle decrypting secrets when they arrive into your cluster.
Key Setup
From the Cloak user interface create a service account and store the private key on your file system.
Now create a kubernetes secret in the same namespace as the External Secrets Operator.
HISTIGNORE='*kubectl*' kubectl --namespace=external-secrets \
create secret generic cloak-key \
--from-file=ecdh_private_key=$LOCATION_OF_YOUR_PEM_FILE
Deploy the decryption proxy
{% include 'cloak-proxy-deployment.yaml' %}
And a Kubernetes Service so External Secrets Operator can access the proxy.
{% include 'cloak-proxy-service.yaml' %}
Create a secret store
You can now place the configuration in any Kubernetes Namespace.
{% include 'cloak-secret-store.yaml' %}
Connect a secret to the provider
Each secretKey reference in the yaml should point to the name of the secret as it is stored in Cloak.
{% include 'cloak-external-secret.yaml' %}