mirrors/external-secrets
1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
Code Activity
external-secrets/docs/guides/templating-v1.md
Moritz Johner 3d3edcc8af
feat: add support matrix, refactor docs (#1508) 
Signed-off-by: Moritz Johner <Moritz.Johner@form3.tech>
2022-09-01 09:53:22 +02:00

4.1 KiB
Raw Blame History

Advanced Templating v1

!!! warning

Templating Engine v1 is **deprecated** and will be removed in the future. Please migrate to engine v2 and take a look at our [upgrade guide](templating.md#migrating-from-v1) for changes.

With External Secrets Operator you can transform the data from the external secret provider before it is stored as Kind=Secret. You can do this with the Spec.Target.Template. Each data value is interpreted as a golang template.

Examples

You can use templates to inject your secrets into a configuration file that you mount into your pod:

{% include 'multiline-template-v1-external-secret.yaml' %}

You can also use pre-defined functions to extract data from your secrets. Here: extract key/cert from a pkcs12 archive and store it as PEM.

{% include 'pkcs12-template-v1-external-secret.yaml' %}

TemplateFrom

You do not have to define your templates inline in an ExternalSecret but you can pull ConfigMaps or other Secrets that contain a template. Consider the following example:

{% include 'template-v1-from-secret.yaml' %}

Helper functions

We provide a bunch of convenience functions that help you transform your secrets. A secret value is a []byte.

Function Description Input Output
pkcs12key extracts the private key from a pkcs12 archive []byte []byte
pkcs12keyPass extracts the private key from a pkcs12 archive using the provided password password string, data []byte []byte
pkcs12cert extracts the certificate from a pkcs12 archive []byte []byte
pkcs12certPass extracts the certificate from a pkcs12 archive using the provided password password string, data []byte []byte
pemPrivateKey PEM encodes the provided bytes as private key []byte string
pemCertificate PEM encodes the provided bytes as certificate []byte string
jwkPublicKeyPem takes an json-serialized JWK as []byte and returns an PEM block of type PUBLIC KEY that contains the public key (see here) for details []byte string
jwkPrivateKeyPem takes an json-serialized JWK as []byte and returns an PEM block of type PRIVATE KEY that contains the private key in PKCS #8 format (see here) for details []byte string
base64decode decodes the provided bytes as base64 []byte []byte
base64encode encodes the provided bytes as base64 []byte []byte
fromJSON parses the bytes as JSON so you can access individual properties []byte interface{}
toJSON encodes the provided object as json string interface{} string
toString converts bytes to string []byte string
toBytes converts string to bytes string []byte
upper converts all characters to their upper case string string
lower converts all character to their lower case string string