mirror of
https://github.com/external-secrets/external-secrets.git
synced 2024-12-15 17:51:01 +00:00
9ff2354213
* fix: introducing support for conversion strategy for PushSecret. Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com> * fix: unit tests code quality. Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com> --------- Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>
37 lines
1.4 KiB
YAML
37 lines
1.4 KiB
YAML
{% raw %}
|
|
apiVersion: external-secrets.io/v1alpha1
|
|
kind: PushSecret
|
|
metadata:
|
|
name: pushsecret-example # Customisable
|
|
namespace: default # Same of the SecretStores
|
|
spec:
|
|
updatePolicy: Replace # Policy to overwrite existing secrets in the provider on sync
|
|
deletionPolicy: Delete # the provider' secret will be deleted if the PushSecret is deleted
|
|
refreshInterval: 10s # Refresh interval for which push secret will reconcile
|
|
secretStoreRefs: # A list of secret stores to push secrets to
|
|
- name: aws-parameterstore
|
|
kind: SecretStore
|
|
selector:
|
|
secret:
|
|
name: pokedex-credentials # Source Kubernetes secret to be pushed
|
|
template:
|
|
metadata:
|
|
annotations: { }
|
|
labels: { }
|
|
data:
|
|
best-pokemon: "{{ .best-pokemon | toString | upper }} is the really best!"
|
|
# Uses an existing template from configmap
|
|
# Secret is fetched, merged and templated within the referenced configMap data
|
|
# It does not update the configmap, it creates a secret with: data["alertmanager.yml"] = ...result...
|
|
templateFrom:
|
|
- configMap:
|
|
name: application-config-tmpl
|
|
items:
|
|
- key: config.yml
|
|
data:
|
|
- conversionStrategy: None # Also supports the ReverseUnicode strategy
|
|
match:
|
|
secretKey: best-pokemon # Source Kubernetes secret key to be pushed
|
|
remoteRef:
|
|
remoteKey: my-first-parameter # Remote reference (where the secret is going to be pushed)
|
|
{% endraw %}
|