Documentation
¶
Overview ¶
Package v1alpha1 is the v1alpha1 version of the API. +kubebuilder:object:generate=true +groupName=secret-manager.itscontained.io
Index ¶
- Constants
- Variables
- type AWSAuth
- type AWSStore
- type ClusterSecretStore
- func (c *ClusterSecretStore) Copy() GenericStore
- func (in *ClusterSecretStore) DeepCopy() *ClusterSecretStore
- func (in *ClusterSecretStore) DeepCopyInto(out *ClusterSecretStore)
- func (in *ClusterSecretStore) DeepCopyObject() runtime.Object
- func (c *ClusterSecretStore) GetObjectMeta() *metav1.ObjectMeta
- func (c *ClusterSecretStore) GetSpec() *SecretStoreSpec
- func (c *ClusterSecretStore) GetTypeMeta() *metav1.TypeMeta
- func (c *ClusterSecretStore) SetSpec(spec SecretStoreSpec)
- type ClusterSecretStoreList
- type ExternalSecret
- type ExternalSecretList
- type ExternalSecretSpec
- type ExternalSecretStatus
- type GCPAuth
- type GCPStore
- type GenericStore
- type KeyReference
- type ObjectReference
- type RemoteReference
- type SecretStore
- func (c *SecretStore) Copy() GenericStore
- func (in *SecretStore) DeepCopy() *SecretStore
- func (in *SecretStore) DeepCopyInto(out *SecretStore)
- func (in *SecretStore) DeepCopyObject() runtime.Object
- func (c *SecretStore) GetObjectMeta() *metav1.ObjectMeta
- func (c *SecretStore) GetSpec() *SecretStoreSpec
- func (c *SecretStore) GetTypeMeta() *metav1.TypeMeta
- func (c *SecretStore) SetSpec(spec SecretStoreSpec)
- type SecretStoreList
- type SecretStoreSpec
- type SecretStoreStatus
- type VaultAppRole
- type VaultAuth
- type VaultKVStoreVersion
- type VaultKubernetesAuth
- type VaultStore
Constants ¶
const ( DefaultRenewalLeeway = time.Second * 30 DefaultSecretKey = "secret" DefaultVaultAppRoleAuthMountPath = "approle" DefaultVaultKubernetesAuthMountPath = "kubernetes" DefaultVaultKVEngineVersion = VaultKVStoreV2 )
const (
Version = "v1alpha1"
)
Package type metadata.
Variables ¶
var ( // SchemeGroupVersion is group version used to register these objects SchemeGroupVersion = schema.GroupVersion{Group: secretmanager.GroupName, Version: Version} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion} AddToScheme = SchemeBuilder.AddToScheme )
var ( ExtSecretKind = reflect.TypeOf(ExternalSecret{}).Name() ExtSecretGroupKind = schema.GroupKind{Group: secretmanager.GroupName, Kind: ExtSecretKind}.String() ExtSecretKindAPIVersion = ExtSecretKind + "." + SchemeGroupVersion.String() ExtSecretGroupVersionKind = SchemeGroupVersion.WithKind(ExtSecretKind) )
ExternalSecret type metadata.
var ( SecretStoreKind = reflect.TypeOf(SecretStore{}).Name() SecretStoreGroupKind = schema.GroupKind{Group: secretmanager.GroupName, Kind: SecretStoreKind}.String() SecretStoreKindAPIVersion = SecretStoreKind + "." + SchemeGroupVersion.String() SecretStoreGroupVersionKind = SchemeGroupVersion.WithKind(SecretStoreKind) )
SecretStore type metadata.
var ( ClusterSecretStoreKind = reflect.TypeOf(ClusterSecretStore{}).Name() ClusterSecretStoreGroupKind = schema.GroupKind{Group: secretmanager.GroupName, Kind: ClusterSecretStoreKind}.String() ClusterSecretStoreKindAPIVersion = ClusterSecretStoreKind + "." + SchemeGroupVersion.String() ClusterSecretStoreGroupVersionKind = SchemeGroupVersion.WithKind(ClusterSecretStoreKind) )
ClusterSecretStore type metadata.
Functions ¶
This section is empty.
Types ¶
type AWSAuth ¶
type AWSAuth struct {
// The AccessKeyID is used for authentication. If not set we fall-back to using env vars, shared credentials file
// or AWS Instance metadata
// see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
// +optional
AccessKeyID *smmeta.SecretKeySelector `json:"accessKeyID,omitempty"`
// The SecretAccessKey is used for authentication. If not set we fall-back to using env vars, shared credentials file
// or AWS Instance metadata
// see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
// +optional
SecretAccessKey *smmeta.SecretKeySelector `json:"secretAccessKey,omitempty"`
// Role is a Role ARN which the SecretManager provider will assume using either the explicit credentials
// AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials
// file or AWS Instance metadata
// +optional
Role *smmeta.SecretKeySelector `json:"role,omitempty"`
}
Configuration used to authenticate with AWS. Any of `AccessKeyID`, `SecretAccessKey` or `Role` can be specified. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata
func (*AWSAuth) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSAuth.
func (*AWSAuth) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AWSStore ¶
type AWSStore struct {
// Region configures the region to send requests to.
// +optional
Region *string `json:"region,omitempty"`
// Auth configures how secret-manager authenticates with AWS.
// +optional
AuthSecretRef *AWSAuth `json:"authSecretRef,omitempty"`
}
Configures an store to sync secrets using AWS SecretManager
func (*AWSStore) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSStore.
func (*AWSStore) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClusterSecretStore ¶
type ClusterSecretStore struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec SecretStoreSpec `json:"spec,omitempty"`
}
ClusterSecretStore is the Schema for the ClusterSecretStore API +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:subresource:status +kubebuilder:resource:scope=Cluster,categories={secretmanager},shortName=css
func (*ClusterSecretStore) Copy ¶
func (c *ClusterSecretStore) Copy() GenericStore
func (*ClusterSecretStore) DeepCopy ¶
func (in *ClusterSecretStore) DeepCopy() *ClusterSecretStore
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSecretStore.
func (*ClusterSecretStore) DeepCopyInto ¶
func (in *ClusterSecretStore) DeepCopyInto(out *ClusterSecretStore)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterSecretStore) DeepCopyObject ¶
func (in *ClusterSecretStore) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*ClusterSecretStore) GetObjectMeta ¶
func (c *ClusterSecretStore) GetObjectMeta() *metav1.ObjectMeta
func (*ClusterSecretStore) GetSpec ¶
func (c *ClusterSecretStore) GetSpec() *SecretStoreSpec
func (*ClusterSecretStore) GetTypeMeta ¶
func (c *ClusterSecretStore) GetTypeMeta() *metav1.TypeMeta
func (*ClusterSecretStore) SetSpec ¶
func (c *ClusterSecretStore) SetSpec(spec SecretStoreSpec)
type ClusterSecretStoreList ¶
type ClusterSecretStoreList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []ExternalSecret `json:"items"`
}
ClusterSecretStoreList contains a list of ClusterSecretStore
func (*ClusterSecretStoreList) DeepCopy ¶
func (in *ClusterSecretStoreList) DeepCopy() *ClusterSecretStoreList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSecretStoreList.
func (*ClusterSecretStoreList) DeepCopyInto ¶
func (in *ClusterSecretStoreList) DeepCopyInto(out *ClusterSecretStoreList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterSecretStoreList) DeepCopyObject ¶
func (in *ClusterSecretStoreList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ExternalSecret ¶
type ExternalSecret struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec ExternalSecretSpec `json:"spec,omitempty"`
Status ExternalSecretStatus `json:"status,omitempty"`
}
ExternalSecret is the Schema for the externalsecrets API +kubebuilder:printcolumn:name="LAST SYNC",type="date",JSONPath=".status.conditions[?(@.type=='Ready')].lastTransitionTime" +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:printcolumn:name="STORE",type="string",JSONPath=".spec.storeRef.name",priority=1 +kubebuilder:subresource:status +kubebuilder:resource:scope=Namespaced,categories={secretmanager},shortName=es
func (*ExternalSecret) DeepCopy ¶
func (in *ExternalSecret) DeepCopy() *ExternalSecret
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecret.
func (*ExternalSecret) DeepCopyInto ¶
func (in *ExternalSecret) DeepCopyInto(out *ExternalSecret)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ExternalSecret) DeepCopyObject ¶
func (in *ExternalSecret) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ExternalSecretList ¶
type ExternalSecretList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []ExternalSecret `json:"items"`
}
ExternalSecretList contains a list of ExternalSecret
func (*ExternalSecretList) DeepCopy ¶
func (in *ExternalSecretList) DeepCopy() *ExternalSecretList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretList.
func (*ExternalSecretList) DeepCopyInto ¶
func (in *ExternalSecretList) DeepCopyInto(out *ExternalSecretList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ExternalSecretList) DeepCopyObject ¶
func (in *ExternalSecretList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ExternalSecretSpec ¶
type ExternalSecretSpec struct {
// StoreRef is a reference to the store backend for this secret.
// If the 'kind' field is not set, or set to 'SecretStore', a SecretStore resource
// with the given name in the same namespace as the SecretStore will be used.
// If the 'kind' field is set to 'ClusterSecretStore', a ClusterSecretStore with the
// provided name will be used.
// The 'name' field in this stanza is required at all times.
StoreRef ObjectReference `json:"storeRef"`
// Template which will be deep merged into the generated secret.
// Can be used to set for example annotations or type on the generated secret.
// +kubebuilder:validation:Type=object
// +kubebuilder:validation:Format=any
// +kubebuilder:pruning:PreserveUnknownFields
// +optional
Template []byte `json:"template,omitempty"`
// Data is a list of references to secret values.
// +optional
Data []KeyReference `json:"data,omitempty"`
// DataFrom references a map of secrets to embed within the generated secret.
// +optional
DataFrom []RemoteReference `json:"dataFrom,omitempty"`
}
ExternalSecretSpec defines the desired state of ExternalSecret
func (*ExternalSecretSpec) DeepCopy ¶
func (in *ExternalSecretSpec) DeepCopy() *ExternalSecretSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretSpec.
func (*ExternalSecretSpec) DeepCopyInto ¶
func (in *ExternalSecretSpec) DeepCopyInto(out *ExternalSecretSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretStatus ¶
type ExternalSecretStatus struct {
// List of status conditions to indicate the status of ExternalSecret.
// Known condition types are `Ready`.
smmeta.ConditionedStatus `json:",inline"`
}
ExternalSecretStatus defines the observed state of ExternalSecret
func (*ExternalSecretStatus) DeepCopy ¶
func (in *ExternalSecretStatus) DeepCopy() *ExternalSecretStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretStatus.
func (*ExternalSecretStatus) DeepCopyInto ¶
func (in *ExternalSecretStatus) DeepCopyInto(out *ExternalSecretStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GCPAuth ¶ added in v0.2.0
type GCPAuth struct {
// The JSON secret key selector is used for authentication. If not set we fall-back to using
// `GOOGLE_APPLICATION_CREDENTIALS` or the default service account of the compute engine
// see: https://cloud.google.com/docs/authentication/production
// +optional
JSON *smmeta.SecretKeySelector `json:"json,omitempty"`
// The FilePath string is used for authentication using a gcp credentials json file.
// If not set we fall-back to using `GOOGLE_APPLICATION_CREDENTIALS` or the default service account of the
// compute engine see: https://cloud.google.com/docs/authentication/production
// +optional
FilePath *string `json:"filePath,omitempty"`
}
Configuration used to authenticate with GCP. Either of `JSON` or `FilePath` can be specified. If not set we fall-back to using `GOOGLE_APPLICATION_CREDENTIALS` or the default service account of the compute engine see: https://cloud.google.com/docs/authentication/production
func (*GCPAuth) DeepCopy ¶ added in v0.2.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPAuth.
func (*GCPAuth) DeepCopyInto ¶ added in v0.2.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GCPStore ¶ added in v0.2.0
type GCPStore struct {
// ProjectID is a convenience string to allow the shortening of secret paths.
// When set, the prefix projects/<ProjectID> can be removed from the name
ProjectID *string `json:"projectID,omitempty"`
// Auth configures how secret-manager authenticates with GCP Secret Manager.
// +optional
AuthSecretRef *GCPAuth `json:"authSecretRef,omitempty"`
}
Configures an store to sync secrets using GCP Secret Manager
func (*GCPStore) DeepCopy ¶ added in v0.2.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPStore.
func (*GCPStore) DeepCopyInto ¶ added in v0.2.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GenericStore ¶
type GenericStore interface {
runtime.Object
metav1.Object
GetTypeMeta() *metav1.TypeMeta
GetObjectMeta() *metav1.ObjectMeta
GetSpec() *SecretStoreSpec
}
GenericStore is a common interface for interacting with ClusterSecretStore or a namespaced SecretStore
type KeyReference ¶
type KeyReference struct {
// The key in the generated secret to place fetched secret value into.
SecretKey string `json:"secretKey"`
// RemoteRef describes the path and other parameters to access the secret for the specific SecretStore
RemoteRef RemoteReference `json:"remoteRef"`
}
func (*KeyReference) DeepCopy ¶
func (in *KeyReference) DeepCopy() *KeyReference
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyReference.
func (*KeyReference) DeepCopyInto ¶
func (in *KeyReference) DeepCopyInto(out *KeyReference)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ObjectReference ¶
type ObjectReference struct {
// Name of the resource being referred to.
Name string `json:"name"`
// Kind of the resource being referred to.
// +optional
Kind string `json:"kind,omitempty"`
// Group of the resource being referred to.
// +optional
Group string `json:"group,omitempty"`
}
ObjectReference is a reference to an object with a given name, kind and group.
func (*ObjectReference) DeepCopy ¶
func (in *ObjectReference) DeepCopy() *ObjectReference
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectReference.
func (*ObjectReference) DeepCopyInto ¶
func (in *ObjectReference) DeepCopyInto(out *ObjectReference)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RemoteReference ¶
type RemoteReference struct {
// Name of the key, path, or id in the SecretStore.
Name string `json:"name"`
// Property to extract secret value at path in the SecretStore.
// Can be omitted if not supported by SecretStore or if entire secret should
// be fetched as in dataFrom reference.
// +optional
Property *string `json:"property,omitempty"`
// Version of the secret to fetch from the SecretStore. Must be a supported parameter
// by the referenced SecretStore.
// +optional
Version *string `json:"version,omitempty"`
}
func (*RemoteReference) DeepCopy ¶
func (in *RemoteReference) DeepCopy() *RemoteReference
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RemoteReference.
func (*RemoteReference) DeepCopyInto ¶
func (in *RemoteReference) DeepCopyInto(out *RemoteReference)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretStore ¶
type SecretStore struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec SecretStoreSpec `json:"spec,omitempty"`
}
SecretStore is the Schema for the SecretStore API +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:subresource:status +kubebuilder:resource:scope=Namespaced,categories={secretmanager},shortName=ss
func (*SecretStore) Copy ¶
func (c *SecretStore) Copy() GenericStore
func (*SecretStore) DeepCopy ¶
func (in *SecretStore) DeepCopy() *SecretStore
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStore.
func (*SecretStore) DeepCopyInto ¶
func (in *SecretStore) DeepCopyInto(out *SecretStore)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*SecretStore) DeepCopyObject ¶
func (in *SecretStore) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*SecretStore) GetObjectMeta ¶
func (c *SecretStore) GetObjectMeta() *metav1.ObjectMeta
func (*SecretStore) GetSpec ¶
func (c *SecretStore) GetSpec() *SecretStoreSpec
func (*SecretStore) GetTypeMeta ¶
func (c *SecretStore) GetTypeMeta() *metav1.TypeMeta
func (*SecretStore) SetSpec ¶
func (c *SecretStore) SetSpec(spec SecretStoreSpec)
type SecretStoreList ¶
type SecretStoreList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []ExternalSecret `json:"items"`
}
SecretStoreList contains a list of SecretStore
func (*SecretStoreList) DeepCopy ¶
func (in *SecretStoreList) DeepCopy() *SecretStoreList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreList.
func (*SecretStoreList) DeepCopyInto ¶
func (in *SecretStoreList) DeepCopyInto(out *SecretStoreList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*SecretStoreList) DeepCopyObject ¶
func (in *SecretStoreList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type SecretStoreSpec ¶
type SecretStoreSpec struct {
// Vault configures this store to sync secrets using a HashiCorp Vault
// KV backend.
// +optional
Vault *VaultStore `json:"vault,omitempty"`
// AWS configures this store to sync secrets using AWS SecretManager
// +optional
AWS *AWSStore `json:"aws,omitempty"`
// GCP configures this store to sync secrets using GCP Secret Manager
// +optional
GCP *GCPStore `json:"gcp,omitempty"`
}
SecretStoreSpec defines the authentication methods used
func (*SecretStoreSpec) DeepCopy ¶
func (in *SecretStoreSpec) DeepCopy() *SecretStoreSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreSpec.
func (*SecretStoreSpec) DeepCopyInto ¶
func (in *SecretStoreSpec) DeepCopyInto(out *SecretStoreSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretStoreStatus ¶
type SecretStoreStatus struct {
// List of status conditions to indicate the status of SecretStore.
// Known condition types are `Ready`.
// +optional
Conditions smmeta.ConditionedStatus `json:",inline"`
}
func (*SecretStoreStatus) DeepCopy ¶
func (in *SecretStoreStatus) DeepCopy() *SecretStoreStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreStatus.
func (*SecretStoreStatus) DeepCopyInto ¶
func (in *SecretStoreStatus) DeepCopyInto(out *SecretStoreStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultAppRole ¶
type VaultAppRole struct {
// Path where the App Role authentication backend is mounted in Vault, e.g:
// "approle"
// +kubebuilder:default=approle
Path string `json:"path"`
// RoleID configured in the App Role authentication backend when setting
// up the authentication backend in Vault.
RoleID string `json:"roleId"`
// Reference to a key in a Secret that contains the App Role secret used
// to authenticate with Vault.
// The `key` field must be specified and denotes which entry within the Secret
// resource is used as the app role secret.
SecretRef smmeta.SecretKeySelector `json:"secretRef"`
}
VaultAppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.
func (*VaultAppRole) DeepCopy ¶
func (in *VaultAppRole) DeepCopy() *VaultAppRole
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAppRole.
func (*VaultAppRole) DeepCopyInto ¶
func (in *VaultAppRole) DeepCopyInto(out *VaultAppRole)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultAuth ¶
type VaultAuth struct {
// TokenSecretRef authenticates with Vault by presenting a token.
// +optional
TokenSecretRef *smmeta.SecretKeySelector `json:"tokenSecretRef,omitempty"`
// AppRole authenticates with Vault using the App Role auth mechanism,
// with the role and secret stored in a Kubernetes Secret resource.
// +optional
AppRole *VaultAppRole `json:"appRole,omitempty"`
// Kubernetes authenticates with Vault by passing the ServiceAccount
// token stored in the named Secret resource to the Vault server.
// +optional
Kubernetes *VaultKubernetesAuth `json:"kubernetes,omitempty"`
}
Configuration used to authenticate with a Vault server. Only one of `tokenSecretRef`, `appRole` or `kubernetes` may be specified.
func (*VaultAuth) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAuth.
func (*VaultAuth) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultKVStoreVersion ¶
type VaultKVStoreVersion string
const ( VaultKVStoreV1 VaultKVStoreVersion = "v1" VaultKVStoreV2 VaultKVStoreVersion = "v2" )
type VaultKubernetesAuth ¶
type VaultKubernetesAuth struct {
// Path where the Kubernetes authentication backend is mounted in Vault, e.g:
// "kubernetes"
// +kubebuilder:default=kubernetes
Path string `json:"mountPath"`
// Optional secret field containing a Kubernetes ServiceAccount JWT used
// for authenticating with Vault. If a name is specified without a key,
// `token` is the default. If one is not specified, the one bound to
// the controller will be used.
// +optional
SecretRef *smmeta.SecretKeySelector `json:"secretRef,omitempty"`
// A required field containing the Vault Role to assume. A Role binds a
// Kubernetes ServiceAccount with a set of Vault policies.
Role string `json:"role"`
}
Authenticate against Vault using a Kubernetes ServiceAccount token stored in a Secret.
func (*VaultKubernetesAuth) DeepCopy ¶
func (in *VaultKubernetesAuth) DeepCopy() *VaultKubernetesAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKubernetesAuth.
func (*VaultKubernetesAuth) DeepCopyInto ¶
func (in *VaultKubernetesAuth) DeepCopyInto(out *VaultKubernetesAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultStore ¶
type VaultStore struct {
// Auth configures how secret-manager authenticates with the Vault server.
Auth VaultAuth `json:"auth"`
// Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".
Server string `json:"server"`
// Path is the mount path of the Vault KV backend endpoint, e.g:
// "secret". The v2 KV secret engine version specific "/data" path suffix
// for fetching secrets from Vault is optional and will be appended
// if not present in specified path.
Path string `json:"path"`
// Version is the Vault KV secret engine version. This can be either "v1" or
// "v2". Version defaults to "v2".
// +optional
Version *VaultKVStoreVersion `json:"version,omitempty"`
// Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1"
// More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces
// +optional
Namespace *string `json:"namespace,omitempty"`
// PEM encoded CA bundle used to validate Vault server certificate. Only used
// if the Server URL is using HTTPS protocol. This parameter is ignored for
// plain HTTP protocol connection. If not set the system root certificates
// are used to validate the TLS connection.
// +optional
CABundle []byte `json:"caBundle,omitempty"`
}
Configures an store to sync secrets using a HashiCorp Vault KV backend.
func (*VaultStore) DeepCopy ¶
func (in *VaultStore) DeepCopy() *VaultStore
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultStore.
func (*VaultStore) DeepCopyInto ¶
func (in *VaultStore) DeepCopyInto(out *VaultStore)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files