mirror of
https://github.com/external-secrets/external-secrets.git
synced 2024-12-14 11:57:59 +00:00
7b8fef2c18
* Enabling Vault IAM auth Signed-off-by: Gaurav Dasson <gaurav.dasson@gmail.com> * Adding spec Signed-off-by: Gaurav Dasson <gaurav.dasson@gmail.com> * Adding test cases and decoupling vault provider from aws for iam auth Signed-off-by: Gaurav Dasson <gaurav.dasson@gmail.com> * Fixing comments Signed-off-by: Gaurav Dasson <gaurav.dasson@gmail.com> * Fixing linter issues Signed-off-by: Gaurav Dasson <gaurav.dasson@gmail.com> * Fixing the check-diff errors Signed-off-by: Gaurav Dasson <gaurav.dasson@gmail.com> * Adding support for assumeRole operations when using static creds Signed-off-by: Gaurav Dasson <gdasson@Gauravs-Mac-mini.local> * Bumping the dependencies to fix the go.mod/go.sum conflicts Signed-off-by: Gaurav Dasson <gdasson@Gauravs-Mac-mini.local> * Bumping up e2e go mod files Signed-off-by: Gaurav Dasson <gaurav.dasson@gmail.com> --------- Signed-off-by: Gaurav Dasson <gaurav.dasson@gmail.com>
33 lines
No EOL
1.5 KiB
YAML
33 lines
No EOL
1.5 KiB
YAML
apiVersion: external-secrets.io/v1beta1
|
|
kind: SecretStore
|
|
metadata:
|
|
name: vault-backend-aws-iam
|
|
spec:
|
|
provider:
|
|
vault:
|
|
server: "http://my.vault.server:8200"
|
|
path: secret
|
|
version: v2
|
|
namespace: <vault_namespace>
|
|
auth:
|
|
iam:
|
|
# Path where the AWS auth method is enabled in Vault, e.g: "aws/". Defaults to aws
|
|
path: aws
|
|
# AWS Region. Defaults to us-east-1
|
|
region: us-east-1
|
|
# optional: assume role before fetching secrets
|
|
role: arn:aws:iam::1234567890:role/role-a
|
|
# Vault Role. In vault, a role describes an identity with a set of permissions, groups, or policies you want to attach a user of the secrets engine
|
|
vaultRole: vault-role-for-aws-iam-auth
|
|
# Optional. Placeholder to supply header X-Vault-AWS-IAM-Server-ID. It is an additional (optional) header used by Vault IAM auth method to mitigate against different types of replay attacks. More details here: https://developer.hashicorp.com/vault/docs/auth/aws
|
|
vaultAwsIamServerID: example-vaultAwsIamServerID
|
|
secretRef: #Use this method when you have static AWS creds.
|
|
accessKeyIDSecretRef:
|
|
name: vault-iam-creds-secret
|
|
key: access-key
|
|
secretAccessKeySecretRef:
|
|
name: vault-iam-creds-secret
|
|
key: secret-access-key
|
|
sessionTokenSecretRef:
|
|
name: vault-iam-creds-secret
|
|
key: secret-session-token |