InfisicalDynamicSecret
secrets.infisical.com / v1alpha1
apiVersion: secrets.infisical.com/v1alpha1
kind: InfisicalDynamicSecret
metadata:
name: example
apiVersion
string
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind
string
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata
object
spec object
InfisicalDynamicSecretSpec defines the desired state of InfisicalDynamicSecret.
authentication object required
awsIamAuth object
identityId
string required
azureAuth object
identityId
string required
resource
string
gcpIamAuth object
identityId
string required
serviceAccountKeyFilePath
string required
gcpIdTokenAuth object
identityId
string required
kubernetesAuth object
autoCreateServiceAccountToken
boolean
Optionally automatically create a service account token for the configured service account.
If this is set to `true`, the operator will automatically create a service account token for the configured service account. This field is recommended in most cases.
identityId
string required
serviceAccountRef object required
name
string required
namespace
string required
serviceAccountTokenAudiences
[]string
The audiences to use for the service account token. This is only relevant if `autoCreateServiceAccountToken` is true.
ldapAuth object
credentialsRef object required
secretName
string required
The name of the Kubernetes Secret
secretNamespace
string required
The name space where the Kubernetes Secret is located
identityId
string required
universalAuth object
credentialsRef object required
secretName
string required
The name of the Kubernetes Secret
secretNamespace
string required
The name space where the Kubernetes Secret is located
dynamicSecret object required
environmentSlug
string required
projectId
string
projectSlug
string
secretName
string required
secretsPath
string required
hostAPI
string
leaseRevocationPolicy
string required
leaseTTL
string required
managedSecretReference object required
creationPolicy
string
The Kubernetes Secret creation policy.
Enum with values: 'Owner', 'Orphan'.
Owner creates the secret and sets .metadata.ownerReferences of the InfisicalSecret CRD that created it.
Orphan will not set the secret owner. This will result in the secret being orphaned and not deleted when the resource is deleted.
secretName
string required
The name of the Kubernetes Secret
secretNamespace
string required
The name space where the Kubernetes Secret is located
secretType
string
The Kubernetes Secret type (experimental feature). More info: https://kubernetes.io/docs/concepts/configuration/secret/#secret-types
template object
The template to transform the secret data
data
object
The template key values
includeAllSecrets
boolean
This injects all retrieved secrets into the top level of your template.
Secrets defined in the template will take precedence over the injected ones.
metadata object
Custom metadata (labels/annotations) for the managed secret.
When specified, these values are used instead of copying metadata from the InfisicalSecret CR.
annotations
object
Custom annotations to apply to the managed secret
labels
object
Custom labels to apply to the managed secret
tls object
caRef object
Reference to secret containing CA cert
key
string required
The name of the secret property with the CA certificate value
secretName
string required
The name of the Kubernetes Secret
secretNamespace
string required
The namespace where the Kubernetes Secret is located
status object
InfisicalDynamicSecretStatus defines the observed state of InfisicalDynamicSecret.
conditions []object required
lastTransitionTime
string required
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format:
date-time
message
string required
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength:
32768
observedGeneration
integer
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format:
int64minimum:
0
reason
string required
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
pattern:
^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$minLength:
1maxLength:
1024
status
string required
status of the condition, one of True, False, Unknown.
enum:
True, False, Unknown
type
string required
type of condition in CamelCase or in foo.example.com/CamelCase.
pattern:
^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$maxLength:
316
dynamicSecretId
string
lease object
creationTimestamp
string required
format:
date-time
expiresAt
string required
format:
date-time
id
string required
version
integer required
format:
int64
maxTTL
string
The MaxTTL can be null, if it's null, there's no max TTL and we should never have to renew.
No matches. Try .spec.authentication for an exact path