External Secrets Operator
Integrate QNSP with External Secrets Operator.
External Secrets Operator
Integrate QNSP with External Secrets Operator.
Prerequisites
Install External Secrets Operator:
helm repo add external-secrets https://charts.external-secrets.io
helm install external-secrets external-secrets/external-secrets \
--namespace external-secrets \
--create-namespace
Configuration
ClusterSecretStore
apiVersion: external-secrets.io/v1beta1
kind: ClusterSecretStore
metadata:
name: qnsp
spec:
provider:
webhook:
url: "https://api.qnsp.cuilabs.io/vault/v1/secrets/{{ .remoteRef.key }}/value"
headers:
Authorization:
- "Bearer {{ .auth.token }}"
result:
jsonPath: "$.value"
secrets:
- name: credentials
secretRef:
name: qnsp-credentials
namespace: external-secrets
Credentials secret
apiVersion: v1
kind: Secret
metadata:
name: qnsp-credentials
namespace: external-secrets
stringData:
token: "your-access-token"
Usage
ExternalSecret
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: db-credentials
spec:
refreshInterval: 5m
secretStoreRef:
name: qnsp
kind: ClusterSecretStore
target:
name: db-credentials
data:
- secretKey: password
remoteRef:
key: "<secret_id>"
Sync status
kubectl get externalsecrets
kubectl describe externalsecret db-credentials