external-secrets/docs/provider/previder.md at ac97349ee56e87d835900720d946c5d09f95c322

mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-15 17:51:01 +00:00

Gijs Middelkamp daa1297f3d

Implements Previder provider for Previder Secret Vault implementation (#3916 )

* Added Previder Vault Provider and tests

Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>

* Set go version back to 1.23

Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>

* Updates after "make reviewable"

Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>

* Fixed methods to naming convention

Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>

* Added Previder to stability support doc

Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>

* Added installation documentation and Previder logo

Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>

* Altered last test name for naming convention

Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>

* Adds Previder provider to api-docs/mkdocs.yml

Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>

* Ran make check-diff

Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>

* Updated Tiltfile to check for new default image used in helm chart

Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>

* Added optional tag to PreviderAuth struct

Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>

* Removed toolchain

Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>

* Updated to go 1.23.1 for CVE; Updated previder/vault-cli to 0.1.2 for CVE fix also

Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>

---------

Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
Signed-off-by: Gijs Middelkamp <17021438+gkwmiddelkamp@users.noreply.github.com>

2024-09-21 16:44:32 +02:00

1.6 KiB

Raw Blame History

Previder Secret Vault Manager

External Secrets Operator integrates with Previder Secrets Vault for secure secret management.

Authentication

We support Access Token authentication using a Secrets Vault ReadWrite or ReadOnly token.

This token can be created with the vault-cli using an Environment token which can be acquired via the Previder Portal.

Access Token authentication

To use the access token, first create it as a regular Kubernetes Secret and then associate it with the Previder Secret Store.

apiVersion: v1
kind: Secret
metadata:
  name: previder-vault-sample-secret
data:
  previder-vault-token: cHJldmlkZXIgdmF1bHQgZXhhbXBsZQ==

apiVersion: external-secrets.io/v1beta1
kind: SecretStore
metadata:
  name: previder-secretstore-sample
spec:
  provider:
    previder:
      auth:
        secretRef:
          accessToken:
            name: previder-vault-sample-secret
            key: previder-vault-token

Creating external secret

To create a kubernetes secret from the Previder Secret Vault, create an ExternalSecret with a reference to a Vault secret.

apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: example
spec:
  refreshInterval: 1h
  secretStoreRef:
    name: previder-secretstore-sample
    kind: SecretStore
  target:
    name: example-secret
    creationPolicy: Owner
  data:
    - secretKey: local-secret-key
      remoteRef:
        key: token-name-or-id

1.6 KiB Raw Blame History

Previder Secret Vault Manager

Authentication

Access Token authentication

Creating external secret

1.6 KiB

Raw Blame History