InfisicalPushSecret
secrets.infisical.com / v1alpha1
apiVersion: secrets.infisical.com/v1alpha1
kind: InfisicalPushSecret
metadata:
name: example
apiVersion
string
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind
string
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata
object
spec object
InfisicalPushSecretSpec defines the desired state of InfisicalPushSecret
authentication object
awsIamAuth object
identityId
string required
azureAuth object
identityId
string required
resource
string
gcpIamAuth object
identityId
string required
serviceAccountKeyFilePath
string required
gcpIdTokenAuth object
identityId
string required
kubernetesAuth object
autoCreateServiceAccountToken
boolean
Optionally automatically create a service account token for the configured service account.
If this is set to `true`, the operator will automatically create a service account token for the configured service account. This field is recommended in most cases.
identityId
string required
serviceAccountRef object required
name
string required
namespace
string required
serviceAccountTokenAudiences
[]string
The audiences to use for the service account token. This is only relevant if `autoCreateServiceAccountToken` is true.
ldapAuth object
credentialsRef object required
secretName
string required
The name of the Kubernetes Secret
secretNamespace
string required
The name space where the Kubernetes Secret is located
identityId
string required
universalAuth object
credentialsRef object required
secretName
string required
The name of the Kubernetes Secret
secretNamespace
string required
The name space where the Kubernetes Secret is located
deletionPolicy
string
destination object required
environmentSlug
string required
projectId
string
projectSlug
string
secretsPath
string required
hostAPI
string
Infisical host to pull secrets from
push object required
generators []object
destinationSecretName
string required
generatorRef object required
kind
string required
Specify the Kind of the generator resource
name
string required
secret object
secretName
string required
The name of the Kubernetes Secret
secretNamespace
string required
The name space where the Kubernetes Secret is located
template object
data
object
The template key values
includeAllSecrets
boolean
This injects all retrieved secrets into the top level of your template.
Secrets defined in the template will take precedence over the injected ones.
metadata object
Custom metadata (labels/annotations) for the managed secret.
When specified, these values are used instead of copying metadata from the InfisicalSecret CR.
annotations
object
Custom annotations to apply to the managed secret
labels
object
Custom labels to apply to the managed secret
resyncInterval
string
tls object
caRef object
Reference to secret containing CA cert
key
string required
The name of the secret property with the CA certificate value
secretName
string required
The name of the Kubernetes Secret
secretNamespace
string required
The namespace where the Kubernetes Secret is located
updatePolicy
string
status object
InfisicalPushSecretStatus defines the observed state of InfisicalPushSecret
conditions []object required
lastTransitionTime
string required
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format:
date-time
message
string required
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength:
32768
observedGeneration
integer
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format:
int64minimum:
0
reason
string required
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
pattern:
^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$minLength:
1maxLength:
1024
status
string required
status of the condition, one of True, False, Unknown.
enum:
True, False, Unknown
type
string required
type of condition in CamelCase or in foo.example.com/CamelCase.
pattern:
^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$maxLength:
316
managedSecrets
object required
managed secrets is a map where the key is the ID, and the value is the secret key (string[id], string[key] )
No matches. Try .spec.authentication for an exact path