mirrors/external-secrets
1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
Code Activity
external-secrets/docs/provider/doppler.md
Joel Watson 6a32b982f0
Add lower-kebab name transformer to Doppler provider (#2418) 
Signed-off-by: Joel Watson <joel.watson@doppler.com>
2023-06-15 08:16:21 +02:00

136 lines
3.3 KiB
Markdown
Raw Blame History

![Doppler External Secrets Provider](../pictures/doppler-provider-header.jpg)
## Doppler SecretOps Platform
Sync secrets from the [Doppler SecretOps Platform](https://www.doppler.com/) to Kubernetes using the External Secrets Operator.
## Authentication
Doppler [Service Tokens](https://docs.doppler.com/docs/service-tokens) are recommended as they restrict access to a single config.
![Doppler Service Token](../pictures/doppler-service-tokens.png)
> NOTE: Doppler Personal Tokens are also supported but require `project` and `config` to be set on the `SecretStore` or `ClusterSecretStore`.
Create the Doppler Token secret by opening the Doppler dashboard and navigating to the desired Project and Config, then create a new Service Token from the **Access** tab:
![Create Doppler Service Token](../pictures/doppler-create-service-token.jpg)
Create the Doppler Token Kubernetes secret with your Service Token value:
```sh
HISTIGNORE='*kubectl*' kubectl create secret generic \
doppler-token-auth-api \
--from-literal dopplerToken="dp.st.xxxx"
```
Then to create a generic `SecretStore`:
```yaml
{% include 'doppler-generic-secret-store.yaml' %}
```
> **NOTE:** In case of a `ClusterSecretStore`, be sure to set `namespace` in `secretRef.dopplerToken`.
## Use Cases
The Doppler provider allows for a wide range of use cases:
1. [Fetch](#1-fetch)
2. [Fetch all](#2-fetch-all)
3. [Filter](#3-filter)
4. [JSON secret](#4-json-secret)
5. [Name transformer](#5-name-transformer)
6. [Download](#6-download)
Let's explore each use case using a fictional `auth-api` Doppler project.
## 1. Fetch
To sync one or more individual secrets:
``` yaml
{% include 'doppler-fetch-secret.yaml' %}
```
![Doppler fetch](../pictures/doppler-fetch.png)
## 2. Fetch all
To sync every secret from a config:
``` yaml
{% include 'doppler-fetch-all-secrets.yaml' %}
```
![Doppler fetch all](../pictures/doppler-fetch-all.png)
## 3. Filter
To filter secrets by `path` (path prefix), `name` (regular expression) or a combination of both:
``` yaml
{% include 'doppler-filtered-secrets.yaml' %}
```
![Doppler filter](../pictures/doppler-filter.png)
## 4. JSON secret
To parse a JSON secret to its key-value pairs:
``` yaml
{% include 'doppler-parse-json-secret.yaml' %}
```
![Doppler JSON Secret](../pictures/doppler-json.png)
## 5. Name transformer
Name transformers format keys from Doppler's UPPER_SNAKE_CASE to one of the following alternatives:
- upper-camel
- camel
- lower-snake
- tf-var
- dotnet-env
- lower-kebab
Name transformers require a specifically configured `SecretStore`:
```yaml
{% include 'doppler-name-transformer-secret-store.yaml' %}
```
Then an `ExternalSecret` referencing the `SecretStore`:
```yaml
{% include 'doppler-name-transformer-external-secret.yaml' %}
```
![Doppler name transformer](../pictures/doppler-name-transformer.png)
### 6. Download
A single `DOPPLER_SECRETS_FILE` key is set where the value is the secrets downloaded in one of the following formats:
- json
- dotnet-json
- env
- env-no-quotes
- yaml
Downloading secrets requires a specifically configured `SecretStore`:
```yaml
{% include 'doppler-secrets-download-secret-store.yaml' %}
```
Then an `ExternalSecret` referencing the `SecretStore`:
```yaml
{% include 'doppler-secrets-download-external-secret.yaml' %}
```
![Doppler download](../pictures/doppler-download.png)
View git blame Copy permalink