v1beta1

package
v0.9.20 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 6, 2024 License: Apache-2.0 Imports: 17 Imported by: 20

Documentation

Overview

Package v1beta1 contains resources for external-secrets +kubebuilder:object:generate=true +groupName=external-secrets.io +versionName=v1beta1

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

View Source
const (
	// ConditionReasonSecretSynced indicates that the secrets was synced.
	ConditionReasonSecretSynced = "SecretSynced"
	// ConditionReasonSecretSyncedError indicates that there was an error syncing the secret.
	ConditionReasonSecretSyncedError = "SecretSyncedError"
	// ConditionReasonSecretDeleted indicates that the secret has been deleted.
	ConditionReasonSecretDeleted = "SecretDeleted"

	ReasonUpdateFailed = "UpdateFailed"
	ReasonDeprecated   = "ParameterDeprecated"
	ReasonCreated      = "Created"
	ReasonUpdated      = "Updated"
	ReasonDeleted      = "Deleted"
)
View Source
const (
	// AnnotationDataHash is used to ensure consistency.
	AnnotationDataHash = "reconcile.external-secrets.io/data-hash"
	// LabelOwner points to the owning ExternalSecret resource
	//  and is used to manage the lifecycle of a Secret
	LabelOwner = "reconcile.external-secrets.io/created-by"
)
View Source
const (
	Group   = "external-secrets.io"
	Version = "v1beta1"
)

Package type metadata.

View Source
const (
	SecretStoreReady SecretStoreConditionType = "Ready"

	ReasonInvalidStore          = "InvalidStoreConfiguration"
	ReasonInvalidProviderConfig = "InvalidProviderConfig"
	ReasonValidationFailed      = "ValidationFailed"
	ReasonStoreValid            = "Valid"
)

Variables

View Source
var (
	// SchemeGroupVersion is group version used to register these objects.
	SchemeGroupVersion = schema.GroupVersion{Group: Group, Version: Version}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme.
	SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion}
	AddToScheme   = SchemeBuilder.AddToScheme
)
View Source
var (
	ExtSecretKind             = reflect.TypeOf(ExternalSecret{}).Name()
	ExtSecretGroupKind        = schema.GroupKind{Group: Group, Kind: ExtSecretKind}.String()
	ExtSecretKindAPIVersion   = ExtSecretKind + "." + SchemeGroupVersion.String()
	ExtSecretGroupVersionKind = SchemeGroupVersion.WithKind(ExtSecretKind)
)

ExternalSecret type metadata.

View Source
var (
	ClusterExtSecretKind             = reflect.TypeOf(ClusterExternalSecret{}).Name()
	ClusterExtSecretGroupKind        = schema.GroupKind{Group: Group, Kind: ClusterExtSecretKind}.String()
	ClusterExtSecretKindAPIVersion   = ClusterExtSecretKind + "." + SchemeGroupVersion.String()
	ClusterExtSecretGroupVersionKind = SchemeGroupVersion.WithKind(ClusterExtSecretKind)
)

ClusterExternalSecret type metadata.

View Source
var (
	SecretStoreKind             = reflect.TypeOf(SecretStore{}).Name()
	SecretStoreGroupKind        = schema.GroupKind{Group: Group, Kind: SecretStoreKind}.String()
	SecretStoreKindAPIVersion   = SecretStoreKind + "." + SchemeGroupVersion.String()
	SecretStoreGroupVersionKind = SchemeGroupVersion.WithKind(SecretStoreKind)
)

SecretStore type metadata.

View Source
var (
	ClusterSecretStoreKind             = reflect.TypeOf(ClusterSecretStore{}).Name()
	ClusterSecretStoreGroupKind        = schema.GroupKind{Group: Group, Kind: ClusterSecretStoreKind}.String()
	ClusterSecretStoreKindAPIVersion   = ClusterSecretStoreKind + "." + SchemeGroupVersion.String()
	ClusterSecretStoreGroupVersionKind = SchemeGroupVersion.WithKind(ClusterSecretStoreKind)
)

ClusterSecretStore type metadata.

View Source
var NoSecretErr = NoSecretError{}

Functions

func ForceRegister

func ForceRegister(s Provider, storeSpec *SecretStoreProvider)

ForceRegister adds to store schema, overwriting a store if already registered. Should only be used for testing.

func Register

func Register(s Provider, storeSpec *SecretStoreProvider)

Register a store backend type. Register panics if a backend with the same store is already registered.

Types

type AWSAuth

type AWSAuth struct {
	// +optional
	SecretRef *AWSAuthSecretRef `json:"secretRef,omitempty"`
	// +optional
	JWTAuth *AWSJWTAuth `json:"jwt,omitempty"`
}

AWSAuth tells the controller how to do authentication with aws. Only one of secretRef or jwt can be specified. if none is specified the controller will load credentials using the aws sdk defaults.

func (*AWSAuth) DeepCopy

func (in *AWSAuth) DeepCopy() *AWSAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSAuth.

func (*AWSAuth) DeepCopyInto

func (in *AWSAuth) DeepCopyInto(out *AWSAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AWSAuthSecretRef

type AWSAuthSecretRef struct {
	// The AccessKeyID is used for authentication
	AccessKeyID esmeta.SecretKeySelector `json:"accessKeyIDSecretRef,omitempty"`

	// The SecretAccessKey is used for authentication
	SecretAccessKey esmeta.SecretKeySelector `json:"secretAccessKeySecretRef,omitempty"`

	// The SessionToken used for authentication
	// This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
	// see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
	// +Optional
	SessionToken *esmeta.SecretKeySelector `json:"sessionTokenSecretRef,omitempty"`
}

AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.

func (*AWSAuthSecretRef) DeepCopy

func (in *AWSAuthSecretRef) DeepCopy() *AWSAuthSecretRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSAuthSecretRef.

func (*AWSAuthSecretRef) DeepCopyInto

func (in *AWSAuthSecretRef) DeepCopyInto(out *AWSAuthSecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AWSJWTAuth

type AWSJWTAuth struct {
	ServiceAccountRef *esmeta.ServiceAccountSelector `json:"serviceAccountRef,omitempty"`
}

Authenticate against AWS using service account tokens.

func (*AWSJWTAuth) DeepCopy

func (in *AWSJWTAuth) DeepCopy() *AWSJWTAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSJWTAuth.

func (*AWSJWTAuth) DeepCopyInto

func (in *AWSJWTAuth) DeepCopyInto(out *AWSJWTAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AWSProvider

type AWSProvider struct {
	// Service defines which service should be used to fetch the secrets
	Service AWSServiceType `json:"service"`

	// Auth defines the information necessary to authenticate against AWS
	// if not set aws sdk will infer credentials from your environment
	// see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
	// +optional
	Auth AWSAuth `json:"auth,omitempty"`

	// Role is a Role ARN which the provider will assume
	// +optional
	Role string `json:"role,omitempty"`

	// AWS Region to be used for the provider
	Region string `json:"region"`

	// AdditionalRoles is a chained list of Role ARNs which the provider will sequentially assume before assuming the Role
	// +optional
	AdditionalRoles []string `json:"additionalRoles,omitempty"`

	// AWS External ID set on assumed IAM roles
	ExternalID string `json:"externalID,omitempty"`

	// AWS STS assume role session tags
	// +optional
	SessionTags []*Tag `json:"sessionTags,omitempty"`

	// SecretsManager defines how the provider behaves when interacting with AWS SecretsManager
	// +optional
	SecretsManager *SecretsManager `json:"secretsManager,omitempty"`

	// AWS STS assume role transitive session tags. Required when multiple rules are used with the provider
	// +optional
	TransitiveTagKeys []*string `json:"transitiveTagKeys,omitempty"`
}

AWSProvider configures a store to sync secrets with AWS.

func (*AWSProvider) DeepCopy

func (in *AWSProvider) DeepCopy() *AWSProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSProvider.

func (*AWSProvider) DeepCopyInto

func (in *AWSProvider) DeepCopyInto(out *AWSProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AWSServiceType

type AWSServiceType string

AWSServiceType is a enum that defines the service/API that is used to fetch the secrets. +kubebuilder:validation:Enum=SecretsManager;ParameterStore

const (
	// AWSServiceSecretsManager is the AWS SecretsManager service.
	// see: https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html
	AWSServiceSecretsManager AWSServiceType = "SecretsManager"
	// AWSServiceParameterStore is the AWS SystemsManager ParameterStore service.
	// see: https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html
	AWSServiceParameterStore AWSServiceType = "ParameterStore"
)

type AkeylessAuth

type AkeylessAuth struct {

	// Reference to a Secret that contains the details
	// to authenticate with Akeyless.
	// +optional
	SecretRef AkeylessAuthSecretRef `json:"secretRef,omitempty"`

	// Kubernetes authenticates with Akeyless by passing the ServiceAccount
	// token stored in the named Secret resource.
	// +optional
	KubernetesAuth *AkeylessKubernetesAuth `json:"kubernetesAuth,omitempty"`
}

func (*AkeylessAuth) DeepCopy

func (in *AkeylessAuth) DeepCopy() *AkeylessAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AkeylessAuth.

func (*AkeylessAuth) DeepCopyInto

func (in *AkeylessAuth) DeepCopyInto(out *AkeylessAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AkeylessAuthSecretRef

type AkeylessAuthSecretRef struct {
	// The SecretAccessID is used for authentication
	AccessID        esmeta.SecretKeySelector `json:"accessID,omitempty"`
	AccessType      esmeta.SecretKeySelector `json:"accessType,omitempty"`
	AccessTypeParam esmeta.SecretKeySelector `json:"accessTypeParam,omitempty"`
}

AkeylessAuthSecretRef AKEYLESS_ACCESS_TYPE_PARAM: AZURE_OBJ_ID OR GCP_AUDIENCE OR ACCESS_KEY OR KUB_CONFIG_NAME.

func (*AkeylessAuthSecretRef) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AkeylessAuthSecretRef.

func (*AkeylessAuthSecretRef) DeepCopyInto

func (in *AkeylessAuthSecretRef) DeepCopyInto(out *AkeylessAuthSecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AkeylessKubernetesAuth added in v0.6.0

type AkeylessKubernetesAuth struct {

	// the Akeyless Kubernetes auth-method access-id
	AccessID string `json:"accessID"`

	// Kubernetes-auth configuration name in Akeyless-Gateway
	K8sConfName string `json:"k8sConfName"`

	// Optional service account field containing the name of a kubernetes ServiceAccount.
	// If the service account is specified, the service account secret token JWT will be used
	// for authenticating with Akeyless. If the service account selector is not supplied,
	// the secretRef will be used instead.
	// +optional
	ServiceAccountRef *esmeta.ServiceAccountSelector `json:"serviceAccountRef,omitempty"`

	// Optional secret field containing a Kubernetes ServiceAccount JWT used
	// for authenticating with Akeyless. If a name is specified without a key,
	// `token` is the default. If one is not specified, the one bound to
	// the controller will be used.
	// +optional
	SecretRef *esmeta.SecretKeySelector `json:"secretRef,omitempty"`
}

Authenticate with Kubernetes ServiceAccount token stored.

func (*AkeylessKubernetesAuth) DeepCopy added in v0.6.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AkeylessKubernetesAuth.

func (*AkeylessKubernetesAuth) DeepCopyInto added in v0.6.0

func (in *AkeylessKubernetesAuth) DeepCopyInto(out *AkeylessKubernetesAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AkeylessProvider

type AkeylessProvider struct {

	// Akeyless GW API Url from which the secrets to be fetched from.
	AkeylessGWApiURL *string `json:"akeylessGWApiURL"`

	// Auth configures how the operator authenticates with Akeyless.
	Auth *AkeylessAuth `json:"authSecretRef"`

	// PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used
	// if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates
	// are used to validate the TLS connection.
	// +optional
	CABundle []byte `json:"caBundle,omitempty"`

	// The provider for the CA bundle to use to validate Akeyless Gateway certificate.
	// +optional
	CAProvider *CAProvider `json:"caProvider,omitempty"`
}

AkeylessProvider Configures an store to sync secrets using Akeyless KV.

func (*AkeylessProvider) DeepCopy

func (in *AkeylessProvider) DeepCopy() *AkeylessProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AkeylessProvider.

func (*AkeylessProvider) DeepCopyInto

func (in *AkeylessProvider) DeepCopyInto(out *AkeylessProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AlibabaAuth

type AlibabaAuth struct {
	// +optional
	SecretRef *AlibabaAuthSecretRef `json:"secretRef,omitempty"`
	// +optional
	RRSAAuth *AlibabaRRSAAuth `json:"rrsa,omitempty"`
}

AlibabaAuth contains a secretRef for credentials.

func (*AlibabaAuth) DeepCopy

func (in *AlibabaAuth) DeepCopy() *AlibabaAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AlibabaAuth.

func (*AlibabaAuth) DeepCopyInto

func (in *AlibabaAuth) DeepCopyInto(out *AlibabaAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AlibabaAuthSecretRef

type AlibabaAuthSecretRef struct {
	// The AccessKeyID is used for authentication
	AccessKeyID esmeta.SecretKeySelector `json:"accessKeyIDSecretRef"`
	// The AccessKeySecret is used for authentication
	AccessKeySecret esmeta.SecretKeySelector `json:"accessKeySecretSecretRef"`
}

AlibabaAuthSecretRef holds secret references for Alibaba credentials.

func (*AlibabaAuthSecretRef) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AlibabaAuthSecretRef.

func (*AlibabaAuthSecretRef) DeepCopyInto

func (in *AlibabaAuthSecretRef) DeepCopyInto(out *AlibabaAuthSecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AlibabaProvider

type AlibabaProvider struct {
	Auth AlibabaAuth `json:"auth"`
	// Alibaba Region to be used for the provider
	RegionID string `json:"regionID"`
}

AlibabaProvider configures a store to sync secrets using the Alibaba Secret Manager provider.

func (*AlibabaProvider) DeepCopy

func (in *AlibabaProvider) DeepCopy() *AlibabaProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AlibabaProvider.

func (*AlibabaProvider) DeepCopyInto

func (in *AlibabaProvider) DeepCopyInto(out *AlibabaProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AlibabaRRSAAuth added in v0.7.3

type AlibabaRRSAAuth struct {
	OIDCProviderARN   string `json:"oidcProviderArn"`
	OIDCTokenFilePath string `json:"oidcTokenFilePath"`
	RoleARN           string `json:"roleArn"`
	SessionName       string `json:"sessionName"`
}

Authenticate against Alibaba using RRSA.

func (*AlibabaRRSAAuth) DeepCopy added in v0.7.3

func (in *AlibabaRRSAAuth) DeepCopy() *AlibabaRRSAAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AlibabaRRSAAuth.

func (*AlibabaRRSAAuth) DeepCopyInto added in v0.7.3

func (in *AlibabaRRSAAuth) DeepCopyInto(out *AlibabaRRSAAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AzureAuthType

type AzureAuthType string

AuthType describes how to authenticate to the Azure Keyvault Only one of the following auth types may be specified. If none of the following auth type is specified, the default one is ServicePrincipal. +kubebuilder:validation:Enum=ServicePrincipal;ManagedIdentity;WorkloadIdentity

const (
	// Using service principal to authenticate, which needs a tenantId, a clientId and a clientSecret.
	AzureServicePrincipal AzureAuthType = "ServicePrincipal"

	// Using Managed Identity to authenticate. Used with aad-pod-identity installed in the cluster.
	AzureManagedIdentity AzureAuthType = "ManagedIdentity"

	// Using Workload Identity service accounts to authenticate.
	AzureWorkloadIdentity AzureAuthType = "WorkloadIdentity"
)

type AzureEnvironmentType added in v0.6.0

type AzureEnvironmentType string

AzureEnvironmentType specifies the Azure cloud environment endpoints to use for connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint. The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152 PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud +kubebuilder:validation:Enum=PublicCloud;USGovernmentCloud;ChinaCloud;GermanCloud

const (
	AzureEnvironmentPublicCloud       AzureEnvironmentType = "PublicCloud"
	AzureEnvironmentUSGovernmentCloud AzureEnvironmentType = "USGovernmentCloud"
	AzureEnvironmentChinaCloud        AzureEnvironmentType = "ChinaCloud"
	AzureEnvironmentGermanCloud       AzureEnvironmentType = "GermanCloud"
)

type AzureKVAuth

type AzureKVAuth struct {
	// The Azure clientId of the service principle or managed identity used for authentication.
	// +optional
	ClientID *smmeta.SecretKeySelector `json:"clientId,omitempty"`

	// The Azure tenantId of the managed identity used for authentication.
	// +optional
	TenantID *smmeta.SecretKeySelector `json:"tenantId,omitempty"`

	// The Azure ClientSecret of the service principle used for authentication.
	// +optional
	ClientSecret *smmeta.SecretKeySelector `json:"clientSecret,omitempty"`

	// The Azure ClientCertificate of the service principle used for authentication.
	// +optional
	ClientCertificate *smmeta.SecretKeySelector `json:"clientCertificate,omitempty"`
}

Configuration used to authenticate with Azure.

func (*AzureKVAuth) DeepCopy

func (in *AzureKVAuth) DeepCopy() *AzureKVAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureKVAuth.

func (*AzureKVAuth) DeepCopyInto

func (in *AzureKVAuth) DeepCopyInto(out *AzureKVAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AzureKVProvider

type AzureKVProvider struct {
	// Auth type defines how to authenticate to the keyvault service.
	// Valid values are:
	// - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret)
	// - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)
	// +optional
	// +kubebuilder:default=ServicePrincipal
	AuthType *AzureAuthType `json:"authType,omitempty"`

	// Vault Url from which the secrets to be fetched from.
	VaultURL *string `json:"vaultUrl"`

	// TenantID configures the Azure Tenant to send requests to. Required for ServicePrincipal auth type. Optional for WorkloadIdentity.
	// +optional
	TenantID *string `json:"tenantId,omitempty"`

	// EnvironmentType specifies the Azure cloud environment endpoints to use for
	// connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint.
	// The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152
	// PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud
	// +kubebuilder:default=PublicCloud
	EnvironmentType AzureEnvironmentType `json:"environmentType,omitempty"`

	// Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity.
	// +optional
	AuthSecretRef *AzureKVAuth `json:"authSecretRef,omitempty"`

	// ServiceAccountRef specified the service account
	// that should be used when authenticating with WorkloadIdentity.
	// +optional
	ServiceAccountRef *smmeta.ServiceAccountSelector `json:"serviceAccountRef,omitempty"`

	// If multiple Managed Identity is assigned to the pod, you can select the one to be used
	// +optional
	IdentityID *string `json:"identityId,omitempty"`
}

Configures an store to sync secrets using Azure KV.

func (*AzureKVProvider) DeepCopy

func (in *AzureKVProvider) DeepCopy() *AzureKVProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureKVProvider.

func (*AzureKVProvider) DeepCopyInto

func (in *AzureKVProvider) DeepCopyInto(out *AzureKVProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BitwardenSecretsManagerAuth added in v0.9.20

type BitwardenSecretsManagerAuth struct {
	SecretRef BitwardenSecretsManagerSecretRef `json:"secretRef"`
}

BitwardenSecretsManagerAuth contains the ref to the secret that contains the machine account token.

func (*BitwardenSecretsManagerAuth) DeepCopy added in v0.9.20

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BitwardenSecretsManagerAuth.

func (*BitwardenSecretsManagerAuth) DeepCopyInto added in v0.9.20

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BitwardenSecretsManagerProvider added in v0.9.20

type BitwardenSecretsManagerProvider struct {
	APIURL                string `json:"apiURL,omitempty"`
	IdentityURL           string `json:"identityURL,omitempty"`
	BitwardenServerSDKURL string `json:"bitwardenServerSDKURL,omitempty"`
	// Base64 encoded certificate for the bitwarden server sdk. The sdk MUST run with HTTPS to make sure no MITM attack
	// can be performed.
	// +required
	CABundle string `json:"caBundle"`
	// OrganizationID determines which organization this secret store manages.
	OrganizationID string `json:"organizationID"`
	// ProjectID determines which project this secret store manages.
	ProjectID string `json:"projectID"`
	// Auth configures how secret-manager authenticates with a bitwarden machine account instance.
	// Make sure that the token being used has permissions on the given secret.
	Auth BitwardenSecretsManagerAuth `json:"auth"`
}

BitwardenSecretsManagerProvider configures a store to sync secrets with a Bitwarden Secrets Manager instance.

func (*BitwardenSecretsManagerProvider) DeepCopy added in v0.9.20

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BitwardenSecretsManagerProvider.

func (*BitwardenSecretsManagerProvider) DeepCopyInto added in v0.9.20

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BitwardenSecretsManagerSecretRef added in v0.9.20

type BitwardenSecretsManagerSecretRef struct {
	// AccessToken used for the bitwarden instance.
	// +required
	Credentials esmeta.SecretKeySelector `json:"credentials"`
}

BitwardenSecretsManagerSecretRef contains the credential ref to the bitwarden instance.

func (*BitwardenSecretsManagerSecretRef) DeepCopy added in v0.9.20

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BitwardenSecretsManagerSecretRef.

func (*BitwardenSecretsManagerSecretRef) DeepCopyInto added in v0.9.20

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CAProvider

type CAProvider struct {
	// The type of provider to use such as "Secret", or "ConfigMap".
	// +kubebuilder:validation:Enum="Secret";"ConfigMap"
	Type CAProviderType `json:"type"`

	// The name of the object located at the provider type.
	Name string `json:"name"`

	// The key where the CA certificate can be found in the Secret or ConfigMap.
	// +kubebuilder:validation:Optional
	Key string `json:"key,omitempty"`

	// The namespace the Provider type is in.
	// Can only be defined when used in a ClusterSecretStore.
	// +optional
	Namespace *string `json:"namespace,omitempty"`
}

Used to provide custom certificate authority (CA) certificates for a secret store. The CAProvider points to a Secret or ConfigMap resource that contains a PEM-encoded certificate.

func (*CAProvider) DeepCopy

func (in *CAProvider) DeepCopy() *CAProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CAProvider.

func (*CAProvider) DeepCopyInto

func (in *CAProvider) DeepCopyInto(out *CAProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CAProviderType

type CAProviderType string
const (
	CAProviderTypeSecret    CAProviderType = "Secret"
	CAProviderTypeConfigMap CAProviderType = "ConfigMap"
)

type CertAuth

type CertAuth struct {
	ClientCert esmeta.SecretKeySelector `json:"clientCert,omitempty"`
	ClientKey  esmeta.SecretKeySelector `json:"clientKey,omitempty"`
}

func (*CertAuth) DeepCopy

func (in *CertAuth) DeepCopy() *CertAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertAuth.

func (*CertAuth) DeepCopyInto

func (in *CertAuth) DeepCopyInto(out *CertAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ChefAuth added in v0.9.13

type ChefAuth struct {
	SecretRef ChefAuthSecretRef `json:"secretRef"`
}

ChefAuth contains a secretRef for credentials.

func (*ChefAuth) DeepCopy added in v0.9.13

func (in *ChefAuth) DeepCopy() *ChefAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ChefAuth.

func (*ChefAuth) DeepCopyInto added in v0.9.13

func (in *ChefAuth) DeepCopyInto(out *ChefAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ChefAuthSecretRef added in v0.9.13

type ChefAuthSecretRef struct {
	// SecretKey is the Signing Key in PEM format, used for authentication.
	SecretKey esmeta.SecretKeySelector `json:"privateKeySecretRef"`
}

ChefAuthSecretRef holds secret references for chef server login credentials.

func (*ChefAuthSecretRef) DeepCopy added in v0.9.13

func (in *ChefAuthSecretRef) DeepCopy() *ChefAuthSecretRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ChefAuthSecretRef.

func (*ChefAuthSecretRef) DeepCopyInto added in v0.9.13

func (in *ChefAuthSecretRef) DeepCopyInto(out *ChefAuthSecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ChefProvider added in v0.9.13

type ChefProvider struct {
	// Auth defines the information necessary to authenticate against chef Server
	Auth *ChefAuth `json:"auth"`
	// UserName should be the user ID on the chef server
	UserName string `json:"username"`
	// ServerURL is the chef server URL used to connect to. If using orgs you should include your org in the url and terminate the url with a "/"
	ServerURL string `json:"serverUrl"`
}

ChefProvider configures a store to sync secrets using basic chef server connection credentials.

func (*ChefProvider) DeepCopy added in v0.9.13

func (in *ChefProvider) DeepCopy() *ChefProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ChefProvider.

func (*ChefProvider) DeepCopyInto added in v0.9.13

func (in *ChefProvider) DeepCopyInto(out *ChefProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterExternalSecret

type ClusterExternalSecret struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   ClusterExternalSecretSpec   `json:"spec,omitempty"`
	Status ClusterExternalSecretStatus `json:"status,omitempty"`
}

+kubebuilder:object:root=true +kubebuilder:storageversion +kubebuilder:resource:scope=Cluster,categories={externalsecrets},shortName=ces +kubebuilder:subresource:status +kubebuilder:metadata:labels="external-secrets.io/component=controller" +kubebuilder:printcolumn:name="Store",type=string,JSONPath=`.spec.externalSecretSpec.secretStoreRef.name` +kubebuilder:printcolumn:name="Refresh Interval",type=string,JSONPath=`.spec.refreshTime` +kubebuilder:printcolumn:name="Ready",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].status` ClusterExternalSecret is the Schema for the clusterexternalsecrets API.

func (*ClusterExternalSecret) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterExternalSecret.

func (*ClusterExternalSecret) DeepCopyInto

func (in *ClusterExternalSecret) DeepCopyInto(out *ClusterExternalSecret)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterExternalSecret) DeepCopyObject

func (in *ClusterExternalSecret) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ClusterExternalSecretConditionType

type ClusterExternalSecretConditionType string
const ClusterExternalSecretReady ClusterExternalSecretConditionType = "Ready"

type ClusterExternalSecretList

type ClusterExternalSecretList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ClusterExternalSecret `json:"items"`
}

ClusterExternalSecretList contains a list of ClusterExternalSecret.

func (*ClusterExternalSecretList) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterExternalSecretList.

func (*ClusterExternalSecretList) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterExternalSecretList) DeepCopyObject

func (in *ClusterExternalSecretList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ClusterExternalSecretNamespaceFailure

type ClusterExternalSecretNamespaceFailure struct {

	// Namespace is the namespace that failed when trying to apply an ExternalSecret
	Namespace string `json:"namespace"`

	// Reason is why the ExternalSecret failed to apply to the namespace
	// +optional
	Reason string `json:"reason,omitempty"`
}

ClusterExternalSecretNamespaceFailure represents a failed namespace deployment and it's reason.

func (*ClusterExternalSecretNamespaceFailure) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterExternalSecretNamespaceFailure.

func (*ClusterExternalSecretNamespaceFailure) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterExternalSecretSpec

type ClusterExternalSecretSpec struct {
	// The spec for the ExternalSecrets to be created
	ExternalSecretSpec ExternalSecretSpec `json:"externalSecretSpec"`

	// The name of the external secrets to be created defaults to the name of the ClusterExternalSecret
	// +optional
	ExternalSecretName string `json:"externalSecretName,omitempty"`

	// The metadata of the external secrets to be created
	// +optional
	ExternalSecretMetadata ExternalSecretMetadata `json:"externalSecretMetadata,omitempty"`

	// The labels to select by to find the Namespaces to create the ExternalSecrets in.
	// Deprecated: Use NamespaceSelectors instead.
	// +optional
	NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty"`

	// A list of labels to select by to find the Namespaces to create the ExternalSecrets in. The selectors are ORed.
	// +optional
	NamespaceSelectors []*metav1.LabelSelector `json:"namespaceSelectors,omitempty"`

	// Choose namespaces by name. This field is ORed with anything that NamespaceSelectors ends up choosing.
	// +optional
	Namespaces []string `json:"namespaces,omitempty"`

	// The time in which the controller should reconcile its objects and recheck namespaces for labels.
	RefreshInterval *metav1.Duration `json:"refreshTime,omitempty"`
}

ClusterExternalSecretSpec defines the desired state of ClusterExternalSecret.

func (*ClusterExternalSecretSpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterExternalSecretSpec.

func (*ClusterExternalSecretSpec) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterExternalSecretStatus

type ClusterExternalSecretStatus struct {
	// ExternalSecretName is the name of the ExternalSecrets created by the ClusterExternalSecret
	ExternalSecretName string `json:"externalSecretName,omitempty"`

	// Failed namespaces are the namespaces that failed to apply an ExternalSecret
	// +optional
	FailedNamespaces []ClusterExternalSecretNamespaceFailure `json:"failedNamespaces,omitempty"`

	// ProvisionedNamespaces are the namespaces where the ClusterExternalSecret has secrets
	// +optional
	ProvisionedNamespaces []string `json:"provisionedNamespaces,omitempty"`

	// +optional
	Conditions []ClusterExternalSecretStatusCondition `json:"conditions,omitempty"`
}

ClusterExternalSecretStatus defines the observed state of ClusterExternalSecret.

func (*ClusterExternalSecretStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterExternalSecretStatus.

func (*ClusterExternalSecretStatus) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterExternalSecretStatusCondition

type ClusterExternalSecretStatusCondition struct {
	Type   ClusterExternalSecretConditionType `json:"type"`
	Status corev1.ConditionStatus             `json:"status"`

	// +optional
	Message string `json:"message,omitempty"`
}

func (*ClusterExternalSecretStatusCondition) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterExternalSecretStatusCondition.

func (*ClusterExternalSecretStatusCondition) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterSecretStore

type ClusterSecretStore struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   SecretStoreSpec   `json:"spec,omitempty"`
	Status SecretStoreStatus `json:"status,omitempty"`
}

ClusterSecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields. +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].reason` +kubebuilder:printcolumn:name="Capabilities",type=string,JSONPath=`.status.capabilities` +kubebuilder:printcolumn:name="Ready",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].status` +kubebuilder:subresource:status +kubebuilder:metadata:labels="external-secrets.io/component=controller" +kubebuilder:resource:scope=Cluster,categories={externalsecrets},shortName=css

func (*ClusterSecretStore) Copy

func (c *ClusterSecretStore) Copy() GenericStore

func (*ClusterSecretStore) DeepCopy

func (in *ClusterSecretStore) DeepCopy() *ClusterSecretStore

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSecretStore.

func (*ClusterSecretStore) DeepCopyInto

func (in *ClusterSecretStore) DeepCopyInto(out *ClusterSecretStore)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterSecretStore) DeepCopyObject

func (in *ClusterSecretStore) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ClusterSecretStore) GetKind added in v0.6.1

func (c *ClusterSecretStore) GetKind() string

func (*ClusterSecretStore) GetNamespacedName

func (c *ClusterSecretStore) GetNamespacedName() string

func (*ClusterSecretStore) GetObjectMeta

func (c *ClusterSecretStore) GetObjectMeta() *metav1.ObjectMeta

func (*ClusterSecretStore) GetSpec

func (c *ClusterSecretStore) GetSpec() *SecretStoreSpec

func (*ClusterSecretStore) GetStatus

func (c *ClusterSecretStore) GetStatus() SecretStoreStatus

func (*ClusterSecretStore) GetTypeMeta

func (c *ClusterSecretStore) GetTypeMeta() *metav1.TypeMeta

func (*ClusterSecretStore) Hub

func (*ClusterSecretStore) Hub()

func (*ClusterSecretStore) SetStatus

func (c *ClusterSecretStore) SetStatus(status SecretStoreStatus)

func (*ClusterSecretStore) SetupWebhookWithManager

func (c *ClusterSecretStore) SetupWebhookWithManager(mgr ctrl.Manager) error

type ClusterSecretStoreCondition added in v0.6.1

type ClusterSecretStoreCondition struct {
	// Choose namespace using a labelSelector
	// +optional
	NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty"`

	// Choose namespaces by name
	// +optional
	Namespaces []string `json:"namespaces,omitempty"`

	// Choose namespaces by using regex matching
	// +optional
	NamespaceRegexes []string `json:"namespaceRegexes,omitempty"`
}

ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in for a ClusterSecretStore instance.

func (*ClusterSecretStoreCondition) DeepCopy added in v0.6.1

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSecretStoreCondition.

func (*ClusterSecretStoreCondition) DeepCopyInto added in v0.6.1

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterSecretStoreList

type ClusterSecretStoreList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ClusterSecretStore `json:"items"`
}

ClusterSecretStoreList contains a list of ClusterSecretStore resources.

func (*ClusterSecretStoreList) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSecretStoreList.

func (*ClusterSecretStoreList) DeepCopyInto

func (in *ClusterSecretStoreList) DeepCopyInto(out *ClusterSecretStoreList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterSecretStoreList) DeepCopyObject

func (in *ClusterSecretStoreList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ConjurAPIKey added in v0.9.12

type ConjurAPIKey struct {
	Account   string                    `json:"account"`
	UserRef   *esmeta.SecretKeySelector `json:"userRef"`
	APIKeyRef *esmeta.SecretKeySelector `json:"apiKeyRef"`
}

func (*ConjurAPIKey) DeepCopy added in v0.9.12

func (in *ConjurAPIKey) DeepCopy() *ConjurAPIKey

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConjurAPIKey.

func (*ConjurAPIKey) DeepCopyInto added in v0.9.12

func (in *ConjurAPIKey) DeepCopyInto(out *ConjurAPIKey)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ConjurAuth added in v0.8.4

type ConjurAuth struct {
	// +optional
	APIKey *ConjurAPIKey `json:"apikey,omitempty"`
	// +optional
	Jwt *ConjurJWT `json:"jwt,omitempty"`
}

func (*ConjurAuth) DeepCopy added in v0.8.4

func (in *ConjurAuth) DeepCopy() *ConjurAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConjurAuth.

func (*ConjurAuth) DeepCopyInto added in v0.8.4

func (in *ConjurAuth) DeepCopyInto(out *ConjurAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ConjurJWT added in v0.9.6

type ConjurJWT struct {
	Account string `json:"account"`

	// The conjur authn jwt webservice id
	ServiceID string `json:"serviceID"`

	// Optional HostID for JWT authentication. This may be used depending
	// on how the Conjur JWT authenticator policy is configured.
	// +optional
	HostID string `json:"hostId"`

	// Optional SecretRef that refers to a key in a Secret resource containing JWT token to
	// authenticate with Conjur using the JWT authentication method.
	// +optional
	SecretRef *esmeta.SecretKeySelector `json:"secretRef,omitempty"`

	// Optional ServiceAccountRef specifies the Kubernetes service account for which to request
	// a token for with the `TokenRequest` API.
	// +optional
	ServiceAccountRef *esmeta.ServiceAccountSelector `json:"serviceAccountRef,omitempty"`
}

func (*ConjurJWT) DeepCopy added in v0.9.6

func (in *ConjurJWT) DeepCopy() *ConjurJWT

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConjurJWT.

func (*ConjurJWT) DeepCopyInto added in v0.9.6

func (in *ConjurJWT) DeepCopyInto(out *ConjurJWT)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ConjurProvider added in v0.8.4

type ConjurProvider struct {
	URL string `json:"url"`
	// +optional
	CABundle string `json:"caBundle,omitempty"`
	// +optional
	CAProvider *CAProvider `json:"caProvider,omitempty"`
	Auth       ConjurAuth  `json:"auth"`
}

func (*ConjurProvider) DeepCopy added in v0.8.4

func (in *ConjurProvider) DeepCopy() *ConjurProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConjurProvider.

func (*ConjurProvider) DeepCopyInto added in v0.8.4

func (in *ConjurProvider) DeepCopyInto(out *ConjurProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DelineaProvider added in v0.9.1

type DelineaProvider struct {

	// ClientID is the non-secret part of the credential.
	ClientID *DelineaProviderSecretRef `json:"clientId"`

	// ClientSecret is the secret part of the credential.
	ClientSecret *DelineaProviderSecretRef `json:"clientSecret"`

	// Tenant is the chosen hostname / site name.
	Tenant string `json:"tenant"`

	// URLTemplate
	// If unset, defaults to "https://%s.secretsvaultcloud.%s/v1/%s%s".
	// +optional
	URLTemplate string `json:"urlTemplate,omitempty"`

	// TLD is based on the server location that was chosen during provisioning.
	// If unset, defaults to "com".
	// +optional
	TLD string `json:"tld,omitempty"`
}

See https://github.com/DelineaXPM/dsv-sdk-go/blob/main/vault/vault.go.

func (*DelineaProvider) DeepCopy added in v0.9.1

func (in *DelineaProvider) DeepCopy() *DelineaProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DelineaProvider.

func (*DelineaProvider) DeepCopyInto added in v0.9.1

func (in *DelineaProvider) DeepCopyInto(out *DelineaProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DelineaProviderSecretRef added in v0.9.1

type DelineaProviderSecretRef struct {

	// Value can be specified directly to set a value without using a secret.
	// +optional
	Value string `json:"value,omitempty"`

	// SecretRef references a key in a secret that will be used as value.
	// +optional
	SecretRef *esmeta.SecretKeySelector `json:"secretRef,omitempty"`
}

func (*DelineaProviderSecretRef) DeepCopy added in v0.9.1

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DelineaProviderSecretRef.

func (*DelineaProviderSecretRef) DeepCopyInto added in v0.9.1

func (in *DelineaProviderSecretRef) DeepCopyInto(out *DelineaProviderSecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Device42Auth added in v0.9.20

type Device42Auth struct {
	SecretRef Device42SecretRef `json:"secretRef"`
}

func (*Device42Auth) DeepCopy added in v0.9.20

func (in *Device42Auth) DeepCopy() *Device42Auth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Device42Auth.

func (*Device42Auth) DeepCopyInto added in v0.9.20

func (in *Device42Auth) DeepCopyInto(out *Device42Auth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Device42Provider added in v0.9.20

type Device42Provider struct {
	// URL configures the Device42 instance URL.
	Host string `json:"host"`

	// Auth configures how secret-manager authenticates with a Device42 instance.
	Auth Device42Auth `json:"auth"`
}

Device42Provider configures a store to sync secrets with a Device42 instance.

func (*Device42Provider) DeepCopy added in v0.9.20

func (in *Device42Provider) DeepCopy() *Device42Provider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Device42Provider.

func (*Device42Provider) DeepCopyInto added in v0.9.20

func (in *Device42Provider) DeepCopyInto(out *Device42Provider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Device42SecretRef added in v0.9.20

type Device42SecretRef struct {
	// Username / Password is used for authentication.
	// +optional
	Credentials esmeta.SecretKeySelector `json:"credentials,omitempty"`
}

func (*Device42SecretRef) DeepCopy added in v0.9.20

func (in *Device42SecretRef) DeepCopy() *Device42SecretRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Device42SecretRef.

func (*Device42SecretRef) DeepCopyInto added in v0.9.20

func (in *Device42SecretRef) DeepCopyInto(out *Device42SecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DopplerAuth added in v0.6.0

type DopplerAuth struct {
	SecretRef DopplerAuthSecretRef `json:"secretRef"`
}

func (*DopplerAuth) DeepCopy added in v0.6.0

func (in *DopplerAuth) DeepCopy() *DopplerAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DopplerAuth.

func (*DopplerAuth) DeepCopyInto added in v0.6.0

func (in *DopplerAuth) DeepCopyInto(out *DopplerAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DopplerAuthSecretRef added in v0.6.0

type DopplerAuthSecretRef struct {
	// The DopplerToken is used for authentication.
	// See https://docs.doppler.com/reference/api#authentication for auth token types.
	// The Key attribute defaults to dopplerToken if not specified.
	DopplerToken esmeta.SecretKeySelector `json:"dopplerToken"`
}

func (*DopplerAuthSecretRef) DeepCopy added in v0.6.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DopplerAuthSecretRef.

func (*DopplerAuthSecretRef) DeepCopyInto added in v0.6.0

func (in *DopplerAuthSecretRef) DeepCopyInto(out *DopplerAuthSecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DopplerProvider added in v0.6.0

type DopplerProvider struct {
	// Auth configures how the Operator authenticates with the Doppler API
	Auth *DopplerAuth `json:"auth"`

	// Doppler project (required if not using a Service Token)
	// +optional
	Project string `json:"project,omitempty"`

	// Doppler config (required if not using a Service Token)
	// +optional
	Config string `json:"config,omitempty"`

	// Environment variable compatible name transforms that change secret names to a different format
	// +kubebuilder:validation:Enum=upper-camel;camel;lower-snake;tf-var;dotnet-env;lower-kebab
	// +optional
	NameTransformer string `json:"nameTransformer,omitempty"`

	// Format enables the downloading of secrets as a file (string)
	// +kubebuilder:validation:Enum=json;dotnet-json;env;yaml;docker
	// +optional
	Format string `json:"format,omitempty"`
}

DopplerProvider configures a store to sync secrets using the Doppler provider. Project and Config are required if not using a Service Token.

func (*DopplerProvider) DeepCopy added in v0.6.0

func (in *DopplerProvider) DeepCopy() *DopplerProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DopplerProvider.

func (*DopplerProvider) DeepCopyInto added in v0.6.0

func (in *DopplerProvider) DeepCopyInto(out *DopplerProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecret

type ExternalSecret struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   ExternalSecretSpec   `json:"spec,omitempty"`
	Status ExternalSecretStatus `json:"status,omitempty"`
}

+kubebuilder:object:root=true +kubebuilder:storageversion ExternalSecret is the Schema for the external-secrets API. +kubebuilder:subresource:status +kubebuilder:metadata:labels="external-secrets.io/component=controller" +kubebuilder:resource:scope=Namespaced,categories={externalsecrets},shortName=es +kubebuilder:printcolumn:name="Store",type=string,JSONPath=`.spec.secretStoreRef.name` +kubebuilder:printcolumn:name="Refresh Interval",type=string,JSONPath=`.spec.refreshInterval` +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].reason` +kubebuilder:printcolumn:name="Ready",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].status`

func (*ExternalSecret) DeepCopy

func (in *ExternalSecret) DeepCopy() *ExternalSecret

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecret.

func (*ExternalSecret) DeepCopyInto

func (in *ExternalSecret) DeepCopyInto(out *ExternalSecret)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ExternalSecret) DeepCopyObject

func (in *ExternalSecret) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ExternalSecret) Hub

func (*ExternalSecret) Hub()

func (*ExternalSecret) SetupWebhookWithManager

func (r *ExternalSecret) SetupWebhookWithManager(mgr ctrl.Manager) error

type ExternalSecretConditionType

type ExternalSecretConditionType string
const (
	ExternalSecretReady   ExternalSecretConditionType = "Ready"
	ExternalSecretDeleted ExternalSecretConditionType = "Deleted"
)

type ExternalSecretConversionStrategy

type ExternalSecretConversionStrategy string

+kubebuilder:validation:Enum=Default;Unicode

const (
	ExternalSecretConversionDefault ExternalSecretConversionStrategy = "Default"
	ExternalSecretConversionUnicode ExternalSecretConversionStrategy = "Unicode"
)

type ExternalSecretCreationPolicy

type ExternalSecretCreationPolicy string

ExternalSecretCreationPolicy defines rules on how to create the resulting Secret. +kubebuilder:validation:Enum=Owner;Orphan;Merge;None

const (
	// Owner creates the Secret and sets .metadata.ownerReferences to the ExternalSecret resource.
	CreatePolicyOwner ExternalSecretCreationPolicy = "Owner"

	// Orphan creates the Secret and does not set the ownerReference.
	// I.e. it will be orphaned after the deletion of the ExternalSecret.
	CreatePolicyOrphan ExternalSecretCreationPolicy = "Orphan"

	// Merge does not create the Secret, but merges the data fields to the Secret.
	CreatePolicyMerge ExternalSecretCreationPolicy = "Merge"

	// None does not create a Secret (future use with injector).
	CreatePolicyNone ExternalSecretCreationPolicy = "None"
)

type ExternalSecretData

type ExternalSecretData struct {
	// SecretKey defines the key in which the controller stores
	// the value. This is the key in the Kind=Secret
	SecretKey string `json:"secretKey"`

	// RemoteRef points to the remote secret and defines
	// which secret (version/property/..) to fetch.
	RemoteRef ExternalSecretDataRemoteRef `json:"remoteRef"`

	// SourceRef allows you to override the source
	// from which the value will pulled from.
	SourceRef *StoreSourceRef `json:"sourceRef,omitempty"`
}

ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.<key>) and the Provider data.

func (*ExternalSecretData) DeepCopy

func (in *ExternalSecretData) DeepCopy() *ExternalSecretData

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretData.

func (*ExternalSecretData) DeepCopyInto

func (in *ExternalSecretData) DeepCopyInto(out *ExternalSecretData)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretDataFromRemoteRef

type ExternalSecretDataFromRemoteRef struct {
	// Used to extract multiple key/value pairs from one secret
	// Note: Extract does not support sourceRef.Generator or sourceRef.GeneratorRef.
	// +optional
	Extract *ExternalSecretDataRemoteRef `json:"extract,omitempty"`
	// Used to find secrets based on tags or regular expressions
	// Note: Find does not support sourceRef.Generator or sourceRef.GeneratorRef.
	// +optional
	Find *ExternalSecretFind `json:"find,omitempty"`

	// Used to rewrite secret Keys after getting them from the secret Provider
	// Multiple Rewrite operations can be provided. They are applied in a layered order (first to last)
	// +optional
	Rewrite []ExternalSecretRewrite `json:"rewrite,omitempty"`

	// SourceRef points to a store or generator
	// which contains secret values ready to use.
	// Use this in combination with Extract or Find pull values out of
	// a specific SecretStore.
	// When sourceRef points to a generator Extract or Find is not supported.
	// The generator returns a static map of values
	SourceRef *StoreGeneratorSourceRef `json:"sourceRef,omitempty"`
}

func (*ExternalSecretDataFromRemoteRef) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretDataFromRemoteRef.

func (*ExternalSecretDataFromRemoteRef) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretDataRemoteRef

type ExternalSecretDataRemoteRef struct {
	// Key is the key used in the Provider, mandatory
	Key string `json:"key"`

	// +optional
	// Policy for fetching tags/labels from provider secrets, possible options are Fetch, None. Defaults to None
	// +kubebuilder:default="None"
	MetadataPolicy ExternalSecretMetadataPolicy `json:"metadataPolicy,omitempty"`

	// +optional
	// Used to select a specific property of the Provider value (if a map), if supported
	Property string `json:"property,omitempty"`

	// +optional
	// Used to select a specific version of the Provider value, if supported
	Version string `json:"version,omitempty"`

	// +optional
	// Used to define a conversion Strategy
	// +kubebuilder:default="Default"
	ConversionStrategy ExternalSecretConversionStrategy `json:"conversionStrategy,omitempty"`

	// +optional
	// Used to define a decoding Strategy
	// +kubebuilder:default="None"
	DecodingStrategy ExternalSecretDecodingStrategy `json:"decodingStrategy,omitempty"`
}

ExternalSecretDataRemoteRef defines Provider data location.

func (*ExternalSecretDataRemoteRef) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretDataRemoteRef.

func (*ExternalSecretDataRemoteRef) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretDecodingStrategy added in v0.5.8

type ExternalSecretDecodingStrategy string

+kubebuilder:validation:Enum=Auto;Base64;Base64URL;None

const (
	ExternalSecretDecodeAuto      ExternalSecretDecodingStrategy = "Auto"
	ExternalSecretDecodeBase64    ExternalSecretDecodingStrategy = "Base64"
	ExternalSecretDecodeBase64URL ExternalSecretDecodingStrategy = "Base64URL"
	ExternalSecretDecodeNone      ExternalSecretDecodingStrategy = "None"
)

type ExternalSecretDeletionPolicy

type ExternalSecretDeletionPolicy string

ExternalSecretDeletionPolicy defines rules on how to delete the resulting Secret. +kubebuilder:validation:Enum=Delete;Merge;Retain

const (
	// Delete deletes the secret if all provider secrets are deleted.
	// If a secret gets deleted on the provider side and is not accessible
	// anymore this is not considered an error and the ExternalSecret
	// does not go into SecretSyncedError status.
	DeletionPolicyDelete ExternalSecretDeletionPolicy = "Delete"

	// Merge removes keys in the secret, but not the secret itself.
	// If a secret gets deleted on the provider side and is not accessible
	// anymore this is not considered an error and the ExternalSecret
	// does not go into SecretSyncedError status.
	DeletionPolicyMerge ExternalSecretDeletionPolicy = "Merge"

	// Retain will retain the secret if all provider secrets have been deleted.
	// If a provider secret does not exist the ExternalSecret gets into the
	// SecretSyncedError status.
	DeletionPolicyRetain ExternalSecretDeletionPolicy = "Retain"
)

type ExternalSecretFind

type ExternalSecretFind struct {
	// A root path to start the find operations.
	// +optional
	Path *string `json:"path,omitempty"`

	// Finds secrets based on the name.
	// +optional
	Name *FindName `json:"name,omitempty"`

	// Find secrets based on tags.
	// +optional
	Tags map[string]string `json:"tags,omitempty"`

	// +optional
	// Used to define a conversion Strategy
	// +kubebuilder:default="Default"
	ConversionStrategy ExternalSecretConversionStrategy `json:"conversionStrategy,omitempty"`

	// +optional
	// Used to define a decoding Strategy
	// +kubebuilder:default="None"
	DecodingStrategy ExternalSecretDecodingStrategy `json:"decodingStrategy,omitempty"`
}

func (*ExternalSecretFind) DeepCopy

func (in *ExternalSecretFind) DeepCopy() *ExternalSecretFind

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretFind.

func (*ExternalSecretFind) DeepCopyInto

func (in *ExternalSecretFind) DeepCopyInto(out *ExternalSecretFind)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretList

type ExternalSecretList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ExternalSecret `json:"items"`
}

ExternalSecretList contains a list of ExternalSecret resources.

func (*ExternalSecretList) DeepCopy

func (in *ExternalSecretList) DeepCopy() *ExternalSecretList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretList.

func (*ExternalSecretList) DeepCopyInto

func (in *ExternalSecretList) DeepCopyInto(out *ExternalSecretList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ExternalSecretList) DeepCopyObject

func (in *ExternalSecretList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ExternalSecretMetadata added in v0.8.4

type ExternalSecretMetadata struct {
	// +optional
	Annotations map[string]string `json:"annotations,omitempty"`

	// +optional
	Labels map[string]string `json:"labels,omitempty"`
}

ExternalSecretMetadata defines metadata fields for the ExternalSecret generated by the ClusterExternalSecret.

func (*ExternalSecretMetadata) DeepCopy added in v0.8.4

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretMetadata.

func (*ExternalSecretMetadata) DeepCopyInto added in v0.8.4

func (in *ExternalSecretMetadata) DeepCopyInto(out *ExternalSecretMetadata)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretMetadataPolicy added in v0.5.4

type ExternalSecretMetadataPolicy string

+kubebuilder:validation:Enum=None;Fetch

const (
	ExternalSecretMetadataPolicyNone  ExternalSecretMetadataPolicy = "None"
	ExternalSecretMetadataPolicyFetch ExternalSecretMetadataPolicy = "Fetch"
)

type ExternalSecretRewrite added in v0.5.9

type ExternalSecretRewrite struct {
	// Used to rewrite with regular expressions.
	// The resulting key will be the output of a regexp.ReplaceAll operation.
	// +optional
	Regexp *ExternalSecretRewriteRegexp `json:"regexp,omitempty"`

	// Used to apply string transformation on the secrets.
	// The resulting key will be the output of the template applied by the operation.
	// +optional
	Transform *ExternalSecretRewriteTransform `json:"transform,omitempty"`
}

func (*ExternalSecretRewrite) DeepCopy added in v0.5.9

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretRewrite.

func (*ExternalSecretRewrite) DeepCopyInto added in v0.5.9

func (in *ExternalSecretRewrite) DeepCopyInto(out *ExternalSecretRewrite)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretRewriteRegexp added in v0.5.9

type ExternalSecretRewriteRegexp struct {
	// Used to define the regular expression of a re.Compiler.
	Source string `json:"source"`
	// Used to define the target pattern of a ReplaceAll operation.
	Target string `json:"target"`
}

func (*ExternalSecretRewriteRegexp) DeepCopy added in v0.5.9

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretRewriteRegexp.

func (*ExternalSecretRewriteRegexp) DeepCopyInto added in v0.5.9

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretRewriteTransform added in v0.9.10

type ExternalSecretRewriteTransform struct {
	// Used to define the template to apply on the secret name.
	// `.value ` will specify the secret name in the template.
	Template string `json:"template"`
}

func (*ExternalSecretRewriteTransform) DeepCopy added in v0.9.10

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretRewriteTransform.

func (*ExternalSecretRewriteTransform) DeepCopyInto added in v0.9.10

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretSpec

type ExternalSecretSpec struct {
	// +optional
	SecretStoreRef SecretStoreRef `json:"secretStoreRef,omitempty"`
	// +kubebuilder:default={creationPolicy:Owner,deletionPolicy:Retain}
	// +optional
	Target ExternalSecretTarget `json:"target,omitempty"`

	// RefreshInterval is the amount of time before the values are read again from the SecretStore provider
	// Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h"
	// May be set to zero to fetch and create it once. Defaults to 1h.
	// +kubebuilder:default="1h"
	RefreshInterval *metav1.Duration `json:"refreshInterval,omitempty"`

	// Data defines the connection between the Kubernetes Secret keys and the Provider data
	// +optional
	Data []ExternalSecretData `json:"data,omitempty"`

	// DataFrom is used to fetch all properties from a specific Provider data
	// If multiple entries are specified, the Secret keys are merged in the specified order
	// +optional
	DataFrom []ExternalSecretDataFromRemoteRef `json:"dataFrom,omitempty"`
}

ExternalSecretSpec defines the desired state of ExternalSecret.

func (*ExternalSecretSpec) DeepCopy

func (in *ExternalSecretSpec) DeepCopy() *ExternalSecretSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretSpec.

func (*ExternalSecretSpec) DeepCopyInto

func (in *ExternalSecretSpec) DeepCopyInto(out *ExternalSecretSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretStatus

type ExternalSecretStatus struct {
	// +nullable
	// refreshTime is the time and date the external secret was fetched and
	// the target secret updated
	RefreshTime metav1.Time `json:"refreshTime,omitempty"`

	// SyncedResourceVersion keeps track of the last synced version
	SyncedResourceVersion string `json:"syncedResourceVersion,omitempty"`

	// +optional
	Conditions []ExternalSecretStatusCondition `json:"conditions,omitempty"`

	// Binding represents a servicebinding.io Provisioned Service reference to the secret
	Binding corev1.LocalObjectReference `json:"binding,omitempty"`
}

func (*ExternalSecretStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretStatus.

func (*ExternalSecretStatus) DeepCopyInto

func (in *ExternalSecretStatus) DeepCopyInto(out *ExternalSecretStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretStatusCondition

type ExternalSecretStatusCondition struct {
	Type   ExternalSecretConditionType `json:"type"`
	Status corev1.ConditionStatus      `json:"status"`

	// +optional
	Reason string `json:"reason,omitempty"`

	// +optional
	Message string `json:"message,omitempty"`

	// +optional
	LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"`
}

func (*ExternalSecretStatusCondition) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretStatusCondition.

func (*ExternalSecretStatusCondition) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretTarget

type ExternalSecretTarget struct {
	// Name defines the name of the Secret resource to be managed
	// This field is immutable
	// Defaults to the .metadata.name of the ExternalSecret resource
	// +optional
	Name string `json:"name,omitempty"`

	// CreationPolicy defines rules on how to create the resulting Secret
	// Defaults to 'Owner'
	// +optional
	// +kubebuilder:default="Owner"
	CreationPolicy ExternalSecretCreationPolicy `json:"creationPolicy,omitempty"`
	// DeletionPolicy defines rules on how to delete the resulting Secret
	// Defaults to 'Retain'
	// +optional
	// +kubebuilder:default="Retain"
	DeletionPolicy ExternalSecretDeletionPolicy `json:"deletionPolicy,omitempty"`
	// Template defines a blueprint for the created Secret resource.
	// +optional
	Template *ExternalSecretTemplate `json:"template,omitempty"`

	// Immutable defines if the final secret will be immutable
	// +optional
	Immutable bool `json:"immutable,omitempty"`
}

ExternalSecretTarget defines the Kubernetes Secret to be created There can be only one target per ExternalSecret.

func (*ExternalSecretTarget) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretTarget.

func (*ExternalSecretTarget) DeepCopyInto

func (in *ExternalSecretTarget) DeepCopyInto(out *ExternalSecretTarget)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretTemplate

type ExternalSecretTemplate struct {
	// +optional
	Type corev1.SecretType `json:"type,omitempty"`

	// EngineVersion specifies the template engine version
	// that should be used to compile/execute the
	// template specified in .data and .templateFrom[].
	// +kubebuilder:default="v2"
	EngineVersion TemplateEngineVersion `json:"engineVersion,omitempty"`
	// +optional
	Metadata ExternalSecretTemplateMetadata `json:"metadata,omitempty"`
	// +kubebuilder:default="Replace"
	MergePolicy TemplateMergePolicy `json:"mergePolicy,omitempty"`
	// +optional
	Data map[string]string `json:"data,omitempty"`
	// +optional
	TemplateFrom []TemplateFrom `json:"templateFrom,omitempty"`
}

ExternalSecretTemplate defines a blueprint for the created Secret resource. we can not use native corev1.Secret, it will have empty ObjectMeta values: https://github.com/kubernetes-sigs/controller-tools/issues/448

func (*ExternalSecretTemplate) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretTemplate.

func (*ExternalSecretTemplate) DeepCopyInto

func (in *ExternalSecretTemplate) DeepCopyInto(out *ExternalSecretTemplate)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretTemplateMetadata

type ExternalSecretTemplateMetadata struct {
	// +optional
	Annotations map[string]string `json:"annotations,omitempty"`

	// +optional
	Labels map[string]string `json:"labels,omitempty"`
}

ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint.

func (*ExternalSecretTemplateMetadata) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretTemplateMetadata.

func (*ExternalSecretTemplateMetadata) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretValidator

type ExternalSecretValidator struct{}

func (*ExternalSecretValidator) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretValidator.

func (*ExternalSecretValidator) DeepCopyInto

func (in *ExternalSecretValidator) DeepCopyInto(out *ExternalSecretValidator)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ExternalSecretValidator) ValidateCreate

func (*ExternalSecretValidator) ValidateDelete

func (*ExternalSecretValidator) ValidateUpdate

func (esv *ExternalSecretValidator) ValidateUpdate(_ context.Context, _, newObj runtime.Object) (admission.Warnings, error)

type FakeProvider

type FakeProvider struct {
	Data []FakeProviderData `json:"data"`
}

FakeProvider configures a fake provider that returns static values.

func (*FakeProvider) DeepCopy

func (in *FakeProvider) DeepCopy() *FakeProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FakeProvider.

func (*FakeProvider) DeepCopyInto

func (in *FakeProvider) DeepCopyInto(out *FakeProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FakeProviderData

type FakeProviderData struct {
	Key   string `json:"key"`
	Value string `json:"value,omitempty"`
	// Deprecated: ValueMap is deprecated and is intended to be removed in the future, use the `value` field instead.
	ValueMap map[string]string `json:"valueMap,omitempty"`
	Version  string            `json:"version,omitempty"`
}

func (*FakeProviderData) DeepCopy

func (in *FakeProviderData) DeepCopy() *FakeProviderData

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FakeProviderData.

func (*FakeProviderData) DeepCopyInto

func (in *FakeProviderData) DeepCopyInto(out *FakeProviderData)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FindName

type FindName struct {
	// Finds secrets base
	// +optional
	RegExp string `json:"regexp,omitempty"`
}

func (*FindName) DeepCopy

func (in *FindName) DeepCopy() *FindName

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FindName.

func (*FindName) DeepCopyInto

func (in *FindName) DeepCopyInto(out *FindName)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FortanixProvider added in v0.9.14

type FortanixProvider struct {
	// APIURL is the URL of SDKMS API. Defaults to `sdkms.fortanix.com`.
	APIURL string `json:"apiUrl,omitempty"`

	// APIKey is the API token to access SDKMS Applications.
	APIKey *FortanixProviderSecretRef `json:"apiKey,omitempty"`
}

func (*FortanixProvider) DeepCopy added in v0.9.14

func (in *FortanixProvider) DeepCopy() *FortanixProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FortanixProvider.

func (*FortanixProvider) DeepCopyInto added in v0.9.14

func (in *FortanixProvider) DeepCopyInto(out *FortanixProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FortanixProviderSecretRef added in v0.9.14

type FortanixProviderSecretRef struct {
	// SecretRef is a reference to a secret containing the SDKMS API Key.
	SecretRef *esmeta.SecretKeySelector `json:"secretRef,omitempty"`
}

func (*FortanixProviderSecretRef) DeepCopy added in v0.9.14

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FortanixProviderSecretRef.

func (*FortanixProviderSecretRef) DeepCopyInto added in v0.9.14

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GCPSMAuth

type GCPSMAuth struct {
	// +optional
	SecretRef *GCPSMAuthSecretRef `json:"secretRef,omitempty"`
	// +optional
	WorkloadIdentity *GCPWorkloadIdentity `json:"workloadIdentity,omitempty"`
}

func (*GCPSMAuth) DeepCopy

func (in *GCPSMAuth) DeepCopy() *GCPSMAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPSMAuth.

func (*GCPSMAuth) DeepCopyInto

func (in *GCPSMAuth) DeepCopyInto(out *GCPSMAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GCPSMAuthSecretRef

type GCPSMAuthSecretRef struct {
	// The SecretAccessKey is used for authentication
	// +optional
	SecretAccessKey esmeta.SecretKeySelector `json:"secretAccessKeySecretRef,omitempty"`
}

func (*GCPSMAuthSecretRef) DeepCopy

func (in *GCPSMAuthSecretRef) DeepCopy() *GCPSMAuthSecretRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPSMAuthSecretRef.

func (*GCPSMAuthSecretRef) DeepCopyInto

func (in *GCPSMAuthSecretRef) DeepCopyInto(out *GCPSMAuthSecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GCPSMProvider

type GCPSMProvider struct {
	// Auth defines the information necessary to authenticate against GCP
	// +optional
	Auth GCPSMAuth `json:"auth,omitempty"`

	// ProjectID project where secret is located
	ProjectID string `json:"projectID,omitempty"`

	// Location optionally defines a location for a secret
	Location string `json:"location,omitempty"`
}

GCPSMProvider Configures a store to sync secrets using the GCP Secret Manager provider.

func (*GCPSMProvider) DeepCopy

func (in *GCPSMProvider) DeepCopy() *GCPSMProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPSMProvider.

func (*GCPSMProvider) DeepCopyInto

func (in *GCPSMProvider) DeepCopyInto(out *GCPSMProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GCPWorkloadIdentity

type GCPWorkloadIdentity struct {
	ServiceAccountRef esmeta.ServiceAccountSelector `json:"serviceAccountRef"`
	ClusterLocation   string                        `json:"clusterLocation"`
	ClusterName       string                        `json:"clusterName"`
	ClusterProjectID  string                        `json:"clusterProjectID,omitempty"`
}

func (*GCPWorkloadIdentity) DeepCopy

func (in *GCPWorkloadIdentity) DeepCopy() *GCPWorkloadIdentity

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPWorkloadIdentity.

func (*GCPWorkloadIdentity) DeepCopyInto

func (in *GCPWorkloadIdentity) DeepCopyInto(out *GCPWorkloadIdentity)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GeneratorRef added in v0.7.0

type GeneratorRef struct {
	// Specify the apiVersion of the generator resource
	// +kubebuilder:default="generators.external-secrets.io/v1alpha1"
	APIVersion string `json:"apiVersion,omitempty"`
	// Specify the Kind of the resource, e.g. Password, ACRAccessToken etc.
	Kind string `json:"kind"`
	// Specify the name of the generator resource
	Name string `json:"name"`
}

GeneratorRef points to a generator custom resource.

func (*GeneratorRef) DeepCopy added in v0.7.0

func (in *GeneratorRef) DeepCopy() *GeneratorRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GeneratorRef.

func (*GeneratorRef) DeepCopyInto added in v0.7.0

func (in *GeneratorRef) DeepCopyInto(out *GeneratorRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GenericStore

type GenericStore interface {
	runtime.Object
	metav1.Object

	GetObjectMeta() *metav1.ObjectMeta
	GetTypeMeta() *metav1.TypeMeta
	GetKind() string

	GetSpec() *SecretStoreSpec
	GetNamespacedName() string
	GetStatus() SecretStoreStatus
	SetStatus(status SecretStoreStatus)
	Copy() GenericStore
}

GenericStore is a common interface for interacting with ClusterSecretStore or a namespaced SecretStore.

type GenericStoreValidator

type GenericStoreValidator struct{}

func (*GenericStoreValidator) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GenericStoreValidator.

func (*GenericStoreValidator) DeepCopyInto

func (in *GenericStoreValidator) DeepCopyInto(out *GenericStoreValidator)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GenericStoreValidator) ValidateCreate

ValidateCreate implements webhook.Validator so a webhook will be registered for the type.

func (*GenericStoreValidator) ValidateDelete

ValidateDelete implements webhook.Validator so a webhook will be registered for the type.

func (*GenericStoreValidator) ValidateUpdate

func (r *GenericStoreValidator) ValidateUpdate(_ context.Context, _, newObj runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type.

type GitlabAuth

type GitlabAuth struct {
	SecretRef GitlabSecretRef `json:"SecretRef"`
}

func (*GitlabAuth) DeepCopy

func (in *GitlabAuth) DeepCopy() *GitlabAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitlabAuth.

func (*GitlabAuth) DeepCopyInto

func (in *GitlabAuth) DeepCopyInto(out *GitlabAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GitlabProvider

type GitlabProvider struct {
	// URL configures the GitLab instance URL. Defaults to https://gitlab.com/.
	URL string `json:"url,omitempty"`

	// Auth configures how secret-manager authenticates with a GitLab instance.
	Auth GitlabAuth `json:"auth"`

	// ProjectID specifies a project where secrets are located.
	ProjectID string `json:"projectID,omitempty"`

	// InheritFromGroups specifies whether parent groups should be discovered and checked for secrets.
	InheritFromGroups bool `json:"inheritFromGroups,omitempty"`

	// GroupIDs specify, which gitlab groups to pull secrets from. Group secrets are read from left to right followed by the project variables.
	GroupIDs []string `json:"groupIDs,omitempty"`

	// Environment environment_scope of gitlab CI/CD variables (Please see https://docs.gitlab.com/ee/ci/environments/#create-a-static-environment on how to create environments)
	Environment string `json:"environment,omitempty"`
}

Configures a store to sync secrets with a GitLab instance.

func (*GitlabProvider) DeepCopy

func (in *GitlabProvider) DeepCopy() *GitlabProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitlabProvider.

func (*GitlabProvider) DeepCopyInto

func (in *GitlabProvider) DeepCopyInto(out *GitlabProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GitlabSecretRef

type GitlabSecretRef struct {
	// AccessToken is used for authentication.
	AccessToken esmeta.SecretKeySelector `json:"accessToken,omitempty"`
}

func (*GitlabSecretRef) DeepCopy

func (in *GitlabSecretRef) DeepCopy() *GitlabSecretRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitlabSecretRef.

func (*GitlabSecretRef) DeepCopyInto

func (in *GitlabSecretRef) DeepCopyInto(out *GitlabSecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IBMAuth

type IBMAuth struct {
	SecretRef     *IBMAuthSecretRef     `json:"secretRef,omitempty"`
	ContainerAuth *IBMAuthContainerAuth `json:"containerAuth,omitempty"`
}

+kubebuilder:validation:MinProperties=1 +kubebuilder:validation:MaxProperties=1

func (*IBMAuth) DeepCopy

func (in *IBMAuth) DeepCopy() *IBMAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMAuth.

func (*IBMAuth) DeepCopyInto

func (in *IBMAuth) DeepCopyInto(out *IBMAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IBMAuthContainerAuth added in v0.5.9

type IBMAuthContainerAuth struct {
	// the IBM Trusted Profile
	Profile string `json:"profile"`

	// Location the token is mounted on the pod
	TokenLocation string `json:"tokenLocation,omitempty"`

	IAMEndpoint string `json:"iamEndpoint,omitempty"`
}

IBM Container-based auth with IAM Trusted Profile.

func (*IBMAuthContainerAuth) DeepCopy added in v0.5.9

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMAuthContainerAuth.

func (*IBMAuthContainerAuth) DeepCopyInto added in v0.5.9

func (in *IBMAuthContainerAuth) DeepCopyInto(out *IBMAuthContainerAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IBMAuthSecretRef

type IBMAuthSecretRef struct {
	// The SecretAccessKey is used for authentication
	SecretAPIKey esmeta.SecretKeySelector `json:"secretApiKeySecretRef,omitempty"`
}

func (*IBMAuthSecretRef) DeepCopy

func (in *IBMAuthSecretRef) DeepCopy() *IBMAuthSecretRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMAuthSecretRef.

func (*IBMAuthSecretRef) DeepCopyInto

func (in *IBMAuthSecretRef) DeepCopyInto(out *IBMAuthSecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IBMProvider

type IBMProvider struct {
	// Auth configures how secret-manager authenticates with the IBM secrets manager.
	Auth IBMAuth `json:"auth"`

	// ServiceURL is the Endpoint URL that is specific to the Secrets Manager service instance
	ServiceURL *string `json:"serviceUrl,omitempty"`
}

Configures an store to sync secrets using a IBM Cloud Secrets Manager backend.

func (*IBMProvider) DeepCopy

func (in *IBMProvider) DeepCopy() *IBMProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMProvider.

func (*IBMProvider) DeepCopyInto

func (in *IBMProvider) DeepCopyInto(out *IBMProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type InfisicalAuth added in v0.9.20

type InfisicalAuth struct {
	// +optional
	UniversalAuthCredentials *UniversalAuthCredentials `json:"universalAuthCredentials,omitempty"`
}

func (*InfisicalAuth) DeepCopy added in v0.9.20

func (in *InfisicalAuth) DeepCopy() *InfisicalAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InfisicalAuth.

func (*InfisicalAuth) DeepCopyInto added in v0.9.20

func (in *InfisicalAuth) DeepCopyInto(out *InfisicalAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type InfisicalProvider added in v0.9.20

type InfisicalProvider struct {
	// Auth configures how the Operator authenticates with the Infisical API
	// +kubebuilder:validation:Required
	Auth InfisicalAuth `json:"auth"`
	// +kubebuilder:validation:Required
	SecretsScope MachineIdentityScopeInWorkspace `json:"secretsScope"`
	// +kubebuilder:default="https://app.infisical.com/api"
	// +optional
	HostAPI string `json:"hostAPI,omitempty"`
}

InfisicalProvider configures a store to sync secrets using the Infisical provider.

func (*InfisicalProvider) DeepCopy added in v0.9.20

func (in *InfisicalProvider) DeepCopy() *InfisicalProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InfisicalProvider.

func (*InfisicalProvider) DeepCopyInto added in v0.9.20

func (in *InfisicalProvider) DeepCopyInto(out *InfisicalProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KeeperSecurityProvider added in v0.7.3

type KeeperSecurityProvider struct {
	Auth     smmeta.SecretKeySelector `json:"authRef"`
	FolderID string                   `json:"folderID"`
}

KeeperSecurityProvider Configures a store to sync secrets using Keeper Security.

func (*KeeperSecurityProvider) DeepCopy added in v0.7.3

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeeperSecurityProvider.

func (*KeeperSecurityProvider) DeepCopyInto added in v0.7.3

func (in *KeeperSecurityProvider) DeepCopyInto(out *KeeperSecurityProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesAuth

type KubernetesAuth struct {
	// has both clientCert and clientKey as secretKeySelector
	// +optional
	Cert *CertAuth `json:"cert,omitempty"`

	// use static token to authenticate with
	// +optional
	Token *TokenAuth `json:"token,omitempty"`

	// points to a service account that should be used for authentication
	// +optional
	ServiceAccount *esmeta.ServiceAccountSelector `json:"serviceAccount,omitempty"`
}

+kubebuilder:validation:MinProperties=1 +kubebuilder:validation:MaxProperties=1

func (*KubernetesAuth) DeepCopy

func (in *KubernetesAuth) DeepCopy() *KubernetesAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesAuth.

func (*KubernetesAuth) DeepCopyInto

func (in *KubernetesAuth) DeepCopyInto(out *KubernetesAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesProvider

type KubernetesProvider struct {
	// configures the Kubernetes server Address.
	// +optional
	Server KubernetesServer `json:"server,omitempty"`

	// Auth configures how secret-manager authenticates with a Kubernetes instance.
	// +optional
	Auth KubernetesAuth `json:"auth"`

	// A reference to a secret that contains the auth information.
	// +optional
	AuthRef *esmeta.SecretKeySelector `json:"authRef,omitempty"`

	// Remote namespace to fetch the secrets from
	// +kubebuilder:default= default
	// +optional
	RemoteNamespace string `json:"remoteNamespace,omitempty"`
}

Configures a store to sync secrets with a Kubernetes instance.

func (*KubernetesProvider) DeepCopy

func (in *KubernetesProvider) DeepCopy() *KubernetesProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesProvider.

func (*KubernetesProvider) DeepCopyInto

func (in *KubernetesProvider) DeepCopyInto(out *KubernetesProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesServer

type KubernetesServer struct {

	// configures the Kubernetes server Address.
	// +kubebuilder:default=kubernetes.default
	// +optional
	URL string `json:"url,omitempty"`

	// CABundle is a base64-encoded CA certificate
	// +optional
	CABundle []byte `json:"caBundle,omitempty"`

	// see: https://external-secrets.io/v0.4.1/spec/#external-secrets.io/v1alpha1.CAProvider
	// +optional
	CAProvider *CAProvider `json:"caProvider,omitempty"`
}

func (*KubernetesServer) DeepCopy

func (in *KubernetesServer) DeepCopy() *KubernetesServer

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesServer.

func (*KubernetesServer) DeepCopyInto

func (in *KubernetesServer) DeepCopyInto(out *KubernetesServer)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type MachineIdentityScopeInWorkspace added in v0.9.20

type MachineIdentityScopeInWorkspace struct {
	// +kubebuilder:default="/"
	// +optional
	SecretsPath string `json:"secretsPath,omitempty"`
	// +kubebuilder:validation:Required
	EnvironmentSlug string `json:"environmentSlug"`
	// +kubebuilder:validation:Required
	ProjectSlug string `json:"projectSlug"`
}

func (*MachineIdentityScopeInWorkspace) DeepCopy added in v0.9.20

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MachineIdentityScopeInWorkspace.

func (*MachineIdentityScopeInWorkspace) DeepCopyInto added in v0.9.20

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NoSecretError

type NoSecretError struct{}

NoSecretError shall be returned when a GetSecret can not find the desired secret. This is used for deletionPolicy.

func (*NoSecretError) DeepCopy

func (in *NoSecretError) DeepCopy() *NoSecretError

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NoSecretError.

func (*NoSecretError) DeepCopyInto

func (in *NoSecretError) DeepCopyInto(out *NoSecretError)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (NoSecretError) Error

func (NoSecretError) Error() string

type OnboardbaseAuthSecretRef added in v0.9.14

type OnboardbaseAuthSecretRef struct {
	// OnboardbaseAPIKey is the APIKey generated by an admin account.
	// It is used to recognize and authorize access to a project and environment within onboardbase
	// +kubebuilder:validation:Required
	OnboardbaseAPIKeyRef esmeta.SecretKeySelector `json:"apiKeyRef"`
	// OnboardbasePasscode is the passcode attached to the API Key
	// +kubebuilder:validation:Required
	OnboardbasePasscodeRef esmeta.SecretKeySelector `json:"passcodeRef"`
}

OnboardbaseAuthSecretRef holds secret references for onboardbase API Key credentials.

func (*OnboardbaseAuthSecretRef) DeepCopy added in v0.9.14

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OnboardbaseAuthSecretRef.

func (*OnboardbaseAuthSecretRef) DeepCopyInto added in v0.9.14

func (in *OnboardbaseAuthSecretRef) DeepCopyInto(out *OnboardbaseAuthSecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OnboardbaseProvider added in v0.9.14

type OnboardbaseProvider struct {
	// Auth configures how the Operator authenticates with the Onboardbase API
	Auth *OnboardbaseAuthSecretRef `json:"auth"`

	// APIHost use this to configure the host url for the API for selfhosted installation, default is https://public.onboardbase.com/api/v1/
	// +kubebuilder:default:="https://public.onboardbase.com/api/v1/"
	APIHost string `json:"apiHost"`

	// Project is an onboardbase project that the secrets should be pulled from
	// +kubebuilder:validation:Required
	// +kubebuilder:default:="development"
	Project string `json:"project"`
	// Environment is the name of an environmnent within a project to pull the secrets from
	// +kubebuilder:validation:Required
	// +kubebuilder:default:="development"
	Environment string `json:"environment"`
}

OnboardbaseProvider configures a store to sync secrets using the Onboardbase provider. Project and Config are required if not using a Service Token.

func (*OnboardbaseProvider) DeepCopy added in v0.9.14

func (in *OnboardbaseProvider) DeepCopy() *OnboardbaseProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OnboardbaseProvider.

func (*OnboardbaseProvider) DeepCopyInto added in v0.9.14

func (in *OnboardbaseProvider) DeepCopyInto(out *OnboardbaseProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OnePasswordAuth added in v0.5.3

type OnePasswordAuth struct {
	SecretRef *OnePasswordAuthSecretRef `json:"secretRef"`
}

OnePasswordAuth contains a secretRef for credentials.

func (*OnePasswordAuth) DeepCopy added in v0.5.3

func (in *OnePasswordAuth) DeepCopy() *OnePasswordAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OnePasswordAuth.

func (*OnePasswordAuth) DeepCopyInto added in v0.5.3

func (in *OnePasswordAuth) DeepCopyInto(out *OnePasswordAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OnePasswordAuthSecretRef added in v0.5.3

type OnePasswordAuthSecretRef struct {
	// The ConnectToken is used for authentication to a 1Password Connect Server.
	ConnectToken esmeta.SecretKeySelector `json:"connectTokenSecretRef"`
}

OnePasswordAuthSecretRef holds secret references for 1Password credentials.

func (*OnePasswordAuthSecretRef) DeepCopy added in v0.5.3

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OnePasswordAuthSecretRef.

func (*OnePasswordAuthSecretRef) DeepCopyInto added in v0.5.3

func (in *OnePasswordAuthSecretRef) DeepCopyInto(out *OnePasswordAuthSecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OnePasswordProvider added in v0.5.3

type OnePasswordProvider struct {
	// Auth defines the information necessary to authenticate against OnePassword Connect Server
	Auth *OnePasswordAuth `json:"auth"`
	// ConnectHost defines the OnePassword Connect Server to connect to
	ConnectHost string `json:"connectHost"`
	// Vaults defines which OnePassword vaults to search in which order
	Vaults map[string]int `json:"vaults"`
}

OnePasswordProvider configures a store to sync secrets using the 1Password Secret Manager provider.

func (*OnePasswordProvider) DeepCopy added in v0.5.3

func (in *OnePasswordProvider) DeepCopy() *OnePasswordProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OnePasswordProvider.

func (*OnePasswordProvider) DeepCopyInto added in v0.5.3

func (in *OnePasswordProvider) DeepCopyInto(out *OnePasswordProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OracleAuth

type OracleAuth struct {

	// Tenancy is the tenancy OCID where user is located.
	Tenancy string `json:"tenancy"`

	// User is an access OCID specific to the account.
	User string `json:"user"`

	// SecretRef to pass through sensitive information.
	SecretRef OracleSecretRef `json:"secretRef"`
}

func (*OracleAuth) DeepCopy

func (in *OracleAuth) DeepCopy() *OracleAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OracleAuth.

func (*OracleAuth) DeepCopyInto

func (in *OracleAuth) DeepCopyInto(out *OracleAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OraclePrincipalType added in v0.9.8

type OraclePrincipalType string

+kubebuilder:validation:Enum="";UserPrincipal;InstancePrincipal;Workload

const (
	// UserPrincipal represents a user principal.
	UserPrincipal OraclePrincipalType = "UserPrincipal"
	// InstancePrincipal represents a instance principal.
	InstancePrincipal OraclePrincipalType = "InstancePrincipal"
	// WorkloadPrincipal represents a workload principal.
	WorkloadPrincipal OraclePrincipalType = "Workload"
)

type OracleProvider

type OracleProvider struct {
	// Region is the region where vault is located.
	Region string `json:"region"`

	// Vault is the vault's OCID of the specific vault where secret is located.
	Vault string `json:"vault"`

	// Compartment is the vault compartment OCID.
	// Required for PushSecret
	// +optional
	Compartment string `json:"compartment,omitempty"`

	// EncryptionKey is the OCID of the encryption key within the vault.
	// Required for PushSecret
	// +optional
	EncryptionKey string `json:"encryptionKey,omitempty"`

	// The type of principal to use for authentication. If left blank, the Auth struct will
	// determine the principal type. This optional field must be specified if using
	// workload identity.
	// +optional
	PrincipalType OraclePrincipalType `json:"principalType,omitempty"`

	// Auth configures how secret-manager authenticates with the Oracle Vault.
	// If empty, use the instance principal, otherwise the user credentials specified in Auth.
	// +optional
	Auth *OracleAuth `json:"auth,omitempty"`

	// ServiceAccountRef specified the service account
	// that should be used when authenticating with WorkloadIdentity.
	// +optional
	ServiceAccountRef *esmeta.ServiceAccountSelector `json:"serviceAccountRef,omitempty"`
}

Configures an store to sync secrets using a Oracle Vault backend.

func (*OracleProvider) DeepCopy

func (in *OracleProvider) DeepCopy() *OracleProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OracleProvider.

func (*OracleProvider) DeepCopyInto

func (in *OracleProvider) DeepCopyInto(out *OracleProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OracleSecretRef

type OracleSecretRef struct {
	// PrivateKey is the user's API Signing Key in PEM format, used for authentication.
	PrivateKey esmeta.SecretKeySelector `json:"privatekey"`

	// Fingerprint is the fingerprint of the API private key.
	Fingerprint esmeta.SecretKeySelector `json:"fingerprint"`
}

func (*OracleSecretRef) DeepCopy

func (in *OracleSecretRef) DeepCopy() *OracleSecretRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OracleSecretRef.

func (*OracleSecretRef) DeepCopyInto

func (in *OracleSecretRef) DeepCopyInto(out *OracleSecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PassboltAuth added in v0.9.16

type PassboltAuth struct {
	PasswordSecretRef   *esmeta.SecretKeySelector `json:"passwordSecretRef"`
	PrivateKeySecretRef *esmeta.SecretKeySelector `json:"privateKeySecretRef"`
}

Passbolt contains a secretRef for the passbolt credentials.

func (*PassboltAuth) DeepCopy added in v0.9.16

func (in *PassboltAuth) DeepCopy() *PassboltAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PassboltAuth.

func (*PassboltAuth) DeepCopyInto added in v0.9.16

func (in *PassboltAuth) DeepCopyInto(out *PassboltAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PassboltProvider added in v0.9.16

type PassboltProvider struct {
	// Auth defines the information necessary to authenticate against Passbolt Server
	Auth *PassboltAuth `json:"auth"`
	// Host defines the Passbolt Server to connect to
	Host string `json:"host"`
}

func (*PassboltProvider) DeepCopy added in v0.9.16

func (in *PassboltProvider) DeepCopy() *PassboltProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PassboltProvider.

func (*PassboltProvider) DeepCopyInto added in v0.9.16

func (in *PassboltProvider) DeepCopyInto(out *PassboltProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PasswordDepotAuth added in v0.9.14

type PasswordDepotAuth struct {
	SecretRef PasswordDepotSecretRef `json:"secretRef"`
}

func (*PasswordDepotAuth) DeepCopy added in v0.9.14

func (in *PasswordDepotAuth) DeepCopy() *PasswordDepotAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PasswordDepotAuth.

func (*PasswordDepotAuth) DeepCopyInto added in v0.9.14

func (in *PasswordDepotAuth) DeepCopyInto(out *PasswordDepotAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PasswordDepotProvider added in v0.9.14

type PasswordDepotProvider struct {
	// URL configures the Password Depot instance URL.
	Host string `json:"host"`

	// Database to use as source
	Database string `json:"database"`

	// Auth configures how secret-manager authenticates with a Password Depot instance.
	Auth PasswordDepotAuth `json:"auth"`
}

Configures a store to sync secrets with a Password Depot instance.

func (*PasswordDepotProvider) DeepCopy added in v0.9.14

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PasswordDepotProvider.

func (*PasswordDepotProvider) DeepCopyInto added in v0.9.14

func (in *PasswordDepotProvider) DeepCopyInto(out *PasswordDepotProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PasswordDepotSecretRef added in v0.9.14

type PasswordDepotSecretRef struct {
	// Username / Password is used for authentication.
	// +optional
	Credentials esmeta.SecretKeySelector `json:"credentials,omitempty"`
}

func (*PasswordDepotSecretRef) DeepCopy added in v0.9.14

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PasswordDepotSecretRef.

func (*PasswordDepotSecretRef) DeepCopyInto added in v0.9.14

func (in *PasswordDepotSecretRef) DeepCopyInto(out *PasswordDepotSecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Provider

type Provider interface {
	// NewClient constructs a SecretsManager Provider
	NewClient(ctx context.Context, store GenericStore, kube client.Client, namespace string) (SecretsClient, error)

	// ValidateStore checks if the provided store is valid
	// The provider may return a warning and an error.
	// The intended use of the warning to indicate a deprecation of behavior
	// or other type of message that is NOT a validation failure but should be noticed by the user.
	ValidateStore(store GenericStore) (admission.Warnings, error)

	// Capabilities returns the provider Capabilities (Read, Write, ReadWrite)
	Capabilities() SecretStoreCapabilities
}

Provider is a common interface for interacting with secret backends.

func GetProvider

func GetProvider(s GenericStore) (Provider, error)

GetProvider returns the provider from the generic store.

func GetProviderByName

func GetProviderByName(name string) (Provider, bool)

GetProviderByName returns the provider implementation by name.

type PulumiProvider added in v0.9.13

type PulumiProvider struct {
	// APIURL is the URL of the Pulumi API.
	// +kubebuilder:default="https://api.pulumi.com"
	APIURL string `json:"apiUrl,omitempty"`

	// AccessToken is the access tokens to sign in to the Pulumi Cloud Console.
	AccessToken *PulumiProviderSecretRef `json:"accessToken"`

	// Organization are a space to collaborate on shared projects and stacks.
	// To create a new organization, visit https://app.pulumi.com/ and click "New Organization".
	Organization string `json:"organization"`

	// Environment are YAML documents composed of static key-value pairs, programmatic expressions,
	// dynamically retrieved values from supported providers including all major clouds,
	// and other Pulumi ESC environments.
	// To create a new environment, visit https://www.pulumi.com/docs/esc/environments/ for more information.
	Environment string `json:"environment"`
}

func (*PulumiProvider) DeepCopy added in v0.9.13

func (in *PulumiProvider) DeepCopy() *PulumiProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PulumiProvider.

func (*PulumiProvider) DeepCopyInto added in v0.9.13

func (in *PulumiProvider) DeepCopyInto(out *PulumiProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PulumiProviderSecretRef added in v0.9.13

type PulumiProviderSecretRef struct {
	// SecretRef is a reference to a secret containing the Pulumi API token.
	SecretRef *esmeta.SecretKeySelector `json:"secretRef,omitempty"`
}

func (*PulumiProviderSecretRef) DeepCopy added in v0.9.13

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PulumiProviderSecretRef.

func (*PulumiProviderSecretRef) DeepCopyInto added in v0.9.13

func (in *PulumiProviderSecretRef) DeepCopyInto(out *PulumiProviderSecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PushSecretData added in v0.9.9

type PushSecretData interface {
	GetMetadata() *apiextensionsv1.JSON
	GetSecretKey() string
	GetRemoteKey() string
	GetProperty() string
}

PushSecretData is an interface to allow using v1alpha1.PushSecretData content in Provider registered in v1beta1.

type PushSecretRemoteRef added in v0.9.9

type PushSecretRemoteRef interface {
	GetRemoteKey() string
	GetProperty() string
}

PushSecretRemoteRef is an interface to allow using v1alpha1.PushSecretRemoteRef in Provider registered in v1beta1.

type ScalewayProvider added in v0.7.3

type ScalewayProvider struct {

	// APIURL is the url of the api to use. Defaults to https://api.scaleway.com
	// +optional
	APIURL string `json:"apiUrl,omitempty"`

	// Region where your secrets are located: https://developers.scaleway.com/en/quickstart/#region-and-zone
	Region string `json:"region"`

	// ProjectID is the id of your project, which you can find in the console: https://console.scaleway.com/project/settings
	ProjectID string `json:"projectId"`

	// AccessKey is the non-secret part of the api key.
	AccessKey *ScalewayProviderSecretRef `json:"accessKey"`

	// SecretKey is the non-secret part of the api key.
	SecretKey *ScalewayProviderSecretRef `json:"secretKey"`
}

func (*ScalewayProvider) DeepCopy added in v0.7.3

func (in *ScalewayProvider) DeepCopy() *ScalewayProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScalewayProvider.

func (*ScalewayProvider) DeepCopyInto added in v0.7.3

func (in *ScalewayProvider) DeepCopyInto(out *ScalewayProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ScalewayProviderSecretRef added in v0.7.3

type ScalewayProviderSecretRef struct {

	// Value can be specified directly to set a value without using a secret.
	// +optional
	Value string `json:"value,omitempty"`

	// SecretRef references a key in a secret that will be used as value.
	// +optional
	SecretRef *esmeta.SecretKeySelector `json:"secretRef,omitempty"`
}

func (*ScalewayProviderSecretRef) DeepCopy added in v0.7.3

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScalewayProviderSecretRef.

func (*ScalewayProviderSecretRef) DeepCopyInto added in v0.7.3

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretStore

type SecretStore struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   SecretStoreSpec   `json:"spec,omitempty"`
	Status SecretStoreStatus `json:"status,omitempty"`
}

SecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields. +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].reason` +kubebuilder:printcolumn:name="Capabilities",type=string,JSONPath=`.status.capabilities` +kubebuilder:printcolumn:name="Ready",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].status` +kubebuilder:subresource:status +kubebuilder:metadata:labels="external-secrets.io/component=controller" +kubebuilder:resource:scope=Namespaced,categories={externalsecrets},shortName=ss

func (*SecretStore) Copy

func (c *SecretStore) Copy() GenericStore

func (*SecretStore) DeepCopy

func (in *SecretStore) DeepCopy() *SecretStore

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStore.

func (*SecretStore) DeepCopyInto

func (in *SecretStore) DeepCopyInto(out *SecretStore)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SecretStore) DeepCopyObject

func (in *SecretStore) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*SecretStore) GetKind added in v0.6.1

func (c *SecretStore) GetKind() string

func (*SecretStore) GetNamespacedName

func (c *SecretStore) GetNamespacedName() string

func (*SecretStore) GetObjectMeta

func (c *SecretStore) GetObjectMeta() *metav1.ObjectMeta

func (*SecretStore) GetSpec

func (c *SecretStore) GetSpec() *SecretStoreSpec

func (*SecretStore) GetStatus

func (c *SecretStore) GetStatus() SecretStoreStatus

func (*SecretStore) GetTypeMeta

func (c *SecretStore) GetTypeMeta() *metav1.TypeMeta

func (*SecretStore) Hub

func (*SecretStore) Hub()

func (*SecretStore) SetStatus

func (c *SecretStore) SetStatus(status SecretStoreStatus)

func (*SecretStore) SetupWebhookWithManager

func (c *SecretStore) SetupWebhookWithManager(mgr ctrl.Manager) error

type SecretStoreCapabilities added in v0.7.0

type SecretStoreCapabilities string

SecretStoreCapabilities defines the possible operations a SecretStore can do.

const (
	SecretStoreReadOnly  SecretStoreCapabilities = "ReadOnly"
	SecretStoreWriteOnly SecretStoreCapabilities = "WriteOnly"
	SecretStoreReadWrite SecretStoreCapabilities = "ReadWrite"
)

type SecretStoreConditionType

type SecretStoreConditionType string

type SecretStoreList

type SecretStoreList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []SecretStore `json:"items"`
}

SecretStoreList contains a list of SecretStore resources.

func (*SecretStoreList) DeepCopy

func (in *SecretStoreList) DeepCopy() *SecretStoreList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreList.

func (*SecretStoreList) DeepCopyInto

func (in *SecretStoreList) DeepCopyInto(out *SecretStoreList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SecretStoreList) DeepCopyObject

func (in *SecretStoreList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type SecretStoreProvider

type SecretStoreProvider struct {
	// AWS configures this store to sync secrets using AWS Secret Manager provider
	// +optional
	AWS *AWSProvider `json:"aws,omitempty"`

	// AzureKV configures this store to sync secrets using Azure Key Vault provider
	// +optional
	AzureKV *AzureKVProvider `json:"azurekv,omitempty"`

	// Akeyless configures this store to sync secrets using Akeyless Vault provider
	// +optional
	Akeyless *AkeylessProvider `json:"akeyless,omitempty"`

	// BitwardenSecretsManager configures this store to sync secrets using BitwardenSecretsManager provider
	// +optional
	BitwardenSecretsManager *BitwardenSecretsManagerProvider `json:"bitwardensecretsmanager,omitempty"`

	// Vault configures this store to sync secrets using Hashi provider
	// +optional
	Vault *VaultProvider `json:"vault,omitempty"`

	// GCPSM configures this store to sync secrets using Google Cloud Platform Secret Manager provider
	// +optional
	GCPSM *GCPSMProvider `json:"gcpsm,omitempty"`

	// Oracle configures this store to sync secrets using Oracle Vault provider
	// +optional
	Oracle *OracleProvider `json:"oracle,omitempty"`

	// IBM configures this store to sync secrets using IBM Cloud provider
	// +optional
	IBM *IBMProvider `json:"ibm,omitempty"`

	// YandexCertificateManager configures this store to sync secrets using Yandex Certificate Manager provider
	// +optional
	YandexCertificateManager *YandexCertificateManagerProvider `json:"yandexcertificatemanager,omitempty"`

	// YandexLockbox configures this store to sync secrets using Yandex Lockbox provider
	// +optional
	YandexLockbox *YandexLockboxProvider `json:"yandexlockbox,omitempty"`

	// GitLab configures this store to sync secrets using GitLab Variables provider
	// +optional
	Gitlab *GitlabProvider `json:"gitlab,omitempty"`

	// Alibaba configures this store to sync secrets using Alibaba Cloud provider
	// +optional
	Alibaba *AlibabaProvider `json:"alibaba,omitempty"`

	// OnePassword configures this store to sync secrets using the 1Password Cloud provider
	// +optional
	OnePassword *OnePasswordProvider `json:"onepassword,omitempty"`

	// Webhook configures this store to sync secrets using a generic templated webhook
	// +optional
	Webhook *WebhookProvider `json:"webhook,omitempty"`

	// Kubernetes configures this store to sync secrets using a Kubernetes cluster provider
	// +optional
	Kubernetes *KubernetesProvider `json:"kubernetes,omitempty"`

	// Fake configures a store with static key/value pairs
	// +optional
	Fake *FakeProvider `json:"fake,omitempty"`

	// Senhasegura configures this store to sync secrets using senhasegura provider
	// +optional
	Senhasegura *SenhaseguraProvider `json:"senhasegura,omitempty"`

	// Scaleway
	// +optional
	Scaleway *ScalewayProvider `json:"scaleway,omitempty"`

	// Doppler configures this store to sync secrets using the Doppler provider
	// +optional
	Doppler *DopplerProvider `json:"doppler,omitempty"`

	// Onboardbase configures this store to sync secrets using the Onboardbase provider
	// +optional
	Onboardbase *OnboardbaseProvider `json:"onboardbase,omitempty"`

	// KeeperSecurity configures this store to sync secrets using the KeeperSecurity provider
	// +optional
	KeeperSecurity *KeeperSecurityProvider `json:"keepersecurity,omitempty"`

	// Conjur configures this store to sync secrets using conjur provider
	// +optional
	Conjur *ConjurProvider `json:"conjur,omitempty"`

	// Delinea DevOps Secrets Vault
	// https://docs.delinea.com/online-help/products/devops-secrets-vault/current
	// +optional
	Delinea *DelineaProvider `json:"delinea,omitempty"`

	// Chef configures this store to sync secrets with chef server
	// +optional
	Chef *ChefProvider `json:"chef,omitempty"`

	// Pulumi configures this store to sync secrets using the Pulumi provider
	// +optional
	Pulumi *PulumiProvider `json:"pulumi,omitempty"`

	// Fortanix configures this store to sync secrets using the Fortanix provider
	// +optional
	Fortanix *FortanixProvider `json:"fortanix,omitempty"`

	// +optional
	PasswordDepot *PasswordDepotProvider `json:"passworddepot,omitempty"`

	// +optional
	Passbolt *PassboltProvider `json:"passbolt,omitempty"`

	// Device42 configures this store to sync secrets using the Device42 provider
	// +optional
	Device42 *Device42Provider `json:"device42,omitempty"`

	// Infisical configures this store to sync secrets using the Infisical provider
	// +optional
	Infisical *InfisicalProvider `json:"infisical,omitempty"`
}

SecretStoreProvider contains the provider-specific configuration. +kubebuilder:validation:MinProperties=1 +kubebuilder:validation:MaxProperties=1

func (*SecretStoreProvider) DeepCopy

func (in *SecretStoreProvider) DeepCopy() *SecretStoreProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreProvider.

func (*SecretStoreProvider) DeepCopyInto

func (in *SecretStoreProvider) DeepCopyInto(out *SecretStoreProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretStoreRef

type SecretStoreRef struct {
	// Name of the SecretStore resource
	Name string `json:"name"`

	// Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
	// Defaults to `SecretStore`
	// +optional
	Kind string `json:"kind,omitempty"`
}

SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.

func (*SecretStoreRef) DeepCopy

func (in *SecretStoreRef) DeepCopy() *SecretStoreRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreRef.

func (*SecretStoreRef) DeepCopyInto

func (in *SecretStoreRef) DeepCopyInto(out *SecretStoreRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretStoreRetrySettings

type SecretStoreRetrySettings struct {
	MaxRetries    *int32  `json:"maxRetries,omitempty"`
	RetryInterval *string `json:"retryInterval,omitempty"`
}

func (*SecretStoreRetrySettings) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreRetrySettings.

func (*SecretStoreRetrySettings) DeepCopyInto

func (in *SecretStoreRetrySettings) DeepCopyInto(out *SecretStoreRetrySettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretStoreSpec

type SecretStoreSpec struct {
	// Used to select the correct ESO controller (think: ingress.ingressClassName)
	// The ESO controller is instantiated with a specific controller name and filters ES based on this property
	// +optional
	Controller string `json:"controller,omitempty"`

	// Used to configure the provider. Only one provider may be set
	Provider *SecretStoreProvider `json:"provider"`

	// Used to configure http retries if failed
	// +optional
	RetrySettings *SecretStoreRetrySettings `json:"retrySettings,omitempty"`

	// Used to configure store refresh interval in seconds. Empty or 0 will default to the controller config.
	// +optional
	RefreshInterval int `json:"refreshInterval,omitempty"`

	// Used to constraint a ClusterSecretStore to specific namespaces. Relevant only to ClusterSecretStore
	// +optional
	Conditions []ClusterSecretStoreCondition `json:"conditions,omitempty"`
}

SecretStoreSpec defines the desired state of SecretStore.

func (*SecretStoreSpec) DeepCopy

func (in *SecretStoreSpec) DeepCopy() *SecretStoreSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreSpec.

func (*SecretStoreSpec) DeepCopyInto

func (in *SecretStoreSpec) DeepCopyInto(out *SecretStoreSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretStoreStatus

type SecretStoreStatus struct {
	// +optional
	Conditions []SecretStoreStatusCondition `json:"conditions,omitempty"`
	// +optional
	Capabilities SecretStoreCapabilities `json:"capabilities,omitempty"`
}

SecretStoreStatus defines the observed state of the SecretStore.

func (*SecretStoreStatus) DeepCopy

func (in *SecretStoreStatus) DeepCopy() *SecretStoreStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreStatus.

func (*SecretStoreStatus) DeepCopyInto

func (in *SecretStoreStatus) DeepCopyInto(out *SecretStoreStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretStoreStatusCondition

type SecretStoreStatusCondition struct {
	Type   SecretStoreConditionType `json:"type"`
	Status corev1.ConditionStatus   `json:"status"`

	// +optional
	Reason string `json:"reason,omitempty"`

	// +optional
	Message string `json:"message,omitempty"`

	// +optional
	LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"`
}

func (*SecretStoreStatusCondition) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreStatusCondition.

func (*SecretStoreStatusCondition) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretsClient

type SecretsClient interface {
	// GetSecret returns a single secret from the provider
	// if GetSecret returns an error with type NoSecretError
	// then the secret entry will be deleted depending on the deletionPolicy.
	GetSecret(ctx context.Context, ref ExternalSecretDataRemoteRef) ([]byte, error)

	// PushSecret will write a single secret into the provider
	PushSecret(ctx context.Context, secret *corev1.Secret, data PushSecretData) error

	// DeleteSecret will delete the secret from a provider
	DeleteSecret(ctx context.Context, remoteRef PushSecretRemoteRef) error

	// SecretExists checks if a secret is already present in the provider at the given location.
	SecretExists(ctx context.Context, remoteRef PushSecretRemoteRef) (bool, error)

	// Validate checks if the client is configured correctly
	// and is able to retrieve secrets from the provider.
	// If the validation result is unknown it will be ignored.
	Validate() (ValidationResult, error)

	// GetSecretMap returns multiple k/v pairs from the provider
	GetSecretMap(ctx context.Context, ref ExternalSecretDataRemoteRef) (map[string][]byte, error)

	// GetAllSecrets returns multiple k/v pairs from the provider
	GetAllSecrets(ctx context.Context, ref ExternalSecretFind) (map[string][]byte, error)

	Close(ctx context.Context) error
}

SecretsClient provides access to secrets.

type SecretsManager added in v0.9.10

type SecretsManager struct {
	// Specifies whether to delete the secret without any recovery window. You
	// can't use both this parameter and RecoveryWindowInDays in the same call.
	// If you don't use either, then by default Secrets Manager uses a 30 day
	// recovery window.
	// see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-ForceDeleteWithoutRecovery
	// +optional
	ForceDeleteWithoutRecovery bool `json:"forceDeleteWithoutRecovery,omitempty"`
	// The number of days from 7 to 30 that Secrets Manager waits before
	// permanently deleting the secret. You can't use both this parameter and
	// ForceDeleteWithoutRecovery in the same call. If you don't use either,
	// then by default Secrets Manager uses a 30 day recovery window.
	// see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-RecoveryWindowInDays
	// +optional
	RecoveryWindowInDays int64 `json:"recoveryWindowInDays,omitempty"`
}

SecretsManager defines how the provider behaves when interacting with AWS SecretsManager. Some of these settings are only applicable to controlling how secrets are deleted, and hence only apply to PushSecret (and only when deletionPolicy is set to Delete).

func (*SecretsManager) DeepCopy added in v0.9.10

func (in *SecretsManager) DeepCopy() *SecretsManager

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretsManager.

func (*SecretsManager) DeepCopyInto added in v0.9.10

func (in *SecretsManager) DeepCopyInto(out *SecretsManager)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SenhaseguraAuth added in v0.5.3

type SenhaseguraAuth struct {
	ClientID     string                   `json:"clientId"`
	ClientSecret esmeta.SecretKeySelector `json:"clientSecretSecretRef"`
}

SenhaseguraAuth tells the controller how to do auth in senhasegura.

func (*SenhaseguraAuth) DeepCopy added in v0.5.3

func (in *SenhaseguraAuth) DeepCopy() *SenhaseguraAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SenhaseguraAuth.

func (*SenhaseguraAuth) DeepCopyInto added in v0.5.3

func (in *SenhaseguraAuth) DeepCopyInto(out *SenhaseguraAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SenhaseguraModuleType added in v0.5.3

type SenhaseguraModuleType string

SenhaseguraModuleType enum defines senhasegura target module to fetch secrets +kubebuilder:validation:Enum=DSM

const (
	/*
		SenhaseguraModuleDSM is the senhasegura DevOps Secrets Management module
		see: https://senhasegura.com/devops
	*/
	SenhaseguraModuleDSM SenhaseguraModuleType = "DSM"
)

type SenhaseguraProvider added in v0.5.3

type SenhaseguraProvider struct {
	/* URL of senhasegura */
	URL string `json:"url"`

	/* Module defines which senhasegura module should be used to get secrets */
	Module SenhaseguraModuleType `json:"module"`

	/* Auth defines parameters to authenticate in senhasegura */
	Auth SenhaseguraAuth `json:"auth"`

	// IgnoreSslCertificate defines if SSL certificate must be ignored
	// +kubebuilder:default=false
	IgnoreSslCertificate bool `json:"ignoreSslCertificate,omitempty"`
}

SenhaseguraProvider setup a store to sync secrets with senhasegura.

func (*SenhaseguraProvider) DeepCopy added in v0.5.3

func (in *SenhaseguraProvider) DeepCopy() *SenhaseguraProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SenhaseguraProvider.

func (*SenhaseguraProvider) DeepCopyInto added in v0.5.3

func (in *SenhaseguraProvider) DeepCopyInto(out *SenhaseguraProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type StoreGeneratorSourceRef added in v0.9.9

type StoreGeneratorSourceRef struct {
	// +optional
	SecretStoreRef *SecretStoreRef `json:"storeRef,omitempty"`

	// GeneratorRef points to a generator custom resource.
	// +optional
	GeneratorRef *GeneratorRef `json:"generatorRef,omitempty"`
}

StoreGeneratorSourceRef allows you to override the source from which the secret will be pulled from. You can define at maximum one property. +kubebuilder:validation:MaxProperties=1

func (*StoreGeneratorSourceRef) DeepCopy added in v0.9.9

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StoreGeneratorSourceRef.

func (*StoreGeneratorSourceRef) DeepCopyInto added in v0.9.9

func (in *StoreGeneratorSourceRef) DeepCopyInto(out *StoreGeneratorSourceRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type StoreSourceRef added in v0.9.9

type StoreSourceRef struct {
	// +optional
	SecretStoreRef SecretStoreRef `json:"storeRef,omitempty"`

	// GeneratorRef points to a generator custom resource.
	//
	// Deprecated: The generatorRef is not implemented in .data[].
	// this will be removed with v1.
	GeneratorRef *GeneratorRef `json:"generatorRef,omitempty"`
}

StoreSourceRef allows you to override the SecretStore source from which the secret will be pulled from. You can define at maximum one property. +kubebuilder:validation:MaxProperties=1

func (*StoreSourceRef) DeepCopy added in v0.9.9

func (in *StoreSourceRef) DeepCopy() *StoreSourceRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StoreSourceRef.

func (*StoreSourceRef) DeepCopyInto added in v0.9.9

func (in *StoreSourceRef) DeepCopyInto(out *StoreSourceRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Tag added in v0.8.4

type Tag struct {
	Key   string `json:"key"`
	Value string `json:"value"`
}

func (*Tag) DeepCopy added in v0.8.4

func (in *Tag) DeepCopy() *Tag

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Tag.

func (*Tag) DeepCopyInto added in v0.8.4

func (in *Tag) DeepCopyInto(out *Tag)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TemplateEngineVersion

type TemplateEngineVersion string

+kubebuilder:validation:Enum=v1;v2

const (
	TemplateEngineV1 TemplateEngineVersion = "v1"
	TemplateEngineV2 TemplateEngineVersion = "v2"
)

type TemplateFrom

type TemplateFrom struct {
	ConfigMap *TemplateRef `json:"configMap,omitempty"`
	Secret    *TemplateRef `json:"secret,omitempty"`
	// +optional
	// +optional
	// +kubebuilder:default="Data"
	Target TemplateTarget `json:"target,omitempty"`
	// +optional
	Literal *string `json:"literal,omitempty"`
}

func (*TemplateFrom) DeepCopy

func (in *TemplateFrom) DeepCopy() *TemplateFrom

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateFrom.

func (*TemplateFrom) DeepCopyInto

func (in *TemplateFrom) DeepCopyInto(out *TemplateFrom)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TemplateMergePolicy added in v0.7.3

type TemplateMergePolicy string

+kubebuilder:validation:Enum=Replace;Merge

const (
	MergePolicyReplace TemplateMergePolicy = "Replace"
	MergePolicyMerge   TemplateMergePolicy = "Merge"
)

type TemplateRef

type TemplateRef struct {
	Name  string            `json:"name"`
	Items []TemplateRefItem `json:"items"`
}

func (*TemplateRef) DeepCopy

func (in *TemplateRef) DeepCopy() *TemplateRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateRef.

func (*TemplateRef) DeepCopyInto

func (in *TemplateRef) DeepCopyInto(out *TemplateRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TemplateRefItem

type TemplateRefItem struct {
	Key string `json:"key"`
	// +kubebuilder:default="Values"
	TemplateAs TemplateScope `json:"templateAs,omitempty"`
}

func (*TemplateRefItem) DeepCopy

func (in *TemplateRefItem) DeepCopy() *TemplateRefItem

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateRefItem.

func (*TemplateRefItem) DeepCopyInto

func (in *TemplateRefItem) DeepCopyInto(out *TemplateRefItem)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TemplateScope added in v0.7.1

type TemplateScope string

+kubebuilder:validation:Enum=Values;KeysAndValues

const (
	TemplateScopeValues        TemplateScope = "Values"
	TemplateScopeKeysAndValues TemplateScope = "KeysAndValues"
)

type TemplateTarget added in v0.7.1

type TemplateTarget string

+kubebuilder:validation:Enum=Data;Annotations;Labels

const (
	TemplateTargetData        TemplateTarget = "Data"
	TemplateTargetAnnotations TemplateTarget = "Annotations"
	TemplateTargetLabels      TemplateTarget = "Labels"
)

type TokenAuth

type TokenAuth struct {
	BearerToken esmeta.SecretKeySelector `json:"bearerToken,omitempty"`
}

func (*TokenAuth) DeepCopy

func (in *TokenAuth) DeepCopy() *TokenAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenAuth.

func (*TokenAuth) DeepCopyInto

func (in *TokenAuth) DeepCopyInto(out *TokenAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type UniversalAuthCredentials added in v0.9.20

type UniversalAuthCredentials struct {
	// +kubebuilder:validation:Required
	ClientID esmeta.SecretKeySelector `json:"clientId"`
	// +kubebuilder:validation:Required
	ClientSecret esmeta.SecretKeySelector `json:"clientSecret"`
}

func (*UniversalAuthCredentials) DeepCopy added in v0.9.20

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UniversalAuthCredentials.

func (*UniversalAuthCredentials) DeepCopyInto added in v0.9.20

func (in *UniversalAuthCredentials) DeepCopyInto(out *UniversalAuthCredentials)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ValidationResult added in v0.5.2

type ValidationResult uint8
const (
	// Ready indicates that the client is configured correctly
	// and can be used.
	ValidationResultReady ValidationResult = iota

	// Unknown indicates that the client can be used
	// but information is missing and it can not be validated.
	ValidationResultUnknown

	// Error indicates that there is a misconfiguration.
	ValidationResultError
)

func (ValidationResult) String added in v0.5.2

func (v ValidationResult) String() string

type VaultAppRole

type VaultAppRole struct {
	// Path where the App Role authentication backend is mounted
	// in Vault, e.g: "approle"
	// +kubebuilder:default=approle
	Path string `json:"path"`

	// RoleID configured in the App Role authentication backend when setting
	// up the authentication backend in Vault.
	//+optional
	RoleID string `json:"roleId,omitempty"`

	// Reference to a key in a Secret that contains the App Role ID used
	// to authenticate with Vault.
	// The `key` field must be specified and denotes which entry within the Secret
	// resource is used as the app role id.
	//+optional
	RoleRef *esmeta.SecretKeySelector `json:"roleRef,omitempty"`

	// Reference to a key in a Secret that contains the App Role secret used
	// to authenticate with Vault.
	// The `key` field must be specified and denotes which entry within the Secret
	// resource is used as the app role secret.
	SecretRef esmeta.SecretKeySelector `json:"secretRef"`
}

VaultAppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.

func (*VaultAppRole) DeepCopy

func (in *VaultAppRole) DeepCopy() *VaultAppRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAppRole.

func (*VaultAppRole) DeepCopyInto

func (in *VaultAppRole) DeepCopyInto(out *VaultAppRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultAuth

type VaultAuth struct {
	// Name of the vault namespace to authenticate to. This can be different than the namespace your secret is in.
	// Namespaces is a set of features within Vault Enterprise that allows
	// Vault environments to support Secure Multi-tenancy. e.g: "ns1".
	// More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces
	// This will default to Vault.Namespace field if set, or empty otherwise
	// +optional
	Namespace *string `json:"namespace,omitempty"`

	// TokenSecretRef authenticates with Vault by presenting a token.
	// +optional
	TokenSecretRef *esmeta.SecretKeySelector `json:"tokenSecretRef,omitempty"`

	// AppRole authenticates with Vault using the App Role auth mechanism,
	// with the role and secret stored in a Kubernetes Secret resource.
	// +optional
	AppRole *VaultAppRole `json:"appRole,omitempty"`

	// Kubernetes authenticates with Vault by passing the ServiceAccount
	// token stored in the named Secret resource to the Vault server.
	// +optional
	Kubernetes *VaultKubernetesAuth `json:"kubernetes,omitempty"`

	// Ldap authenticates with Vault by passing username/password pair using
	// the LDAP authentication method
	// +optional
	Ldap *VaultLdapAuth `json:"ldap,omitempty"`

	// Jwt authenticates with Vault by passing role and JWT token using the
	// JWT/OIDC authentication method
	// +optional
	Jwt *VaultJwtAuth `json:"jwt,omitempty"`

	// Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate
	// Cert authentication method
	// +optional
	Cert *VaultCertAuth `json:"cert,omitempty"`

	// Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials
	// AWS IAM authentication method
	// +optional
	Iam *VaultIamAuth `json:"iam,omitempty"`

	// UserPass authenticates with Vault by passing username/password pair
	// +optional
	UserPass *VaultUserPassAuth `json:"userPass,omitempty"`
}

VaultAuth is the configuration used to authenticate with a Vault server. Only one of `tokenSecretRef`, `appRole`, `kubernetes`, `ldap`, `userPass`, `jwt` or `cert` can be specified. A namespace to authenticate against can optionally be specified.

func (*VaultAuth) DeepCopy

func (in *VaultAuth) DeepCopy() *VaultAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAuth.

func (*VaultAuth) DeepCopyInto

func (in *VaultAuth) DeepCopyInto(out *VaultAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultAwsAuth added in v0.7.3

type VaultAwsAuth struct {
	// +optional
	SecretRef *VaultAwsAuthSecretRef `json:"secretRef,omitempty"`
	// +optional
	JWTAuth *VaultAwsJWTAuth `json:"jwt,omitempty"`
}

VaultAwsAuth tells the controller how to do authentication with aws. Only one of secretRef or jwt can be specified. if none is specified the controller will try to load credentials from its own service account assuming it is IRSA enabled.

func (*VaultAwsAuth) DeepCopy added in v0.7.3

func (in *VaultAwsAuth) DeepCopy() *VaultAwsAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAwsAuth.

func (*VaultAwsAuth) DeepCopyInto added in v0.7.3

func (in *VaultAwsAuth) DeepCopyInto(out *VaultAwsAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultAwsAuthSecretRef added in v0.7.3

type VaultAwsAuthSecretRef struct {
	// The AccessKeyID is used for authentication
	AccessKeyID esmeta.SecretKeySelector `json:"accessKeyIDSecretRef,omitempty"`

	// The SecretAccessKey is used for authentication
	SecretAccessKey esmeta.SecretKeySelector `json:"secretAccessKeySecretRef,omitempty"`

	// The SessionToken used for authentication
	// This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
	// see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
	// +Optional
	SessionToken *esmeta.SecretKeySelector `json:"sessionTokenSecretRef,omitempty"`
}

VaultAWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.

func (*VaultAwsAuthSecretRef) DeepCopy added in v0.7.3

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAwsAuthSecretRef.

func (*VaultAwsAuthSecretRef) DeepCopyInto added in v0.7.3

func (in *VaultAwsAuthSecretRef) DeepCopyInto(out *VaultAwsAuthSecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultAwsJWTAuth added in v0.7.3

type VaultAwsJWTAuth struct {
	ServiceAccountRef *esmeta.ServiceAccountSelector `json:"serviceAccountRef,omitempty"`
}

Authenticate against AWS using service account tokens.

func (*VaultAwsJWTAuth) DeepCopy added in v0.7.3

func (in *VaultAwsJWTAuth) DeepCopy() *VaultAwsJWTAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAwsJWTAuth.

func (*VaultAwsJWTAuth) DeepCopyInto added in v0.7.3

func (in *VaultAwsJWTAuth) DeepCopyInto(out *VaultAwsJWTAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultCertAuth

type VaultCertAuth struct {
	// ClientCert is a certificate to authenticate using the Cert Vault
	// authentication method
	// +optional
	ClientCert esmeta.SecretKeySelector `json:"clientCert,omitempty"`

	// SecretRef to a key in a Secret resource containing client private key to
	// authenticate with Vault using the Cert authentication method
	SecretRef esmeta.SecretKeySelector `json:"secretRef,omitempty"`
}

VaultJwtAuth authenticates with Vault using the JWT/OIDC authentication method, with the role name and token stored in a Kubernetes Secret resource.

func (*VaultCertAuth) DeepCopy

func (in *VaultCertAuth) DeepCopy() *VaultCertAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertAuth.

func (*VaultCertAuth) DeepCopyInto

func (in *VaultCertAuth) DeepCopyInto(out *VaultCertAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultClientTLS added in v0.9.12

type VaultClientTLS struct {
	// CertSecretRef is a certificate added to the transport layer
	// when communicating with the Vault server.
	// If no key for the Secret is specified, external-secret will default to 'tls.crt'.
	CertSecretRef *esmeta.SecretKeySelector `json:"certSecretRef,omitempty"`

	// KeySecretRef to a key in a Secret resource containing client private key
	// added to the transport layer when communicating with the Vault server.
	// If no key for the Secret is specified, external-secret will default to 'tls.key'.
	KeySecretRef *esmeta.SecretKeySelector `json:"keySecretRef,omitempty"`
}

VaultClientTLS is the configuration used for client side related TLS communication, when the Vault server requires mutual authentication.

func (*VaultClientTLS) DeepCopy added in v0.9.12

func (in *VaultClientTLS) DeepCopy() *VaultClientTLS

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultClientTLS.

func (*VaultClientTLS) DeepCopyInto added in v0.9.12

func (in *VaultClientTLS) DeepCopyInto(out *VaultClientTLS)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultIamAuth added in v0.7.3

type VaultIamAuth struct {

	// Path where the AWS auth method is enabled in Vault, e.g: "aws"
	Path string `json:"path,omitempty"`
	// AWS region
	Region string `json:"region,omitempty"`
	// This is the AWS role to be assumed before talking to vault
	AWSIAMRole string `json:"role,omitempty"`
	// Vault Role. In vault, a role describes an identity with a set of permissions, groups, or policies you want to attach a user of the secrets engine
	Role string `json:"vaultRole"`
	// AWS External ID set on assumed IAM roles
	ExternalID string `json:"externalID,omitempty"`
	// X-Vault-AWS-IAM-Server-ID is an additional header used by Vault IAM auth method to mitigate against different types of replay attacks. More details here: https://developer.hashicorp.com/vault/docs/auth/aws
	VaultAWSIAMServerID string `json:"vaultAwsIamServerID,omitempty"`
	// Specify credentials in a Secret object
	// +optional
	SecretRef *VaultAwsAuthSecretRef `json:"secretRef,omitempty"`
	// Specify a service account with IRSA enabled
	// +optional
	JWTAuth *VaultAwsJWTAuth `json:"jwt,omitempty"`
}

VaultIamAuth authenticates with Vault using the Vault's AWS IAM authentication method. Refer: https://developer.hashicorp.com/vault/docs/auth/aws

func (*VaultIamAuth) DeepCopy added in v0.7.3

func (in *VaultIamAuth) DeepCopy() *VaultIamAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultIamAuth.

func (*VaultIamAuth) DeepCopyInto added in v0.7.3

func (in *VaultIamAuth) DeepCopyInto(out *VaultIamAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultJwtAuth

type VaultJwtAuth struct {
	// Path where the JWT authentication backend is mounted
	// in Vault, e.g: "jwt"
	// +kubebuilder:default=jwt
	Path string `json:"path"`

	// Role is a JWT role to authenticate using the JWT/OIDC Vault
	// authentication method
	// +optional
	Role string `json:"role,omitempty"`

	// Optional SecretRef that refers to a key in a Secret resource containing JWT token to
	// authenticate with Vault using the JWT/OIDC authentication method.
	// +optional
	SecretRef *esmeta.SecretKeySelector `json:"secretRef,omitempty"`

	// Optional ServiceAccountToken specifies the Kubernetes service account for which to request
	// a token for with the `TokenRequest` API.
	// +optional
	KubernetesServiceAccountToken *VaultKubernetesServiceAccountTokenAuth `json:"kubernetesServiceAccountToken,omitempty"`
}

VaultJwtAuth authenticates with Vault using the JWT/OIDC authentication method, with the role name and a token stored in a Kubernetes Secret resource or a Kubernetes service account token retrieved via `TokenRequest`.

func (*VaultJwtAuth) DeepCopy

func (in *VaultJwtAuth) DeepCopy() *VaultJwtAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultJwtAuth.

func (*VaultJwtAuth) DeepCopyInto

func (in *VaultJwtAuth) DeepCopyInto(out *VaultJwtAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultKVStoreVersion

type VaultKVStoreVersion string
const (
	VaultKVStoreV1 VaultKVStoreVersion = "v1"
	VaultKVStoreV2 VaultKVStoreVersion = "v2"
)

type VaultKubernetesAuth

type VaultKubernetesAuth struct {
	// Path where the Kubernetes authentication backend is mounted in Vault, e.g:
	// "kubernetes"
	// +kubebuilder:default=kubernetes
	Path string `json:"mountPath"`

	// Optional service account field containing the name of a kubernetes ServiceAccount.
	// If the service account is specified, the service account secret token JWT will be used
	// for authenticating with Vault. If the service account selector is not supplied,
	// the secretRef will be used instead.
	// +optional
	ServiceAccountRef *esmeta.ServiceAccountSelector `json:"serviceAccountRef,omitempty"`

	// Optional secret field containing a Kubernetes ServiceAccount JWT used
	// for authenticating with Vault. If a name is specified without a key,
	// `token` is the default. If one is not specified, the one bound to
	// the controller will be used.
	// +optional
	SecretRef *esmeta.SecretKeySelector `json:"secretRef,omitempty"`

	// A required field containing the Vault Role to assume. A Role binds a
	// Kubernetes ServiceAccount with a set of Vault policies.
	Role string `json:"role"`
}

Authenticate against Vault using a Kubernetes ServiceAccount token stored in a Secret.

func (*VaultKubernetesAuth) DeepCopy

func (in *VaultKubernetesAuth) DeepCopy() *VaultKubernetesAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKubernetesAuth.

func (*VaultKubernetesAuth) DeepCopyInto

func (in *VaultKubernetesAuth) DeepCopyInto(out *VaultKubernetesAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultKubernetesServiceAccountTokenAuth

type VaultKubernetesServiceAccountTokenAuth struct {
	// Service account field containing the name of a kubernetes ServiceAccount.
	ServiceAccountRef esmeta.ServiceAccountSelector `json:"serviceAccountRef"`

	// Optional audiences field that will be used to request a temporary Kubernetes service
	// account token for the service account referenced by `serviceAccountRef`.
	// Defaults to a single audience `vault` it not specified.
	// Deprecated: use serviceAccountRef.Audiences instead
	// +optional
	Audiences *[]string `json:"audiences,omitempty"`

	// Optional expiration time in seconds that will be used to request a temporary
	// Kubernetes service account token for the service account referenced by
	// `serviceAccountRef`.
	// Deprecated: this will be removed in the future.
	// Defaults to 10 minutes.
	// +optional
	ExpirationSeconds *int64 `json:"expirationSeconds,omitempty"`
}

VaultKubernetesServiceAccountTokenAuth authenticates with Vault using a temporary Kubernetes service account token retrieved by the `TokenRequest` API.

func (*VaultKubernetesServiceAccountTokenAuth) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKubernetesServiceAccountTokenAuth.

func (*VaultKubernetesServiceAccountTokenAuth) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultLdapAuth

type VaultLdapAuth struct {
	// Path where the LDAP authentication backend is mounted
	// in Vault, e.g: "ldap"
	// +kubebuilder:default=ldap
	Path string `json:"path"`

	// Username is a LDAP user name used to authenticate using the LDAP Vault
	// authentication method
	Username string `json:"username"`

	// SecretRef to a key in a Secret resource containing password for the LDAP
	// user used to authenticate with Vault using the LDAP authentication
	// method
	SecretRef esmeta.SecretKeySelector `json:"secretRef,omitempty"`
}

VaultLdapAuth authenticates with Vault using the LDAP authentication method, with the username and password stored in a Kubernetes Secret resource.

func (*VaultLdapAuth) DeepCopy

func (in *VaultLdapAuth) DeepCopy() *VaultLdapAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultLdapAuth.

func (*VaultLdapAuth) DeepCopyInto

func (in *VaultLdapAuth) DeepCopyInto(out *VaultLdapAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultProvider

type VaultProvider struct {
	// Auth configures how secret-manager authenticates with the Vault server.
	Auth VaultAuth `json:"auth"`

	// Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".
	Server string `json:"server"`

	// Path is the mount path of the Vault KV backend endpoint, e.g:
	// "secret". The v2 KV secret engine version specific "/data" path suffix
	// for fetching secrets from Vault is optional and will be appended
	// if not present in specified path.
	// +optional
	Path *string `json:"path,omitempty"`

	// Version is the Vault KV secret engine version. This can be either "v1" or
	// "v2". Version defaults to "v2".
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum="v1";"v2"
	// +kubebuilder:default:="v2"
	Version VaultKVStoreVersion `json:"version"`

	// Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows
	// Vault environments to support Secure Multi-tenancy. e.g: "ns1".
	// More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces
	// +optional
	Namespace *string `json:"namespace,omitempty"`

	// PEM encoded CA bundle used to validate Vault server certificate. Only used
	// if the Server URL is using HTTPS protocol. This parameter is ignored for
	// plain HTTP protocol connection. If not set the system root certificates
	// are used to validate the TLS connection.
	// +optional
	CABundle []byte `json:"caBundle,omitempty"`

	// The configuration used for client side related TLS communication, when the Vault server
	// requires mutual authentication. Only used if the Server URL is using HTTPS protocol.
	// This parameter is ignored for plain HTTP protocol connection.
	// It's worth noting this configuration is different from the "TLS certificates auth method",
	// which is available under the `auth.cert` section.
	// +optional
	ClientTLS VaultClientTLS `json:"tls,omitempty"`

	// The provider for the CA bundle to use to validate Vault server certificate.
	// +optional
	CAProvider *CAProvider `json:"caProvider,omitempty"`

	// ReadYourWrites ensures isolated read-after-write semantics by
	// providing discovered cluster replication states in each request.
	// More information about eventual consistency in Vault can be found here
	// https://www.vaultproject.io/docs/enterprise/consistency
	// +optional
	ReadYourWrites bool `json:"readYourWrites,omitempty"`

	// ForwardInconsistent tells Vault to forward read-after-write requests to the Vault
	// leader instead of simply retrying within a loop. This can increase performance if
	// the option is enabled serverside.
	// https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
	// +optional
	ForwardInconsistent bool `json:"forwardInconsistent,omitempty"`
}

Configures an store to sync secrets using a HashiCorp Vault KV backend.

func (*VaultProvider) DeepCopy

func (in *VaultProvider) DeepCopy() *VaultProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultProvider.

func (*VaultProvider) DeepCopyInto

func (in *VaultProvider) DeepCopyInto(out *VaultProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultUserPassAuth added in v0.9.2

type VaultUserPassAuth struct {
	// Path where the UserPassword authentication backend is mounted
	// in Vault, e.g: "user"
	// +kubebuilder:default=user
	Path string `json:"path"`

	// Username is a user name used to authenticate using the UserPass Vault
	// authentication method
	Username string `json:"username"`

	// SecretRef to a key in a Secret resource containing password for the
	// user used to authenticate with Vault using the UserPass authentication
	// method
	SecretRef esmeta.SecretKeySelector `json:"secretRef,omitempty"`
}

VaultUserPassAuth authenticates with Vault using UserPass authentication method, with the username and password stored in a Kubernetes Secret resource.

func (*VaultUserPassAuth) DeepCopy added in v0.9.2

func (in *VaultUserPassAuth) DeepCopy() *VaultUserPassAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultUserPassAuth.

func (*VaultUserPassAuth) DeepCopyInto added in v0.9.2

func (in *VaultUserPassAuth) DeepCopyInto(out *VaultUserPassAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WebhookCAProvider

type WebhookCAProvider struct {
	// The type of provider to use such as "Secret", or "ConfigMap".
	// +kubebuilder:validation:Enum="Secret";"ConfigMap"
	Type WebhookCAProviderType `json:"type"`

	// The name of the object located at the provider type.
	Name string `json:"name"`

	// The key the value inside of the provider type to use, only used with "Secret" type
	// +kubebuilder:validation:Optional
	Key string `json:"key,omitempty"`

	// The namespace the Provider type is in.
	// +optional
	Namespace *string `json:"namespace,omitempty"`
}

Defines a location to fetch the cert for the webhook provider from.

func (*WebhookCAProvider) DeepCopy

func (in *WebhookCAProvider) DeepCopy() *WebhookCAProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookCAProvider.

func (*WebhookCAProvider) DeepCopyInto

func (in *WebhookCAProvider) DeepCopyInto(out *WebhookCAProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WebhookCAProviderType

type WebhookCAProviderType string
const (
	WebhookCAProviderTypeSecret    WebhookCAProviderType = "Secret"
	WebhookCAProviderTypeConfigMap WebhookCAProviderType = "ConfigMap"
)

type WebhookProvider

type WebhookProvider struct {
	// Webhook Method
	// +optional, default GET
	Method string `json:"method,omitempty"`

	// Webhook url to call
	URL string `json:"url"`

	// Headers
	// +optional
	Headers map[string]string `json:"headers,omitempty"`

	// Body
	// +optional
	Body string `json:"body,omitempty"`

	// Timeout
	// +optional
	Timeout *metav1.Duration `json:"timeout,omitempty"`

	// Result formatting
	Result WebhookResult `json:"result"`

	// Secrets to fill in templates
	// These secrets will be passed to the templating function as key value pairs under the given name
	// +optional
	Secrets []WebhookSecret `json:"secrets,omitempty"`

	// PEM encoded CA bundle used to validate webhook server certificate. Only used
	// if the Server URL is using HTTPS protocol. This parameter is ignored for
	// plain HTTP protocol connection. If not set the system root certificates
	// are used to validate the TLS connection.
	// +optional
	CABundle []byte `json:"caBundle,omitempty"`

	// The provider for the CA bundle to use to validate webhook server certificate.
	// +optional
	CAProvider *WebhookCAProvider `json:"caProvider,omitempty"`
}

AkeylessProvider Configures an store to sync secrets using Akeyless KV.

func (*WebhookProvider) DeepCopy

func (in *WebhookProvider) DeepCopy() *WebhookProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookProvider.

func (*WebhookProvider) DeepCopyInto

func (in *WebhookProvider) DeepCopyInto(out *WebhookProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WebhookResult

type WebhookResult struct {
	// Json path of return value
	// +optional
	JSONPath string `json:"jsonPath,omitempty"`
}

func (*WebhookResult) DeepCopy

func (in *WebhookResult) DeepCopy() *WebhookResult

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookResult.

func (*WebhookResult) DeepCopyInto

func (in *WebhookResult) DeepCopyInto(out *WebhookResult)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WebhookSecret

type WebhookSecret struct {
	// Name of this secret in templates
	Name string `json:"name"`

	// Secret ref to fill in credentials
	SecretRef esmeta.SecretKeySelector `json:"secretRef"`
}

func (*WebhookSecret) DeepCopy

func (in *WebhookSecret) DeepCopy() *WebhookSecret

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookSecret.

func (*WebhookSecret) DeepCopyInto

func (in *WebhookSecret) DeepCopyInto(out *WebhookSecret)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type YandexCertificateManagerAuth added in v0.5.4

type YandexCertificateManagerAuth struct {
	// The authorized key used for authentication
	// +optional
	AuthorizedKey esmeta.SecretKeySelector `json:"authorizedKeySecretRef,omitempty"`
}

func (*YandexCertificateManagerAuth) DeepCopy added in v0.5.4

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YandexCertificateManagerAuth.

func (*YandexCertificateManagerAuth) DeepCopyInto added in v0.5.4

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type YandexCertificateManagerCAProvider added in v0.5.4

type YandexCertificateManagerCAProvider struct {
	Certificate esmeta.SecretKeySelector `json:"certSecretRef,omitempty"`
}

func (*YandexCertificateManagerCAProvider) DeepCopy added in v0.5.4

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YandexCertificateManagerCAProvider.

func (*YandexCertificateManagerCAProvider) DeepCopyInto added in v0.5.4

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type YandexCertificateManagerProvider added in v0.5.4

type YandexCertificateManagerProvider struct {
	// Yandex.Cloud API endpoint (e.g. 'api.cloud.yandex.net:443')
	// +optional
	APIEndpoint string `json:"apiEndpoint,omitempty"`

	// Auth defines the information necessary to authenticate against Yandex Certificate Manager
	Auth YandexCertificateManagerAuth `json:"auth"`

	// The provider for the CA bundle to use to validate Yandex.Cloud server certificate.
	// +optional
	CAProvider *YandexCertificateManagerCAProvider `json:"caProvider,omitempty"`
}

YandexCertificateManagerProvider Configures a store to sync secrets using the Yandex Certificate Manager provider.

func (*YandexCertificateManagerProvider) DeepCopy added in v0.5.4

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YandexCertificateManagerProvider.

func (*YandexCertificateManagerProvider) DeepCopyInto added in v0.5.4

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type YandexLockboxAuth

type YandexLockboxAuth struct {
	// The authorized key used for authentication
	// +optional
	AuthorizedKey esmeta.SecretKeySelector `json:"authorizedKeySecretRef,omitempty"`
}

func (*YandexLockboxAuth) DeepCopy

func (in *YandexLockboxAuth) DeepCopy() *YandexLockboxAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YandexLockboxAuth.

func (*YandexLockboxAuth) DeepCopyInto

func (in *YandexLockboxAuth) DeepCopyInto(out *YandexLockboxAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type YandexLockboxCAProvider

type YandexLockboxCAProvider struct {
	Certificate esmeta.SecretKeySelector `json:"certSecretRef,omitempty"`
}

func (*YandexLockboxCAProvider) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YandexLockboxCAProvider.

func (*YandexLockboxCAProvider) DeepCopyInto

func (in *YandexLockboxCAProvider) DeepCopyInto(out *YandexLockboxCAProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type YandexLockboxProvider

type YandexLockboxProvider struct {
	// Yandex.Cloud API endpoint (e.g. 'api.cloud.yandex.net:443')
	// +optional
	APIEndpoint string `json:"apiEndpoint,omitempty"`

	// Auth defines the information necessary to authenticate against Yandex Lockbox
	Auth YandexLockboxAuth `json:"auth"`

	// The provider for the CA bundle to use to validate Yandex.Cloud server certificate.
	// +optional
	CAProvider *YandexLockboxCAProvider `json:"caProvider,omitempty"`
}

YandexLockboxProvider Configures a store to sync secrets using the Yandex Lockbox provider.

func (*YandexLockboxProvider) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YandexLockboxProvider.

func (*YandexLockboxProvider) DeepCopyInto

func (in *YandexLockboxProvider) DeepCopyInto(out *YandexLockboxProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Directories

Path Synopsis
Code generated by counterfeiter.
Code generated by counterfeiter.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL